I have 2 AWS accounts. Let's say in the Prod account I run a public RDS instance (deployed to a public subnet, with an assigned public IP address).
Now, I would like to access my RDS instance from another AWS account, let's call it Dev account. However, whenever I do a DNS lookup, it resolves to the private IP address of RDS, and since the VPCs (in Prod and Dev accounts) are not peered, I get a connection timeout.
Is there a way I can configure Route53 Resolver to use public NS servers to resolve the RDS's public IP address, and not use the "shortcut"?
I have tried to add a Route53 Resolver rule (in Dev account) with the RDS instance's domain name, set the rule type to System, and associated it with the VPC, from which I connect to RDS (Dev account). However, it still resolves to the private IP address of RDS.
Any thoughts?
I have created a VPC and within I created a Subnet and a Internet Gateway (attached to the VPC). In that subnet, I created a Route Table in which I set route 0.0.0.0/0 to target the Internet Gateway.
After that I launched an EC2 instance in my subnet but it has no public IP so I can't connect to it using RDP.
I tried to enable 'DNS hostnames' and 'DNS resolution' but it didn't add a public IP to my instance (even after restarting it). In my subnet, I enabled 'Auto-assign IPv4' but still no public IP.
Any clue what I'm missing here please?
Your instances won't automatically get public IPs attached to their ENIs after you enable 'Auto-assign IPv4' in your subnet. One possible solution without spinning up a new EC2 is to attach an Elastic IP (as #Oleksii Donoha suggested in the comment) to this instance. You can follow the aws docs to allocate an Elastic IP address and then associate it with your running instance.
Side note: It's not possible to attach an ephemeral ip to an already-created ENI or EC2 instance. See discussions here.
Though your instance sits in public subnet, you have to make sure that 'Auto-assign Public IP' is either set to 'Enable' or 'Use subnet setting (Enable)'on Configure Instance Details page. Sometimes folks forget to check/reverify this setting while creating EC2 instances.
I set up a non-default VPC using the "Create VPC" rather than the "Create VPC Wizard" command button on the VPC service's home page in the AWS Management Console - that's because I will eventually automate the process using CloudFormation. I set up an Internet Gateway for the Public subnet and a NAT gateway to serve the private subnet. Then I created an Amazon Linux instance for each subnet.
I was able to ping www.columbia.edu on the Public subnet but my "sudo yum update" command within the instance on the Private subnet - the execution of that command returned a message that the repo couldn't be found.
What went wrong?
The Internet Gateway was not the problem. It was attached to the correct VPC and its status was { State: attached, Attachment state: available } By default, the Internet Gateway will point to the Public subnet of the VPC at the time the Internet Gateway is created.
The Custom Route Table for the Public subnet aka { Main: No } includes in the "Routes" tab as its last line the default route 0.0.0.0/0 igw-**** where igw-**** is the ID of the Internet Gateway. In the "Subnet Associations" tab, the Public subnet is explicitly associated with the Custom Route Table.
At this point, verification by pinging www.columbia.edu from the instance on the Public subnet should be successful.
The NAT Gateway needs to point to the correct VPC, you need to assign it an EIP (Elastic IP address), and you need to specify needs its location as the Public subnet at the time of creation. If you misconfigured the NAT gateway, you may have no choice but to delete the misconfigured NAT Gateway, create a new NAT Gateway with the correct configuration and restart your public and instances so that your instances can call on the right NAT Gateway.
The Main Route Table { Main: yes } includes in the "Routes" tab as its last line the default route 0.0.0.0/0 nat-**** where nat-**** is the ID of the NAT Gateway. One more time: the private IP address of the NAT Gateway must be one of the private addresses of the Public subnet.
At this point, running "sudo yum update" on the instance on the private subnet - that command should be successful.
If you are adding more public subnets, make sure to associate each newly added public subnet with the Internet Gateway - I think the Internet Gateway automatically does that but it doesn't hurt to verify.
If you are adding more private subnets, make sure to assign a brand new NAT Gateway to each newly added private subnet. Remember, if the AZ (Availability Zone) goes down, so does the NAT Gateway that serves the AZ.
I have an VPC instance created on AWS. But it doesn't have a public DNS value as opposed to my other instance which is a straight EC2 instance.
eg ec2-45-55-79-ap-southeast-1.compute.amazonaws.com
Is there a way to assign a "Public DNS" value like the one above for my VPC instance?
Cheers to anyone who knows!!
The default public DNS name is assigned based on your VPC configuration. Make sure that the following settings are set in the VPC console (https://console.aws.amazon.com/vpc/):
DNS resolution and DNS hostnames attributes are set to True in your VPC
You have the DHCP options set with default provider AmazonProviderDNS. Something like:
domain-name = ap-southeast-1.compute.internal
domain-name-servers = AmazonProvidedDNS
More details for DHCP Options Set configuration: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html
You need to make sure that the instance is launched into a public subnet, and then you can assign an elastic IP.
A guy I work with gave me the EC2 credentials to log onto his EC2 console. I was not the one who set it up. Some of the instances show a public dns name and others have a blank public DNS. I want to be able to connect to the instances that have a blank public DNS. I have not been able to figure out why these show up as blank.
I had the same problem an solved it. Have a look at the step-by-step instructions:
Go to console.aws.amazon.com
Go To Services -> VPC
Open Your VPCs
select your VPC connected to your EC2 and
select Actions => Edit DNS Hostnames
---> Change DNS hostnames: to YES
There is a actually a setting in the VPC called "DNS Hostnames". You can modify the VPC in which the EC2 instance exists, and change this to "Yes". That should do the trick.
I ran into this issue yesterday and tried the above answer from Manny, which did not work. The VPC setting, however, did work for me.
Ultimately I added an EIP and I use that to connect.
Sounds like the instance was launched in VPC and while doing so, the check-box for Automatically assign a public IP address to your instances was not checked. Hence the instance does not have a public IP
You can assign an Elastic IP to this instance and then log in using that IP.
In my case I found the answer from slayedbylucifer and others that point to the same are valid.
Even it is set that DNS hostname: yes, no Public IP is assigned on my-pvc (only Privat IP).
It is definitely that Auto assign Public IP has to be set Enable.
If it is not selected, then by default it sets to Use subnet setting (Disable)
This is the tip provided to resolve the issue which does not work:
Tip - If your instance doesn't have a public DNS name, open the VPC console, select the VPC, and check the Summary tab. If either DNS resolution or DNS hostnames is no, click Edit and change the value to yes.
Assuming you have done this and you are still not getting a Public IP then go over to the subnet in question in the VPC admin screen and you will probably discover "Auto-Assign Public IP" is not set to yes. Modify that setting then, and I know you don't want to here this, create a new instance in that subnet. As far as I can tell you cannot modify this on the host, I tried and tried, just terminate it.
Go to AWS Console.
Go to Services and select VPC
Click on vpc.
select the instance and click on Action.
Select Edit DNS Host name click on yes.
At the end you will get your Public dns.
For me problem was in subnet settings.
Open https://console.aws.amazon.com/vpc
Go to subnets in left menu
Choose your subnet
Modify auto-assigning IP settings to enable
It is related to the VPC's feature called "DNS Hostnames". You can enable or disable it. Go to the VPC, under the Actions menu select the "Edit DNS Hostnames" item and then choose "Yes". After doing so, the public DNS of the EC2 instances should be displayed.
Here I will summarize the most common issues that occur:
When you create a custom VPC, if you want aws resources such as ec2 instances to acquire public IP addresses so that the internet can communicate with them, then you first must ensure that the ec2 instance is associated with a public subnet of the custom VPC. This means that subnet has an internet gateway associated with it. Also, you need to ensure that the security group of the VPC associated with ec2 instance has rules allowing inbound traffic to the desired ports, such as ssh, http and https. BUT here are some common oversights that still occur:
1) You must ensure that DNS hostnames is enabled for the VPC
2) You must ensure the public subnet linked to the EC2 instance has its 'auto-assignment of public ip' flag enabled
3) If the instance is already created, then you might need to terminate it and create a new instance for the public IP and public DNS fields to be populated.
Just launch another instance (and also delete the one in question if it has no use) and make sure this time you check "Autoatically assign a public IP address to your instance". If not then as slayedbylucifer suggested; assign an Elastic IP (EIP) to the instance and then log in using that IP. Be careful though, if you are running the free AWS tier, an EIP will cost you money-- that's a whole 'nother topic..
First of all, there can be two reasons for this:
You have created your own VPC and forgot to enable Public DNS.
To solve this :
i) Go to AWS VPC console and select the VPC you have created.
ii) Then click on Actions and then enable DNS Resolution.
OR
You have not enabled public ip-assign option in EC2 configuration.
Here you cannot change the setting; so create an ami image and then recreate the instance from that.
After verifying VPC and Subnet settings, my EC2 instance still didn't have a public DNS. After a day of searching for a resolution, I finally figured it out.
I had to create a new Elastic IP address, then associate it to my instance.
From the EC2 Dashboard:
Go to Elastic IPs from the sidebar.
Click Allocate new address, then Allocate.
Go back to the EC2 Dashboard. Go to Network Interfaces.
Select the EC2 instance without a public DNS. Then Actions - Associate Address.
The Address field, select the new elastic IP address.
The Associate to private IP address field, select the private IP address with no public DNS.
Click Associate Address.
Your EC2 instance should now have a public DNS.
Go to VPC
Select your VPC
Click actions and choose Edit DNS hostnames
Tick Enable for DNS Hostnames
Click save changes
The problem is that the DNS Host name in your VPC is dropped. You can easily enable it like this:
Go to your instance in the console, then click your VPC ID.
In your VPC, select the Edit DNS Host names option
Set it to enabled and save your changes.
Now, in your EC2 instance window you can find the DNS:
The change to the DNS Hostnames setting can also be done using the AWS CLI:
aws ec2 modify-vpc-attribute --vpc-id $vpc_id --enable-dns-hostnames '{"Value": true}'
(Where $vpc_id is the ID of the VPC that your instance is attached to.)
As soon as the VPC is updated the instance will gain a public DNS.
For those using CloudFormation, the key properties are EnableDnsSupport and EnableDnsHostnames which should be set to true
VPC: {
Type: 'AWS::EC2::VPC',
Properties: {
CidrBlock: '10.0.0.0/16',
EnableDnsSupport: true,
EnableDnsHostnames: true,
InstanceTenancy: 'default',
Tags: [
{
Key: 'env',
Value: 'dev'
}]
}
}
If the instance is in VPC, make sure both "DNS resolution" and "DNS hostnames" is set to "yes". You can do this in the Aws console UI. HTH!
Go to VPC console, select your VPC, and click ACTIONS menu, select Edit DNS Hostnames - select Yes. That should fix it.
I tried to fix the 'no public DNS'
once the EC2 was up and running, I couldnt add a public DNS
this is even after following the above steps making mods to the VPC or the Subnet
so, I had to make modifications to the subnet and the vpc, before starting another instance, and THEN start up a new instance.
the new instance had a public DNS. That is how it worked for me.
For those who are using Terraform.
To enable the DNS hostnames, use the following line in your VPC like this:
resource "aws_vpc" "app_vpc"
{
enable_dns_hostnames = true # Add this line
cidr_block = var.vpc_cidr
tags = { Name = "mostafa_vpc" }
}
You don't have to assign public ip address to your instance.
you can use NAT instances or NAT Gateway.
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html
For the public IP / DNS first, you must have a running EC2 Service ( That can be Instance / Docker / Lightsail. for any of the services you will have two different IPs ( Private & Public ) also the security group available under the security Tab once you selected actively Instance.
STEP-1:
You can enable according to the port Usage like if you wanted to host a website using HTTP & HTTPS Ports
EC2->Security Group -> Edit Inbound Rules -> Added or Remove required ports.
like 80,443,22 etc and traffic source for the port ( if you want to make the port open for all select anywhere or if you want to open the application for the selected IPs- Enter IPV4/IPV6 manually.
once you are done with the above configuration, Create Elastic IP and attached it to your Running EC2 instance. Once you attached the IP with the instance your Public IP will be the Elastic IP
STEP-2:
AWS offers you one more service called Route53. Here you can create Hosted Zones and enter the domain name without www after creation, you will get the Name Server value for the hosted zone.
for more info about Route53 https://aws.amazon.com/route53/