I have a node.js application running on an Amazon Elastic Beanstalk (EB) environment
in my app code I create an instance of memcached (my elastic cache) like this:
var Memcached = require('memcached');
var memcached = new Memcached('my-elastic-cache-configuration-endpoint:11211');
In creating my ElastiCache cluster I used the security group of the EC2 instance running my EB app.
And in that security group I have allowed inbound access on port 11211 as described here:
Amazon ElastiCache Step 3: Authorize Access
However my memcached ElastiCache is still not accessible from my app.
I have tested it locally to make sure the code is alright etc. and everything checks out.
Does anyone know what I may be missing?
Related
So I have a website that was still being served even though I did not have an EC2 instance running on the us-east-1 dashboard.
I did have a load balancer running. When I terminated the load balancer the website is no longer being served.
My question is this...
Even though I had a load balancer there were no EC2 instances running. Where is the website being loaded from?
Doesn't an EC2 instance need to be running?
Not really, first of all, check if you have an Instance running in a different AWS region. If not, your site could be running in multiple other AWS Services like ECS, EKS or could be deployed Serverless (if the website is a Single Page Application: react, angular, vue).
So to answer your question: No, you don't need an EC2 instance running on AWS to host a website. And load balancers can be deployed in front of many other services that are not running on EC2.
I have 7 Spring microservices with Eureka Server which I would like to deploy into AWS Elastic Beanstalk. Every time when I redeploy microservice I see that the url address is changed. Is it possible to use internal static IP for every AWS service?
I was also facing this problem with managing EB instances remotely, I have fixed this in two ways:
For myself I use eb ssh from EB CLI to remotely access instances. As the CLI gives you an option to select which instance you want to connect to if there are more than one. If your microservices are in a private subnet you need a bastion to connect to your instances remotely.
using AWS System manager / Session Manager
You can install a System manager agent on your elastic beanstalk environment using ebextensions. Using Systems managers; Session manager you can start a session towards your microservice and all your commands will be logged towards S3 (can be usefull for change management / complaincy)
As I want straight to these two options; I never fixed the issue where private IP's changed.
Basically, I'm follow these two guides:
Deploying Hasura on AWS with Fargate, RDS and Terraform
Deploying Containers on Amazon’s ECS using Fargate and Terraform: Part 2
I have:
Postgres RDS Database deployed in 'Multi-AZ'
My python/flask app deployed in Fargate across multiple AZ's
I run a migration inside the task definition before the app
ALB Load balancing between the tasks
Logging for RDS, ECS and ALB into Cloudwatch Logs.
A NAT gateway with an Elastic IP for each private subnet to get internet connectivity
A new route table for the private subnets
NO certificates
I use terraform 0.12 for the deploy.
The repository is on ECR
But...
My app can't connect to the RDS database:
sqlalchemy.exc.OperationalError
(psycopg2.OperationalError): FATAL: password authentication failed for user "postgres"
These are the logs on pastebin-logs
I've already tried changing the password to a very simple one, before deploy, on the console directly, opening ports, turning access public, changing private to public subnet, etcetera, etcetera...
Please, I have a week with this error!!!
UPDATE
I inject the database credentials in this way:
pastebin-terraform
I cannot comment, but I mean this as a comment.
What does the security group egress look like on your ECS service that runs the task? You need to make sure it can talk to the RDS, usually on port 5432.
I have a spring boot application that is deployed to AWS Elastic Beanstalk and a Mongo database the is deployed on an EC2 instance.
I created two security groups: one for the EC2 instance and another one for Elastic Beanstalk to open the connection to each other.
However, the spring boot app still can't connect to Mongo (on the EC2 IP address).
Login to your AWS account and navigate to EC2 (Compute) dashboard.
Click the Security Group for the Ec2 instance in which MongoDB is installed
In the inbound tab, click edit
Add the private IP of the EC2 where beanstalk is running and the MongoDB port. This will allow the connectivity from your Spring boot application to MongoDB.
To test the connectivity, SSH into your EC2 where beanstalk is running and telnet the IP: port where MongoDB is running.
I have created a redis endpoint on amazon elastic cache and also setup vpc & NAT gateway. I need to connect created redis endpoint with redis-cli. i using command like this
redis-cli -h dev-redis.434dffsdsf.0094.ustyue1.cache.amazonaws.com
But i got error message like this
Could not connect to Redis at dev-redis.a35gy4.0001.use1.cache.amazonaws.com:6379: Connection timed out
I tried with several ways
tried to connect from my local ubuntu machine.
tried to connect from a ec2 instance.
My source code is running on aws lambda. Using aws lambda we can successfully connect to the same redis endpoint.
What is the actual issue with my redis client?
Please check SG of ElastiCache. Redis instance should be accessible to server where you're running Redis CLI.
Option 1 will not work, as ElastiCache instances are not accessible outside of their VPC. From the FAQs: "Amazon ElastiCache Nodes, deployed within a VPC, can never be accessed from the Internet or from EC2 Instances outside the VPC."
Option 2 should work, if the EC2 instance is within the same VPC as the ElastiCache instance.
Adding more details as none of the answers here gave me full clarity
What is security group - security group in AWS is like a firewall.
What should I check in the security group - Check in inbound rules of the security group attached to the Redis if port 6379 is open to IPs within the CIDR (e.g. 192.168.32.0/20) of the EC2 instance from which you tried to access the Redis/ElasticCache