Questions tagged [amazon-vpc]
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define
756
questions
0
votes
1
answer
32
views
How to limit AWS VPC endpoint to to signed requests
We had a scan done recently of our AWS infrastructure, and one of the high risk level items that we need to address is to
Identify any fully accessible VPC endpoints and update their access policy in ...
- 123
1
vote
2
answers
267
views
Subnet associations in AWS Route tables
What is this "Subnet Associations" in AWS Route tables? Do I have to add the subnets under "Explicit Subnet Associations" as well?
It is already under "Subnets without ...
- 85
0
votes
1
answer
68
views
What actually makes an EC2 instance in a private subnet unreachable from the internet?
I'm reading everywhere (including the official documentation) that an EC2 instance in a private subnet cannot be reached from the internet, even if it has a public IP.
Let's say I have a 10.0.0.0/16 ...
- 111
1
vote
1
answer
330
views
Remove public IPv4 from AWS EC2 instances
Since February 1, 2024, AWS started charging for public IPv4 and I have several EC2 instances.
Some instances I can having only public IPv6, for others I need to keep public IPv4. I disabled Elastic ...
- 111
0
votes
1
answer
55
views
"Property CidrBlock or Ipv4IpamPoolId cannot be empty" when trying to create an IPv6-only VPC Subnet
When trying to create an IPv6-only VPC Subnet, using AWS CloudFormation, stack creation fails with the following message:
CREATE_FAILED
Resource handler returned message: "Invalid request ...
- 155
1
vote
1
answer
399
views
Migrate AWS ECS cluster IPV4 to IPV6
I'm trying to avoid this new cost (public IPv4) in aws for small projects because it will represent a big percentage of the cost.
In my ECS cluster, I use EC2 instances as capacity providers, ...
- 63
0
votes
0
answers
14
views
AWS VPC Connect Endpoint and Workbrench integration
I have some RDS instances under a private subnet and a bastion host (ec2 instance) with a public IP to connect to it. As part of getting a security certification we need to get rid of all ec2 ...
0
votes
0
answers
80
views
Prioritize S2S VPN on AWS when using 1 VGW
We have the following AWS setup:
1 VPC
1 Virtual Private Gateway (VGW)
8 Customer Gateways (CGWs)
8 Site-to-Site (S2S) VPN connections
We have 4 sites, each connected to our VPC with 2 S2S VPN ...
- 101
0
votes
1
answer
170
views
Allow AWS Identity provider to access a private VPC where the OIDC Idp resides
We want to implement Gitlab-AWS short-lived credentials but our Gitlab instance is located inside a private, non internet accessible VPC Subnet.
I have looked into VPC Endpoints but I cannot find the ...
0
votes
1
answer
285
views
how to block outgoing traffic in ec2 without blocking ssh
I have an EC2 with has public subnet and traffic is flowing through internet gateway.
Now, i have an requirement like I have to block all outgoing traffic in EC2.
I have tried to restrict the traffic ...
0
votes
1
answer
110
views
Spoke VPC over VPN to IGW
Is it possible to modify this solution so a spoke VPC connects to the TGW hub over VPN, and that spoke VPC's internet access is centralized full tunnel?
https://aws.amazon.com/blogs/networking-and-...
- 105
0
votes
1
answer
153
views
How to create a VPC endpoint to access SQL DB hosted inside EC2 instance?
I have a lambda in VPC-1 trying to access a SQL database which is hosted inside an EC2 instance in VPC-2. How should I establish a connection between Lambda(VPC-1) and SQL DB (VPC-2) using VPC ...
0
votes
0
answers
36
views
How to specify Security Group when creating VPC in AWS web console UI
I created a security group and then wanted to create a VPC and specify this VPC to use this existing security group. I couldn't find an option in AWS' current VPC form to specify the security group. ...
- 155
0
votes
2
answers
187
views
AWS CIDR Address is not within CIDR Address from VPC
In AWS have created VPC which CIDR is 10.0.0.24.I want to creates its two subnet.its public-subnet is in us-west-1a - IPv4 CIDR 10.0.0.0/24 thenwhen I create private subnet is in us-west-1b - ...
0
votes
0
answers
352
views
How to remove headers from all outgoing requests in AWS services (e.g. Lambda)
Just wondering, is there a way to remove a header from all outgoing network requests in AWS?
I have a VPC with public and private subnets and a NAT gateway in the public subnet. A Lambda in this VPC ...
- 121
0
votes
2
answers
248
views
Unable to access apache2 from outside
I'm hosting a default site for apache2 server on AWS EC2 (Ubuntu) with Elastic IP.
Security group set to open all inbound (testing purposed).
I can access the server via SSH using public IP but I can'...
- 161
0
votes
0
answers
161
views
AWS - I want to route traffic from one VPC to another, but I want all traffic INTO that VPC to share an IP
Due to a very complicated situation that I can't really get into, we have a VPC that has access to a certain server via a direct connection.
This server requires that we whitelist an IP to access it. ...
- 113
0
votes
0
answers
11
views
Cloudformation For SG
need to create SG for mutiple VPCs using cloudformation with out hard coding vpc ids in SG
below is example with hard coded vpc but is there way u can get VPC id from mapping or anyother logic
...
- 1
0
votes
0
answers
119
views
Can we setup VPC for AWS Lightsail resources?
I am developing an app and to host backend system I am using AWS Lightsail. Is there a way to keep all the inter service communication private?
I am aware this can be achieved with VPC while using AWS ...
- 101
0
votes
1
answer
167
views
VPC endpoint to reach Beanstalk application associated with a public domain from within VPC
I have a web server running on Beanstalk that is associated with mydomain.org on Route53. The access to this web server is restricted by a security group. I have also a Lambda running in the same VPC, ...
- 101
0
votes
1
answer
1k
views
Why shouldn't EC2 instances be public, if they can be protected with security groups?
It is considered bad practice to place machines that shouldn't be accessible from the internet in a public subnet, because such topology, other than being logically wrong (private instance in an ...
1
vote
0
answers
345
views
Elastic Beanstalk deploy app in private VPC without public ip address for EC2
I'm currently developing a NodeJS application that I want to deploy in Elastic Beanstalk (EBS). To isolate & secure my cloud resources I'm using VPCs where I deploy the EBS app and also my ...
- 11
2
votes
2
answers
328
views
Why is my Google Cloud Function timing out when making a HTTP request to my AWS Fargate instance?
I am working on a Google cloud function for beforeSignIn trigger which needs to fetch some data from a microservice hosted on a AWS Fargate instance. The request times out but only in the Google cloud ...
- 31
0
votes
1
answer
196
views
AWS: routing back from VPC to an instance
I'm relatively new to AWS and need to set up some internal infrastructure. Example: a VPN server that routes people into a VPC.
I have a VPN server instance bound to an elastic IP that has a subnet ...
- 3
0
votes
1
answer
111
views
AWS cannot connect to any T3 instance, vpc config valid (I think)
I created a new VPC ca-central. I followed the same procedure as everywhere else:
New VPC (this created acl which is wide open)
three subnets, one for each availabiltiy zone, CIDR spaced out properly
...
- 141
0
votes
0
answers
71
views
AWS EC2: adding IP from a separate private block
I have an existing VPC with a CIDR in the 10.0.0.0/16 block.
I now have to create a VPN connection to an external service, who want us to use IPs in 192.168.0.0/16 block.
Unfortunately, AWS does not ...
0
votes
1
answer
337
views
OpenVPN on AWS (works in NAT mode but doesn't work in Routing mode)
I have a brand new VPC (10.0.0.0/16) with 3 public subnets (pointing to an IGW) and 3 private subnets (with a NAT GW in each). I have deployed an OpenVPN appliance in the public subnet and configured ...
- 496
0
votes
0
answers
219
views
AWS: Ping between multiple namespaces in seperated EC2 Instance
I am encountering an issue where I am unable to receive a response when attempting to ping from a namespace located within a public EC2 instance to a private one. To better illustrate my situation, I ...
- 101
0
votes
0
answers
152
views
How to configure shared VPC for kOps?
As described in this documentation, I want to create a Kubernetes cluster using kOps in an existing VPC. I have created a VPC, Internet Gateway, Route Table, Subnet and an EC2 instance which I want to ...
- 101
0
votes
1
answer
2k
views
How to create EKS cluster with VPC CNI addon via CloudFormation?
I create a EKS cluster (1.24) via cloudformation, it works fine without a CNI plugin but fails when I add vpc-cni addon:
AddonCNI:
Type: 'AWS::EKS::Addon'
Properties:
AddonName: vpc-...
- 243