I have the same problem setting up Elastic Cache in AWS, I created one, set up a security group to allow inbound TCP to all TCP ports from my home IP. However, I can not telnet to that box. When I run the code, I got timeout error. Can you share with me how did you set it up?
I tried Amazon Audo Discovery demo code as well as simple-spring-cache for memcached. I got timeout on both of them.
Thanks.
It's not possible to access Amazon ElastiCache from home network. You can access memcached instance on Amazon only from your EC2 instance.
Related
I am trying to install KafkaMagic on ec2 to manage our kafka cluster. I created an EC2 instance on our VPC and added the following inbound rules to the associated security group:
I then made sure the Network ACL had inbound rules to allow traffic
Where I saw that * is a catch all rule so rule 100 should overwrite this. I then connected to my ec2 instance using EC2 Instance Connect and downloaded KafkaMagic and got it running on localhost:5000 of my ec2 instance. Using the public dns for the ec2 instance i connected to {publicIp}:5000 where publicIp was copy pasted. I was unable to connect.
Im assuming there is a gap in my understanding of what happened. Where did I go wrong along the way setting this up? Im very new to AWS and I might be missing an important concept
I needed to run the application on a non localhost url. I updated the kafka magic url through this link: https://www.kafkamagic.com/download/#configuration to be on 0.0.0.0:5000 and then I was able to use the public ip associated with my instance to run the application on port 5000
I have a redis instance on AWS that I want to connect using Redis Desktop Manager from my local machine
I am able to ssh into my ec2 instace and then run redis-cli -h host and connect to it.
But the same is not possible from my local machine.
I am sure there must be a way to monitor my redis using the GUI, and I think if I can connect to the ec2 using pem file and I can connect to redis from insde there, must be a way to combine both? And connect to the redis instance locally via my ec2 instace? Any ideas?
By design AWS EC domain is deployed for use only within AWS. From docs:
Elasticache is a service designed to be used internally to your VPC. External access is discouraged due to the latency of Internet traffic and security concerns. However, if external access to Elasticache is required for test or development purposes, it can be done through a VPN.
Thus, it can't be accessed directly from outside of your VPC. For this, you need to setup a VPN between your local home/work network and your VPC, or what is often easier to do for testing and development, establish a ssh tunnel.
For the ssh tunnel you will need a public proxy/bastion EC2 instance through which the tunnel will be established. There are number tutorials on how to do it for different AWS services. General procedures are same, whether this is ES, EC, Aurora Serverless or RDS Proxy. Some examples:
SSH Tunnels (How to Access AWS RDS Locally Without Exposing it to Internet)
How can I use an SSH tunnel to access Kibana from outside of a VPC with Amazon Cognito authentication?
As #Marcin mentioned, AWS recommends only using Elasticache within your VPC for latency reasons, but you've got to develop on it some how... (Please be sure to read #Marcin's answer)
AWS is a huge mystery, and it's hard to find beginner-intermediate resources, so I'll expand upon #Marcin's answer a little for those that might stumble across this.
It's pretty simple to set up what's often referred to as a "jump box" to connect to all sorts of AWS resources - this is just any EC2 instance that's within the same VPC (network) as the resource you're trying to connect to - in this case the Elasticache redis cluster. (If you're running into trouble, just spin up a new instance - t4g.nano or something super small works just fine.)
You'll want to make sure you're in the directory with your key, but then should be able to run the following command to link whatever port you'd like to use to the remote redis cluster:
ssh -i ${your_ssh_key_name.pem} ${accessible_ec2_host} -L ${port_to_use_locally}:${inaccessable_redis_or_other_host}:${inaccessable_redis_port}
Then you can use localhost and ${port_to_use_locally} to connect to redis
Ok, I have an application on ElasticBeanstalk and have setup an EC2 server for my database.
I've been trying to limit the connections to the database to my IP and that of the applications (EB), however all configurations I have tried have not worked.
I have tried using the security group ID - where on the security group ID used by the App had a outgoing connection to the DB and the DB security group had an incoming connection from the security group ID from the App.
Unfortunately that didn't work. And I don't know how to find the CIDR for the EB environment.
Any ideas?
Add the security group on ec2 server to allow the traffic from your home IP and elasticbeanstalk appliaction static IP.
you can find the Elasticbeanstalk application static IP from Ec2 console Or you can use the following command using amazon cli.
aws ec2 describe-instances --instance-ids <instance-id>
I created a windows machine on AWS EC2, and I wanted that only I should be able to connect from my MAC to it, using remote desktop client.
Inbound Rule is used for incoming traffic and outbound rule is used for outgoing traffic.
Since I wanted to connect using Remote Desktop, in the inbound rule of security group I selected "RDP" and then in the source I selected 'My Ip' and thus I secured my ec2 instance such that only I can access it
I have created a redis endpoint on amazon elastic cache and also setup vpc & NAT gateway. I need to connect created redis endpoint with redis-cli. i using command like this
redis-cli -h dev-redis.434dffsdsf.0094.ustyue1.cache.amazonaws.com
But i got error message like this
Could not connect to Redis at dev-redis.a35gy4.0001.use1.cache.amazonaws.com:6379: Connection timed out
I tried with several ways
tried to connect from my local ubuntu machine.
tried to connect from a ec2 instance.
My source code is running on aws lambda. Using aws lambda we can successfully connect to the same redis endpoint.
What is the actual issue with my redis client?
Please check SG of ElastiCache. Redis instance should be accessible to server where you're running Redis CLI.
Option 1 will not work, as ElastiCache instances are not accessible outside of their VPC. From the FAQs: "Amazon ElastiCache Nodes, deployed within a VPC, can never be accessed from the Internet or from EC2 Instances outside the VPC."
Option 2 should work, if the EC2 instance is within the same VPC as the ElastiCache instance.
Adding more details as none of the answers here gave me full clarity
What is security group - security group in AWS is like a firewall.
What should I check in the security group - Check in inbound rules of the security group attached to the Redis if port 6379 is open to IPs within the CIDR (e.g. 192.168.32.0/20) of the EC2 instance from which you tried to access the Redis/ElasticCache
Could someone give a step-by-step procedure for connecting to elasticache.
I'm trying to connect to a redis elasticache node from inside my EC2 instance (sshed in). I'm getting Connection Timed Out errors each time, and I can't figure out what's wrong with how I've configured my AWS settings.
They are in different VPCs, but in my elasticache VPC, I have a custom TCP inbound rule at port 6379 to accept from anywhere. And the two VPCs share an Active Peer connection that I set up. What more am I intended to do?
EDIT:
I am trying to connect via the redis-cli command. I sshed in because I was originally trying to connect via the node-redis module since my EC2 instance hosts a node server. So officially my two attempts are 1. A scripted module and 2. The redis-cli command provided in the AWS documentation.
As far as I can tell, I have also set up the route tables correctly according to this: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html#route-tables-vpc-peering
You cannot connect to Elasticache from outside its VPC. It's a weird design decision on AWS' part, and although it's not documented well, it is documented here:
Amazon ElastiCache Nodes, deployed within a VPC, can never be accessed from the Internet or from EC2 Instances outside the VPC.
You can set your security groups to allow connections from everywhere, and it will look like it worked, but it won't matter or let you actually connect from outside the VPC (also a weird design decision).
In your Redis cluster properties you have a reference to the Security Group. Copy it.
In our EC2 instance you also have a Security Group. You should edit this Security Group and add the ID of the Redis Security Group as CIDR in the outbound connections + the port 6379.
This way the two Security Groups are linked and the connection can be established.
Two things we might forget when trying to connect to ElasticCache,
Configuring inbound TCP rule to allow incoming requests on port 6379
Adding EC2 security group in ElasticCache instance
Second one helped me.
Reference to (2) : https://www.youtube.com/watch?v=fxjsxtcgDoc&ab_channel=HendyIrawanSocialEnterprise
Here is step-by-step instructions for connection to Redis Elasticache cluster from EC2 inctance located in the same VPC as Elasticache:
Connect to a Elasticache Redis Cluster's Node