amazon-vpc

问题 We are trying to expand our reliability setup using VPC in us-west-1. The 'a' and 'b' AZs work fine, but when I try to create subnets on 'c' it just fails with the message: Value (us-west-1c) for parameter availabilityZone is invalid. Subnets can currently only be created in the following availability zones: us-west-1b, us-west-1a. Is this a transient failure or are there just only two VPC-enabled AZs in that region? If the latter, is there a list somewhere with how many AZs in each region

问题 I don't want to create new subnets and VPCs I already have them created and I want my cloudformation template to use them. In what parameter do I specify this or I'm I confused as to how this works? When I look at the docs for "AWS::EC2::VPC" and "AWS::EC2::Subnet" it seems these resources are only for creating new VPCs and subnets is this correct? Should I just point the instance resource directly to the existing VPC and subnet I want it to use? Edit: For example if I have an instance

问题 I have an EC2 instance (running kafka) which needs to access itself via public IPs, but I would like to not open the network ACLs to the whole world. The rationale is that when a connection is made to a kafka broker, the broker advertises which kafka nodes are available. As kafka will be used inside and outside EC2, the only common option is for the broker to advertise its public IP. My setup: an instance, with public IP ( not an elastic IP) a vpc a security group, allowing access to the

问题 I have a Classic app on EB that needs to connect to RDS in a VPC. I can manually configure the EB instances to allow a Classic Link to the VPC by going into EC2 - Instance - Actions - ClassicLink - Link to VPC. Once I do this all is fine BUT this won't auto-link new instances without manual intervention. I know I need to move the EB app to be within the VPC but I was wondering if I could set EB to auto-create a Classic Link for new instances within EB? I would have thought I could edit the

问题 I gonna create a secure tunnel from my Office (Static IP) to AWS VPC and then Internet Gateway. I have a VPC, private and public subnets. Office connects to private subnet via VPN tunnel. How can i route all private (VPN) traffic to public and Internet gateway? Office <--VPN--> Private subnet <--> Public subnet <--InternetGateway--> Internet If this is not a good solution, what's the best practice for having a dedicated, simple and secure tunnel from Office to Internet? 回答1: This is not

问题 I setup the VPC as described here: http://docs.amazonwebservices.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html And I have a box in the private subnet, that I want to use as a mongo box. The private IP is 10.0.1.51. I can connect to mongod instance over localhost, but not over the private IP: ubuntu@ip-10-0-1-51:~$ mongo localhost connecting to: localhost > this works > ^Cubuntu@ip-10-0-1-51:~$ mongo 10.0.1.51 Fri Sep 21 02:23:18 Error: couldn't connect to server 10.0.1.51 shell/mongo.js

问题 We have a few users which basically have access to everything using the following policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "*", "Resource": "*" } ] } Is there a way to restrict access to selected VPCs? I have tried creating the following policy and attach it to the user (via a group): { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1504660000000", "Effect": "Deny", "Action": [ "ec2:*" ], "Resource": [ "arn:aws:ec2:<REGION>:<ACCOUNT-ID>:vpc/<VPC

问题 AWS inter-region / cross region VPC Peering We have been using VPC peering for connecting two VPCs within a region. It works great and eliminates the need for a VPN. As we expand to other regions, we use VPNs to connect the VPCs across regions. VPN scaling and HA are two big issues and the connectivity is not robust. Is it possible to create VPC peering between two regions in AWS? 回答1: AWS announced on Nov 29, 2017, that AWS started supporting inter-region VPC peering and on Feb 20, 2018

问题 This is a follow on question from What is the correct syntax for filtering by tag in describe-vpcs?. Using the answer provided and referencing http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-security-groups.html --filters (list) One or more filters. ...... vpc-id - The ID of the VPC specified when the security group was created. I have constructed the cli request aws --profile myProfile --region eu-west-1 ec2 describe-security-groups --group-name MyVpcSecGroup --filters Name=tag

问题 I am trying to connect to DAX from a localhost using the following code: ClientConfig daxConfig = new ClientConfig() .withEndpoints("dax-cluster.yhdqu5.clustercfg.dax.use1.cache.amazonaws.com:8111"); AmazonDaxClient client = new ClusterDaxClient(daxConfig); The cluster is up and running, I've created it in a public subnet and opened port 8111 in the security group, but despite this I receive the following exception: Caused by: java.io.IOException: No endpoints available at com.amazon.dax