amazon-vpc

问题 Seeking review, comments, point out issues, link to available tested, better solution… This idea is to provide secure remote access into EC2 instances and allow backend instances to reach internet when required for update, install packages, etc. I just started to pickup AWS on my own and had no prior experience with AWS. I learned the method to secure remote access (like SSH) is to restrict the SSH source IP, create jump/bastion hosts, then internet access for backend/private subnet would be

问题 I have a VPC enabled Lambda function which attempts to launch an EC2 using a launch template. The EC2 launch step (run_instances) fails with the below generic network error. Calling the invoke API action failed with this message: Network Error I can launch an instance successfully directly from the launch template, so I think everything is fine with the launch template. I have configured the following in the launch template Amazon Machine Image ID Instance type Key Pair A network interface

问题 Would communicating with an RDS instance through a public endpoint (RDS in a public subnet) incur more data transfer costs vs one in a private subnet, given that both RDS and the entity accessing it are in the same AZ? 回答1: The DNS Name of the Amazon RDS db instance should resolve to a private IP address when used within the VPC. Thus, the only potential charge is 2¢/GB between AZs (1¢ in and 1¢ out). If they are both in the same AZ , there should be no data transfer charge. Accessing via a

问题 I am wondering is the role of router in AWS-VPC played by a virtual machine ? This vm may have several nics. If not, then how is the router in vpc designed ? Thanks a lot. 回答1: No, it isn't played by a virtual machine, or even a set of virtual machines. Thinking about it for a moment, a VPC router couldn't possibly be a single "thing" because that wouldn't be redundant... it would have to be at least six "things" (3 availability zones x 2 devices minimum per availability zone for redundancy,

问题 I've just setup a VPN link between our local network and an Amazon VPC. Our local network has two ip blocks of interest: 192.168.0.0/16 - block local-A 10.1.1.0/24 - block local-B The AWS VPC has a ip block of: 172.31.0.0/16 - block AWS-A I have setup the VPN connection with static routes to the local-A and local-B ip blocks. I can connect from: local-A to AWS-A and AWS-A to local-A. I can't connect from: AWS-A to local-B (e.g. 173.31.17.135 to 10.1.1.251) From the 173.31.17.135 server, 10.1

问题 Do we need internet connectivity to use AWS Java SDK from within an instance in AWS ? I have an instance running inside a VPC to which I haven't assigned any public IP address. From what my initial investigation found out, I see that to run AWS Java SDK based Java programs from this instance in Amazon, the instance needs to have internet connectivity. Running the sample program AwsConsoleApp that comes with AWS Java SDK, I saw following error: [javac] /home/ubuntu/aws-java-sdk-1.8.9.1/samples

问题 Do we need internet connectivity to use AWS Java SDK from within an instance in AWS ? I have an instance running inside a VPC to which I haven't assigned any public IP address. From what my initial investigation found out, I see that to run AWS Java SDK based Java programs from this instance in Amazon, the instance needs to have internet connectivity. Running the sample program AwsConsoleApp that comes with AWS Java SDK, I saw following error: [javac] /home/ubuntu/aws-java-sdk-1.8.9.1/samples

问题 I am trying to create a VPC peer between accounts and auto accepting it but it fails with permissions error. Here are the providers in the main.tf provider "aws" { region = "${var.region}" shared_credentials_file = "/Users/<username>/.aws/credentials" profile = "sandbox" } data "aws_caller_identity" "current" { } Here is the vpc_peer module: resource "aws_vpc_peering_connection" "peer" { peer_owner_id = "${var.peer_owner_id}" peer_vpc_id = "${var.peer_vpc_id}" vpc_id = "${var.vpc_id}" auto

问题 Is it possible to define VPCId for an EC2 instance template as a property? I am trying to do is something like, "Resources" : { "Ec2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "SecurityGroups": [ { "Ref": "AWSSecurityGroups" } ], "KeyName" : { "Ref" : "KeyName" }, "InstanceType" : { "Ref" : "InstanceType" }, "Tags" : [ { "Key" : "Name", "Value" : "Softnas-CF" }], "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}, "VpcId" : { "Ref" : "VPCId" }

问题 I have some lambda functions in a VPC, some of them need Internet to work so I added a NAT instance (t2.micro) and the problem is that I have some functions sometimes work and sometimes timeout. For example a function that call FB API 80% of the time work and 20% timeout. Another function is using boto3 to create a spot instance 50% of the time timeout and the logs give me. 2018-07-16T06:35:55.909Z 421f98dd-88c2-11e8-913a-63c8d6f276f3 Task timed out after 100.10 seconds Whenever I redeploy my