vpc | AWS VPC using two or three availability zones | Networking library
kandi X-RAY | vpc Summary
kandi X-RAY | vpc Summary
AWS VPC using two or three availability zones with public and private subnets, VPC endpoints for DynamoDB and S3, Flow Logs, and NAT gateways.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of vpc
vpc Key Features
vpc Examples and Code Snippets
Community Discussions
Trending Discussions on vpc
QUESTION
I am new to AWS VPC and exploring everything about it. I understood that VPC is majorly used to have a secure and isolated environment. What are the different use cases for AWS VPC in the area of Data Analytics? I have a data lake pipeline currently which is as follows:
- Extract data using APIs
- Store raw data in S3
- Create Lambda functions or Glue Jobs to perform business metrics
- Store metric outputs in S3
- Create tables in Athena for all the data stored in S3
- Import tables in Quicksight to produce business insights from visuals
In this process how can VPC be used or make this process efficient/better?
...ANSWER
Answered 2021-Jun-15 at 07:40The services you mention (mostly) live outside of VPCs.
VPCs are used for services that use virtual computers, such as Amazon EC2 computers and Amazon RDS databases.
By using services that don't involve specific 'computers' (such as Amazon S3, Athena, QuickSight) you can take advantage of much lower costs, paying only what you use. These services do not mimic traditional servers and therefore don't need VPCs. All the networking complexity is hidden and you can concentrate on using the service instead of running a network.
Yes, VPCs add extra security, but that's only because resources on a VPC need securing due to potential security holes. The services you mention are all secured via IAM and do not expose themselves outside the published APIs.
QUESTION
I Would like to understand what is the difference between WAF, Security Group, and a routing table. Let's say I have a VPC, 2 subnets (a private one) and I want to deploy a web application (UI and backend service and a database (RDS)), In this scenario where does WAF and security groups come into the picture. Can someone help me to understand a use case?
...ANSWER
Answered 2021-Jun-14 at 15:13HTTP protocol is built on top of the TCP protocol.
WAF inspects the HTTP traffic before it reaches your web application in order to block malicious web traffic. In order to implement WAF in front of a containerized application (running on ECS for example) or in front of an application running on EC2 you should use an Application Load Balancer in front of the application servers and associate the WAF with that load balancer. If your application runs on Lambda you can do the same but using API Gateway.
A Security Group accepts or blocks networking protocols such as TCP, UDP, ICMP - based on ports. Open up port 443 and 80 if you want to expose your web application.
Routing tables should be associated with your subnets so that the network traffic (TCP) can knows where to go.
Best practice is to put your application servers and databases in private subnets (with routing tables that does not route traffic from the Internet) and then put e.g Application Load Balancer in the public subnets in order to accept traffic from the Internet and route it to your private subnets.
QUESTION
I just want to postmortem an incident that happened in my application server running on AWS. We already enabled alb logs and vpc flow logs. The application accepts a user's request in post method with data in body. Now I am confused: Does AWS alb/elb logs or vpc flow logs, contain the body of the user's post request? Or if not, where can I access the logs which contains request's body data?
Note: The application server is inside an auto scale group behind alb, so logs from the instance level would not be possible.
...ANSWER
Answered 2021-Jun-14 at 08:32Unfortunately not. This is the default format of VPC flow logs:
QUESTION
I am trying to use kafka rest proxy for AWS MSK cluster.
MSK Encryption details:
Within the cluster
TLS encryption: Enabled
Between clients and brokers
TLS encryption: Enabled
Plaintext: Not enabled
I have created topic "TestTopic" on MSK and then I have created another EC2 instance in the same VPC as MSK to work as Rest proxy. Here are details from kafka-rest.properties:
...ANSWER
Answered 2021-Jun-13 at 10:23Finally the issue was fixed. I am updating the fix here so that it can be beneficial for someone:
kafka-rest.properties file should have below text:
QUESTION
When trying to associate a VPC connector in a service project with a shared VPC subnet in another project (From the same organization) the following error appears:
...ANSWER
Answered 2021-Jun-13 at 06:32To create a Serverless VPC Access Connector using a Shared VPC first create the subnet in the Host Project of a Shared VPC with CIDR 28, there has to be a unique subnet for each Connector.
Then follow Googles Documentation Configuring the host project if using Shared VPC, specifically the following sections.
1. Create Firewall Ruleswe have to also create firewall rules to allow requests from the following IP ranges to reach the connector and to be reached by the connector:
NAT ranges 107.178.230.64/26 and 35.199.224.0/19
Health check ranges 130.211.0.0/22, 35.191.0.0/16 and 108.170.220.0/23
2. Grant PermissionsAlso for each service project that will use VPC Connectors, a Shared VPC Admin must grant the Compute Network User role (compute.networkUser) in the host project to the service project cloudservices and vpcaccess service accounts.
QUESTION
I want aws:SourceVpc to be added as list of string ["vpc-7830jkd", "vpc-a1236"] when i run this template in uat env and as string "vpc-1234" when i run in perf. It is working fine in perf env but when i run in uat i got below error.
Template error: every value of the context object of every Fn::Sub object must be a string or a function that returns a string. Any suggestions ?
Can this achieved by combining select, join and findinmap.
...ANSWER
Answered 2021-Jun-12 at 10:12Since you have condition now and your vpc list is hardcoded, you can use the following combination of Select and Sub to produce valid policy:
QUESTION
There are two EC2 windows instance placed in same VPC and same public subnet having same security group. I want to check if both are able to communicate with each other using ping command. I have added rules at both security group and NACL level. ALL ICMP is also been included exclusively other than "all" traffic. but I am not able to test the same. kindly suggest if there is any other way I can check connectivity between two ec2 windows instances?
...ANSWER
Answered 2021-Jun-11 at 16:46If the two EC2 instances are in the same VPC, Subnet, and Security Group you just need to check that the following is in place:
- Security Group allows inbound ALL ICMP is from self (self reference the security group id)
- Security Group outbound ALL TRAFFIC is allowed.
- Subnet has a route to LOCAL in the VPC
QUESTION
My VM instance is running a console application that listens on port 1313. I need to receive a request to this application from the outside, but it does not work for me ... I imagine it like this: a request comes to the external ip-address of the VM, which is redirected to the internal IP address that my console app is running with. I would be grateful even for hints in which direction to look.
...ANSWER
Answered 2021-Jun-11 at 16:10Helped by the creation of firewall rules gcloud, namely the option --enable-logging. Read more here https://cloud.google.com/vpc/docs/using-firewalls
QUESTION
I'm trying to create an internal ingress for inter-cluster communication with gke. The service that I'm trying to expose is headless and points to a kafka-broker on the cluster.
However when I try to load up the ingress, it says it cannot find the service?
...ANSWER
Answered 2021-Jun-11 at 11:12Setting up ingress for internal load balancing requires you to configure a proxy-only subnet on the same VPC used by your GKE cluster. This subnet will be used for the load balancers proxies. You'll also need to create a fw rule to allow traffic as well.
Have a look at the prereqs for ingress and then look here for info on how to setup the proxy-only subnet for your VPC.
QUESTION
I want to connect my application to AWS secret manager using VPC endpoint (vpce-098lnz0211f9f045g-madxscbm.secretsmanager.eu-west-1.vpce.amazonaws.com) in .NET Core. My below code works fine when my application directly access AWS secret manager without VPC endpoint(via internet)
ANSWER
Answered 2021-Jun-10 at 14:37public string Get(string secretName){
AmazonSecretsManagerConfig config = new AmazonSecretsManagerConfig { ServiceURL = "https://vpce-098lnz0211f9f045g-madxscbm.secretsmanager.eu-west-1.vpce.amazonaws.com" };
AmazonSecretsManagerClient client = new AmazonSecretsManagerClient(accessid, secretkey, config);
SecretsManagerCache cache = new SecretsManagerCache(this.client);
var secret = cache.GetSecretString(secretName);
return secret;
}
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install vpc
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
