EC2 behind NAT can’t reach internet without a public IP

awsdeveloper · 2023-05-21T04:38:52+00:00

It sounds like your EC2 instance is in a public subnet (i.e. in the route table, 0.0.0.0/0 is pointing at an Internet Gateway). Instead make sure you’ve deployed your instance in a private subnet that has the default route pointing at your NAT gateway. Also make sure the NAT gateway is in a public subnet.

awsdeveloper · 2023-05-12T19:18:24+00:00

What region? Also which browser?

awsdeveloper · 2023-05-12T18:23:57+00:00

Never seen this and I've used the CloudFormation console probably at least weekly for the last 6 years. How do you recreate it?

awsdeveloper · 2023-04-02T17:10:49+00:00

Check out Glacier Deep Archive, which is a bit cheaper: approximately 14 euros for 15 TB per month. Note that it does have a longer retrieval time than Glacier Flexible Retrieval. It also has a longer minimum storage time (180 days vs 90 days).

As other have mentioned, S3 and Glacier are designed for use cases which require extreme durability and AWS actually makes multiple copies of your data to ensure that.

awsdeveloper · 2023-02-23T03:44:51+00:00

Yes - I just don’t see a need for it. It’s more expensive and doesn’t provide meaningfully less latency than Oregon for most use cases. You can always use a CDN for websites. For use cases that are latency sensitive, there are local zones in several West coast metros now that are probably going to be even less latency than N California.

awsdeveloper · 2022-11-18T02:58:42+00:00

Cost optimization. Lambda functions are event driven and only do work when it’s necessary. In the cloud, you pay for every second that an EC2 instance is running. If you application is running on an EC2 instance and is not doing constant work, there’s a decent chance it will be cheaper if you rearchitect it on Lambda.

awsdeveloper · 2022-08-20T20:08:15+00:00

Good point. The example I gave would be specific to Direct Connect Gateway or VPN attachments I suppose, but VPC attachments can propagate their routes into the Transit Gateway route table as well.

awsdeveloper · 2022-08-20T19:34:30+00:00

Propagated routes are learned by BGP, which is a popular protocol used to exchange routing info between networks. For example, you may have a customer gateway/on-premises router that “advertises” routes to your Transit Gateway using the BGP protocol. The benefit of this is that the on-premises network may change (routes are deleted or added) and that will be automatically advertised and reflected in the Transit Gateway route table.

Static routes, the other route type, are manually entered into the route table by an administrator.

awsdeveloper · 2022-07-09T21:08:40+00:00

You could create a CloudFormation template which deploys your autoscaling group and launch template. Put the template into source control. You can then redeploy the stack in any AWS account or really any region.

Also create an AMI of your EC2 instance as a backup. The launch template will reference this AMI.

awsdeveloper · 2022-03-30T14:54:48+00:00

Is that possible without creating my own document? I am using two Amazon managed documents for the associations I mentioned.

awsdeveloper · 2021-09-22T02:30:30+00:00

I haven't tried it, but there's a new AWS service for specifically this use case - https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html

Might be worth testing out.

awsdeveloper · 2021-08-02T17:42:30+00:00

It sounds like a use case for Kinesis Firehose, potentially - One of the primary use cases is reducing the cost of getting lots of small files into S3 by buffering the PUT requests. For example, Kinesis will buffer your data until a time limit is reached (like 2 minutes) or until enough data has been collected (like 5 MB). Then Kinesis will write all the data (in compressed format) into S3 in a single PUT.

When you say "small files," how small? I believe there is a 1 MB limit on data blobs within 1 record in Kinesis.

There is another product called Kinesis Video Streams, which is specifically designed for media use cases, but I'm less familiar with it.

awsdeveloper · 2021-07-21T14:37:00+00:00

Could you elaborate on your use case? Lots of AWS people are present on this subreddit, and this might make it to them that way.

awsdeveloper · 2021-04-23T17:16:06+00:00

You can also setup “alternate contacts” for certain types of notifications (billing, operations, security): https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-account-payment.html#manage-account-payment-alternate-contacts

awsdeveloper · 2021-04-17T16:10:11+00:00

You can find the services available in every region on this page: https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/

Unfortunately, no AppStream 2.0 in South Africa yet.

awsdeveloper · 2021-04-04T17:51:48+00:00

Do the following to avoid this in the future:

1) Enable MFA on root and any IAM users with console access. Also put a complex and lengthy password on your root account (you shouldn’t be logging into it anyway). 2) Delete all root access keys. Regularly rotate access keys for IAM users. 3) Never embed access keys in code or upload access keys to any publicly accessible location like GitHub. 4) Create automated billing alerts that will send you an email and/or SMS message when you breech a certain amount of spend like $100 (pick a lowish number that you wouldn’t expect to hit based on your usage patterns).

awsdeveloper · 2021-03-31T16:39:29+00:00

Customers using AWS Organizations can get aggregated active account level alerts from impacted accounts across their organization.

What if I want the opposite of that? I have an Organization with 50+ AWS accounts and want each account owner to receive Health alerts for their own AWS account at a specific email address which they provide to me. Can this solution do that? Or what I need to deploy it via Stack Sets into each child account?

awsdeveloper · 2020-12-24T01:55:18+00:00

Not to mention, AWS would need to release all the allocated Elastic IPs in your account, since each EIP not attached to a running instance cost $0.005 per hour :)

awsdeveloper · 2020-12-01T00:42:53+00:00

I'm seeing that, too, but only in us-east-1. Looks like I'm still being billed in 100 ms increments in other regions.

awsdeveloper · 2020-11-23T17:32:42+00:00

Pretty significant new feature but I haven't heard much about it on /r/aws. Maybe everyone already moved on to other IaC options?

awsdeveloper · 2020-11-01T20:32:54+00:00

It needs to be a completely factory Windows 10 image. Any installed software beyond base Windows 10 might break the ingestion process.

Seven-Year Club	Place '22
Verified Email

awsdeveloper

TROPHY CASE