amazon-vpc

问题 I have created an API gateway to run a Lambda function. This is meant to be used as an internal service so my API gateway is private. In order to make the API gateway accessible privately I did the following: Created a VPC endpoint in a couple of subnets of our VPC Added the endpoint to a security group that only allows traffic from on-prem Added a resource policy to the API gateway that only allows requests from the VPC endpoint These steps effectively block public requests and allow

问题 I did the AWS mysfits tutorial and I thought the cleanup would be as simple as deleting the Cloud Formation stack. However, items failed to delete so I am trying to clean them up manually to assist the Cloud Formation stack deletion. I keep getting an error when trying to Detach the network interfaces (I am logged into the root account): Error detaching network interfaces: eni-0047gfhfgh8ab0e: You are not allowed to manage 'ela-attach' attachments. eni-0f4a46hgfha757e: You are not allowed to

问题 I'm just started on using aws-sdk-go and notice that the s3 requests are using http/https rather than s3 protocol. How can I read the object in s3 from my lambda within vpc using aws-sdk-go? And I don't want to use NAT Gateway. I can do this in NodeJS but is there any way for aws-go-sdk to do the same? Thanks! 回答1: To access S3 within a VPC without an internet gateway you need to use a S3 Endpoint 回答2: This code snippet shows how to use aws-go-sdk to list S3 buckets for region us-east-1

问题 I'm just started on using aws-sdk-go and notice that the s3 requests are using http/https rather than s3 protocol. How can I read the object in s3 from my lambda within vpc using aws-sdk-go? And I don't want to use NAT Gateway. I can do this in NodeJS but is there any way for aws-go-sdk to do the same? Thanks! 回答1: To access S3 within a VPC without an internet gateway you need to use a S3 Endpoint 回答2: This code snippet shows how to use aws-go-sdk to list S3 buckets for region us-east-1

问题 I've configured my server with a default security group, which has the following Inbound rules: | Type | Protocol | Port Range | Source | | All TCP | TCP | 0-65535 | 0.0.0.0/0 | | All UDP | UDP | 0-65535 | 0.0.0.0/0| With these rules, netstat shows the following output: netstat -atn Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:1113 0.0.0.0:

问题 I have set up EKS cluser with "private access" enabled and set up one instance in the same VPC to communicate with EKS. The issue is if I enable to the "public access", I can access the api endpoint. But if I disable the public access and enable the private access, I can't access api endpoints. When private access is enabled: kubectl get svc Unable to connect to the server: dial tcp: lookup randomstring.region.eks.amazonaws.com on 127.0.0.53:53: no such host When public access is enabled:

问题 I have set up EKS cluser with "private access" enabled and set up one instance in the same VPC to communicate with EKS. The issue is if I enable to the "public access", I can access the api endpoint. But if I disable the public access and enable the private access, I can't access api endpoints. When private access is enabled: kubectl get svc Unable to connect to the server: dial tcp: lookup randomstring.region.eks.amazonaws.com on 127.0.0.53:53: no such host When public access is enabled:

问题 I have a very simple python function in a lambda which runs fine if I leave VPC disabled. import json import boto3 import botocore def lambda_handler(event, context): s3 = boto3.client('s3', 'us-east-1', config=botocore.config.Config(s3={'addressing_style':'path'})) keys = [] resp = s3.list_objects_v2(Bucket='[BUCKET_NAME]') for obj in resp['Contents']: print(obj['Key']) return { 'statusCode': 200, 'body': json.dumps('Hello from Lambda!') } When VPC is enabled the S3 connection continually

问题 We're setting up an Amazon VPC in which we will provision (for now) a single EC2 instance and one RDS instance. This is to 'extend our data center', and should only be using private subnet(s). So actually, we have this setup, and it is working well (insert smiley face icon). For all intents and purposes, we're mirroring the VPC scenario 4 outlined by Amazon here: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario4.html tl;dr: A single VCP, with a VPN connecting to our

问题 I am trying to set up a vanilla Jboss (Wildfly-8.0.0.Final) in EC2, although I believe any application would have this problem. On a vanilla ubuntu trusty VM in the default space, I unpack, and configureit to run on addr-any: 0.0.0.0. At runtime, this is successfully resolved to the instance's local IP: 15:26:43,167 INFO [org.hornetq.jms.server] (ServerService Thread Pool -- 59) HQ121005: Invalid "host" value "0.0.0.0" detected for "http-connector" connector. Switching to "ip-123-45-67-8.us