I am trying to connect to a database hosted on mongo atlas from a service running on elastic beanstalk. I am getting the error:
UnhandledPromiseRejectionWarning: MongoNetworkError: failed to connect to server [youmaylike-shard-00-01-necsu.mongodb.net:27017] on first connect [MongoNetworkError: connection 5 to youmaylike-shard-00-01-necsu.mongodb.net:27017 closed]
I believe this is happening because I don't have the Ip address of my service whitelisted on atlas. I am unsure of how to get the Ip address for my service, I tried running eb ssh but I'm not sure what it gave me is the correct value
There are multiple ways to get it, below two:
Before using the AWS console or the AWS CLI run eb health and get the intance ID or IDs for your deployment
Using the AWS Console go to EC2 and then Instances find the instance ID or IDs click it and on the pane below the IP will be located at "IPv4 Public IP"
Using the AWS CLI aws ec2 describe-instances --instance-ids <YOUR INSTANCE ID or IDS HERE>
The public IP depend upon the configuration of your Elastic beanstalk instances.
Internet Access:
Instances must have access to the Internet through one of the following methods.
Public Subnet
Instances have a public IP address and use an Internet Gateway to access the Internet.
Private Subnet
Instances use a NAT device to access the Internet.
So, if it's behind Gateway then you can check here for whitelisting or might this help too
aws ec2 describe-instances --instance-ids i-0c9c9b44b --query 'Reservations[*].Instances[*].PublicIpAddress' --output text
or
curl http://checkip.amazonaws.com
If it's behind NAT then you need to whitelist the NAT Gateway IP.
Goto VPC -> Select NAT Gateways -> Copy the Elastic IP or public IP adress of NAT Gateway and whitelist this IP in atlas side.
From MongoDB Atlas support:
If you have dynamic IP addresses, you have the following options;
You can use the Atlas Public API to dynamically add and remove IPs from your whitelist. For MongoDB Atlas documentation on configuring Atlas API Access, please click here.
You can use VPC Peering (M10+ instances only) to link your Atlas cluster to your existing VPC. For documentation Setting up a VPC peering connection in MongoDB Atlas, please click here.
Or you can set your whitelist to 0.0.0.0/0 to allow the entire Internet into your IP whitelist. For MongoDB Atlas documentation on adding entries to your IP Whitelist, please click here. Please note that adding 0.0.0.0/0 to the cluster’s whitelist as this can expose the cluster to denial of service attacks. Also, please be aware that Heroku uses dynamic IPs, so you will have to add 0.0.0.0/0 to the whitelist when using Heroku to connect to your Atlas Cluster.
See asked question on their FAQ.
I've read through all the white papers for Route53, Private Hosted Zones, and Workspaces and I'm too the point of banging my head on the wall. :p
I'm having trouble getting an EC2 instance and an Amazon Workspace within a private cloud to communicate using a Fully Qualified Domain Name. I need them to communicate with a FQDN instead of an IP address so that I can have an encrypted connection with an SSL.
Here is my configuration:
Setup a VPC with two public subnets, a route table, and internet gateway.
VPC is setup with DNSResolution and DNSHostnames enabled.
Setup a Simple AD for the workspace within the private VPC.
Setup an EC2 instance within the private VPC with a public subnet.
Setup the EC2 instance with a security group that allows port 80,443, and 5003 open to 0.0.0.0/0.
Setup a workspace within the private VPC with no security group.
Disabled the firewall within the EC2 instance and Workspace.
Setup a Hosted Zone on Route53 configured for Private and linked to the VPC.
Setup an A Record pointing the private IP of the EC2 instance.
If I run a ping from the Workspace to the DNS record that was setup in Route53, I get a successful connection.
If I try to reach the EC2 server using a Web browser on Port 80 or Port 443 using the DNS record, it fails.
If I try to reach the Ec2 server using an application that runs on Port 5003 using the DNS record, it fails.
If I try to reach the EC2 server with either web browser or application by referencing the IP, it is successful. So I know that my ports aren't being blocked.
Did I configure the route53 record incorrectly or am I missing a particular IAM Role permission set?
Thanks and let me know if I need to elaborate on any of the configuration.
SimpleAD DNS is being used instead of Route53. If the zone is the same then only one or the other can be used I'm afraid.
For example if you have host.com DNS zone in SimpleAD then the workspace won't use R53 for any *.host.com resolution. Try a different private zone in R53 and therefore fqdn for the EC2 instance private IP address.
https://forums.aws.amazon.com/thread.jspa?threadID=215126
I set up an AWS instance in my VPC with a private IP address -- no public IP address. This is going to be my MongoDB instance and will only be accessed by other servers within the VPC. I established a successful VPN connection and can SSH using Putty to the instance using the private IP address - "10.0.0.95". So far, so good. I noticed that the private IP address also has a Private DNS - "ip-10-0-0-95.internal". I tried using the Private DNS to access the instance through the VPN but got this Putty error "Unable to open connection to ip-10-0-0-95.ec2.internal. Host does not exist". Clearly, I can use the 10.0.0.95 IP address but was surprised that the private DNS name did not work. How come?
You should enable the DNS resolution for your VPC, or you won't be able to resolve internal DNS names.
To use private hosted zones, you must set the following Amazon VPC settings to true:
enableDnsHostnames
enableDnsSupport
Steps to enable DNS resolution:
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Your VPC.
Select the VPC from the list, choose Actions and either Edit DNS Resolution or Edit DNS Hostnames (you should enable them)
In the dialog box that opens, choose Yes, and Save.
For more info: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html#vpc-dns-updating
I have given a limited access to a AWS account.
I already created an EC2 instance but when I try to associate an elastic ip, I got the error below:
An error occurred while attempting to associate the address
Network vpc-(security id) is not attached to any internet gateway
You are using the new Amazon Virtual Private Cloud instead of the EC2 Classic.
The cloud you are using lacks the internet gateway virtual component that is necessary for the cloud to be reachable from the public internet.
You need to add an internet gateway to your private cloud for it to be able to connect to internet; with that in place, you can use Elastic IPs (after all, they are internet addressable; your VPC instances can have static instance IPs), and add a routing entry for internet addresses (0.0.0.0/0, or a narrower space).
This error occurs because the VPC is not associated with an Internet Gateway. To solve this: Go to VPC, then click on Internet Gateway. If none exists, Create one(probably will need admin permission) and then attach it to the target VPC-id. And try again associating the Elastic IP address to the EC2 instance. Hope it helps :)
You need to assign an Internet Gateway to your VPC.
Go to VPC service and under VIRTUAL PRIVATE CLOUD on the left, click
"Internet Gateways"
To create a new one, click on "Create Internet gateway", give it a name and create it
Select the Gateway on the list, click "Actions" and "Attach to VPC"
Select the VPC and click on "Attach Internet gateway"
Then you will be able to Assign the Elastic IP to your EC2 instance.
A guy I work with gave me the EC2 credentials to log onto his EC2 console. I was not the one who set it up. Some of the instances show a public dns name and others have a blank public DNS. I want to be able to connect to the instances that have a blank public DNS. I have not been able to figure out why these show up as blank.
I had the same problem an solved it. Have a look at the step-by-step instructions:
Go to console.aws.amazon.com
Go To Services -> VPC
Open Your VPCs
select your VPC connected to your EC2 and
select Actions => Edit DNS Hostnames
---> Change DNS hostnames: to YES
There is a actually a setting in the VPC called "DNS Hostnames". You can modify the VPC in which the EC2 instance exists, and change this to "Yes". That should do the trick.
I ran into this issue yesterday and tried the above answer from Manny, which did not work. The VPC setting, however, did work for me.
Ultimately I added an EIP and I use that to connect.
Sounds like the instance was launched in VPC and while doing so, the check-box for Automatically assign a public IP address to your instances was not checked. Hence the instance does not have a public IP
You can assign an Elastic IP to this instance and then log in using that IP.
In my case I found the answer from slayedbylucifer and others that point to the same are valid.
Even it is set that DNS hostname: yes, no Public IP is assigned on my-pvc (only Privat IP).
It is definitely that Auto assign Public IP has to be set Enable.
If it is not selected, then by default it sets to Use subnet setting (Disable)
This is the tip provided to resolve the issue which does not work:
Tip - If your instance doesn't have a public DNS name, open the VPC console, select the VPC, and check the Summary tab. If either DNS resolution or DNS hostnames is no, click Edit and change the value to yes.
Assuming you have done this and you are still not getting a Public IP then go over to the subnet in question in the VPC admin screen and you will probably discover "Auto-Assign Public IP" is not set to yes. Modify that setting then, and I know you don't want to here this, create a new instance in that subnet. As far as I can tell you cannot modify this on the host, I tried and tried, just terminate it.
Go to AWS Console.
Go to Services and select VPC
Click on vpc.
select the instance and click on Action.
Select Edit DNS Host name click on yes.
At the end you will get your Public dns.
For me problem was in subnet settings.
Open https://console.aws.amazon.com/vpc
Go to subnets in left menu
Choose your subnet
Modify auto-assigning IP settings to enable
It is related to the VPC's feature called "DNS Hostnames". You can enable or disable it. Go to the VPC, under the Actions menu select the "Edit DNS Hostnames" item and then choose "Yes". After doing so, the public DNS of the EC2 instances should be displayed.
Here I will summarize the most common issues that occur:
When you create a custom VPC, if you want aws resources such as ec2 instances to acquire public IP addresses so that the internet can communicate with them, then you first must ensure that the ec2 instance is associated with a public subnet of the custom VPC. This means that subnet has an internet gateway associated with it. Also, you need to ensure that the security group of the VPC associated with ec2 instance has rules allowing inbound traffic to the desired ports, such as ssh, http and https. BUT here are some common oversights that still occur:
1) You must ensure that DNS hostnames is enabled for the VPC
2) You must ensure the public subnet linked to the EC2 instance has its 'auto-assignment of public ip' flag enabled
3) If the instance is already created, then you might need to terminate it and create a new instance for the public IP and public DNS fields to be populated.
Just launch another instance (and also delete the one in question if it has no use) and make sure this time you check "Autoatically assign a public IP address to your instance". If not then as slayedbylucifer suggested; assign an Elastic IP (EIP) to the instance and then log in using that IP. Be careful though, if you are running the free AWS tier, an EIP will cost you money-- that's a whole 'nother topic..
First of all, there can be two reasons for this:
You have created your own VPC and forgot to enable Public DNS.
To solve this :
i) Go to AWS VPC console and select the VPC you have created.
ii) Then click on Actions and then enable DNS Resolution.
OR
You have not enabled public ip-assign option in EC2 configuration.
Here you cannot change the setting; so create an ami image and then recreate the instance from that.
After verifying VPC and Subnet settings, my EC2 instance still didn't have a public DNS. After a day of searching for a resolution, I finally figured it out.
I had to create a new Elastic IP address, then associate it to my instance.
From the EC2 Dashboard:
Go to Elastic IPs from the sidebar.
Click Allocate new address, then Allocate.
Go back to the EC2 Dashboard. Go to Network Interfaces.
Select the EC2 instance without a public DNS. Then Actions - Associate Address.
The Address field, select the new elastic IP address.
The Associate to private IP address field, select the private IP address with no public DNS.
Click Associate Address.
Your EC2 instance should now have a public DNS.
Go to VPC
Select your VPC
Click actions and choose Edit DNS hostnames
Tick Enable for DNS Hostnames
Click save changes
The problem is that the DNS Host name in your VPC is dropped. You can easily enable it like this:
Go to your instance in the console, then click your VPC ID.
In your VPC, select the Edit DNS Host names option
Set it to enabled and save your changes.
Now, in your EC2 instance window you can find the DNS:
The change to the DNS Hostnames setting can also be done using the AWS CLI:
aws ec2 modify-vpc-attribute --vpc-id $vpc_id --enable-dns-hostnames '{"Value": true}'
(Where $vpc_id is the ID of the VPC that your instance is attached to.)
As soon as the VPC is updated the instance will gain a public DNS.
For those using CloudFormation, the key properties are EnableDnsSupport and EnableDnsHostnames which should be set to true
VPC: {
Type: 'AWS::EC2::VPC',
Properties: {
CidrBlock: '10.0.0.0/16',
EnableDnsSupport: true,
EnableDnsHostnames: true,
InstanceTenancy: 'default',
Tags: [
{
Key: 'env',
Value: 'dev'
}]
}
}
If the instance is in VPC, make sure both "DNS resolution" and "DNS hostnames" is set to "yes". You can do this in the Aws console UI. HTH!
Go to VPC console, select your VPC, and click ACTIONS menu, select Edit DNS Hostnames - select Yes. That should fix it.
I tried to fix the 'no public DNS'
once the EC2 was up and running, I couldnt add a public DNS
this is even after following the above steps making mods to the VPC or the Subnet
so, I had to make modifications to the subnet and the vpc, before starting another instance, and THEN start up a new instance.
the new instance had a public DNS. That is how it worked for me.
For those who are using Terraform.
To enable the DNS hostnames, use the following line in your VPC like this:
resource "aws_vpc" "app_vpc"
{
enable_dns_hostnames = true # Add this line
cidr_block = var.vpc_cidr
tags = { Name = "mostafa_vpc" }
}
You don't have to assign public ip address to your instance.
you can use NAT instances or NAT Gateway.
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html
For the public IP / DNS first, you must have a running EC2 Service ( That can be Instance / Docker / Lightsail. for any of the services you will have two different IPs ( Private & Public ) also the security group available under the security Tab once you selected actively Instance.
STEP-1:
You can enable according to the port Usage like if you wanted to host a website using HTTP & HTTPS Ports
EC2->Security Group -> Edit Inbound Rules -> Added or Remove required ports.
like 80,443,22 etc and traffic source for the port ( if you want to make the port open for all select anywhere or if you want to open the application for the selected IPs- Enter IPV4/IPV6 manually.
once you are done with the above configuration, Create Elastic IP and attached it to your Running EC2 instance. Once you attached the IP with the instance your Public IP will be the Elastic IP
STEP-2:
AWS offers you one more service called Route53. Here you can create Hosted Zones and enter the domain name without www after creation, you will get the Name Server value for the hosted zone.
for more info about Route53 https://aws.amazon.com/route53/