amazon-vpc

I am trying to make an outbound API request to a third-party service from within a Lambda function, but the function always times out without any error. This previously happened when trying to perform a s3.putObject operation within a different function (still within the same VPC / subnets), and I managed to get around that by adding an Endpoint with a service name com.amazonaws.us-east-1.s3 and connecting it to the route table that is associated with the VPC that this Lambda function resides in. Within the Lambda dashboard inside Network box -> Security Groups section, I see this warning:

I want to access a few instances in my private subnet using EIPs. Is there a way? I know it doesn't make much sense. But let me explain in detail. I have a VPC with 2 subnets. 1) 192.168.0.0/24 (public subnet) has EIPs attached to it 2) 192.168.1.0/24 (private subnet) There is a NAT instance between these to allow the private instances have outbound access to the internet. Everything works fine as mentioned here : http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html But now, for a temporary time I need to address the instances on the private subnet directly from the

I have my CloudFormation script like this now: "SecurityGroupIngress" : [{ "IpProtocol" : "tcp", "FromPort" : "0", "ToPort" : "65535", "CidrIp" : "0.0.0.0/0" }] and it looks like this, which is fine: But I am wondering how to I update the template to get this: Notice the Ports say All. I also wonder if they are different? The original solution I posted (and accepted by the original poster) stopped working as AWS no longer supports it. To avoid the barrage of downvotes, I deleted the answer. The alternatives are: Specify the ports 0 and 65535 or Open all ports for all protocols not just TCP (as

Although I've written a fair amount of chef, I'm fairly new to both AWS/VPC and administrating network traffic (especially a bastion host). Using the knife ec2 plugin, I would like the capability to dynamically create and bootstrap a VM from my developer workstation. The VM should be able to exist in either a public or private subnet of my VPC. I would like to do all of this without use of an elastic IP. I would also like for my bastion host to be hands off (i.e. I would like to avoid having to create explicit per-VM listening tunnels on my bastion host) I have successfully used the knife ec2

How can I assign a static IP address to a ELB. Seems like I cannot. Some articles online asks to create a Route 53 record but this requires changing CNAME of domain which also redirect email traffic. I just want to change A record not CNAME. Some articles also mention that I can use a EC2 instance as a reverse proxy. But will a single proxy be able to handle a lot of traffic? Any solution for this? AWS' Elastic Load Balancer is actually elastic on two levels as described here: http://shlomoswidler.com/2009/07/elastic-in-elastic-load-balancing-elb.html The first level is the load balancer

I'm trying to move an existing Redshift database from one AWS account to another following How do I transfer ownership of an Amazon Redshift cluster to a different AWS account? . I've successfully created a snapshot of the old database and given the new account access to it. Both accounts have different VPCs. When I try to restore a cluster from that snapshot, I receive the following error message: You have no subnet groups that are suitable for restoring this snapshot to VPC. Is it possible to restore a Redshift cluster to another VPC? I can't create a Subnet to the old VPC since it's in my

I have a V2 ELB that is internet facing. It routes requests to instances in VPC just fine when I connect to it from my laptop. However when I try to connect to it from another instance inside the same VPC the Security Group firewall rules block the connection. The only way I can get the instances in VPC to connec to the ELB is by opening the https port (443) to the world. What am I doing wrong? The ELB ( https://elb.domain.com ) has the following attrs: Internet facing, V2 (not classic ELB) VPC: vpc-aaa AZs: subnet-a,subnet-b Listeners: 443 -> 8080 instance port source security group: my-vpc

I deployed a web service in my private subnet without ELB in public subnet. Now I want to expose it to public. Can I use API gateway as the http proxy to make it public? Anyone knows how to do that? The service has to be public for API Gateway to be able to connect to it. You can use SSL Client certs to restrict access to only API Gateway. Otherwise, API Gateway would not be a good solution to your issue. Update: You can now configure API Gateway to access resources inside a VPC using VPC Link . In addition to @Mark B's excellent answer, you could also consider using a Lambda function as a