Questions tagged with Network Security
Content language: English
Sort by most recent
We're having issues with MGN replication intermittently becoming Stalled and snapshots being days old due to sync lag. More details below. We're using MGN (agent based) to migrate on prem servers to AWS. We're replicating anywhere between 10 and 30 source servers at a time. At any given time there are 1-5 servers in a "stalled" state. This happens after the servers have been successfully replicating for days. No changes are made to the source or destination environments when this occurs. Usually this resolve on it's own without any intervention on our part and the servers start reporting as healthy again. However it doesn't always resolve on it's own and ideally shouldn't be occurring at all. Any idea what could be causing this or where to start troubleshooting? It's starting to impact our test and cut over procedures as we can't always launch instances from snapshots that are hours or days old.
I am trying to use [describe_route_tables](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html) on boto3 to describe routes that are going to a particular subnet and going to a particular gateway/network firewall. Furthermore, is there a way to check the default route in a subnet? Using bogo3?
I want to be able to mount EFS outside my VPC. However, when I try to assign a static Elastic IP to the network interface of EFS, I get the following error: > Failed to associate address with eni-0fa8cf69d68b7bb01: You do not have permission to access the specified resource. ![AWS EC2 admin console showing the error](/media/postImages/original/IM5OzDYOiEQ5uVvLhQqvzOwA) I don't think that I "do not have permission" because I'm the owner of the account and I have the `AdministratorAccess` IAM policy. Why is that error appearing? Is there a way to make EFS publicly accessible?
Currently I am unable to delete a VPC Endpoint Service due to an inbound VPC Endpoint from another account which I don't control. Is there any way to a) revoke the Endpoint permissions and make the Endpoint connection go away, or b) force deletion of the VPC Endpoint Service in my account?
Access to the ec2 is getting site can't be reached I have installed the jenkins in ec2 linux. Jenkins is up and running . however when I trying to access the ec2 I am getting the site cant be reached. It is taking too long. I have set the inbound security rule as custom with port 8069 ![Enter image description here](/media/postImages/original/IMbHiTW4YHTt2aZq4u94PNNA) ![Enter image description here](/media/postImages/original/IMjkd10D6YTDuYl245IZLlGA)
Hello, recently I set up the Hide.me VPN service in one of my EC2 instances, after starting the service I got disconnected from my SSH instance and I couldn't enter anymore. The instance seems to be up and running in the UI but I cannot access to it. Any help is much appreciated.
What am I running? * EC2 instance Ubuntu 22.04 with a static elastic ip address * The instance has only one network interface, whose details say it is an Elastic network interface. (I believed every instance has a primary network interface, but I do not see any PNI). What I want to do? My company has an on-prem virtual machine running MSSQL server at 192.168.181.75:1433, but that is behind the globalprotect VPN from Palo Alto Networks. Even when I make a call to that database, I have to connect to global protect manually from my laptop. So my question is, is there any special step I need to take to make the EC2 part of the globalprotect network? I talked to my company network administrator, who want the public IP address of the EC2 instance (which I use for SSH) and the mac address. I got the mac address by entering ``` $ ip addr ``` in the terminal, under the *ens3* interface. But can I assume these two will remain fixed across stopping and restarting the instance? Also, the inbound/outbound rules have to be altered? Some readings led me to believe I have to create an ENI, as the primary network interfaces do not support it. But when I checked the instance details, it seems the only interface present is an ENI.
Hello, I am using AWS Lightsail to host my website. Using Cloudflare DNS + WAF for protection. I am trying to whitelist the Cloudflare IPs on the AWS infra but after defining the ACL, the site becomes unreachable. When i remove the ACL, site is back online. I am making firewall rules for http and https. Am i missing anything? https://www.cloudflare.com/en-gb/ips/ 126.96.36.199/20 188.8.131.52/22 184.108.40.206/22 220.127.116.11/22 18.104.22.168/18 22.214.171.124/18 126.96.36.199/20 188.8.131.52/20 184.108.40.206/22 220.127.116.11/17 18.104.22.168/15 22.214.171.124/13 126.96.36.199/14 188.8.131.52/13 184.108.40.206/22 2400:cb00::/32 2606:4700::/32 2803:f800::/32 2405:b500::/32 2405:8100::/32 2a06:98c0::/29 2c0f:f248::/32
We can't access one of our Windows Lightsail instance, seems like the network was unavailable or not functioning inside the Windows O.S. (drivers ?). We don't change firewall or network settings in the Lightsail panel. How can we access our instance if there is no network connection available? Tried to reboot, Stop and start, and no solution available. The instance is HEALTHY , the issue is NO network inside Windows OS.
We have 3 IPv4 blocks that appear to be partially blocked by some service with Amazon Hosting (third-party services/sites). Not all destinations are in AWS, but traces do go to amazon.com sub-domains. Is there any service to look up why the IP would be blocked or how to re-validate and have the blocks removed from whatever blacklist is being used?
My domain is parked at Google Domains. I use a Lightsail INSTANCE to host a Wordpress app, which is distributed through a Lightsail DISTRIBUTION using custom Name Servers. Using custom Name Servers with Google Domains disables Google's DNSSEC. In order to enable DNSSEC, Google's DNSSEC setting is asking for the following from third party provider (in my case, Lightsail): Key Tag, Algorithm, Digest Type and Digest. Does my setup allow me to get this information WITHOUT having to TRANSFER MY DOMAIN to Route 53? The domain is new and may not be transferred for 60 days. Thank you in advance.
Hello, We have one ubuntu instance IP is 220.127.116.11 EC2/Putty & SFTP iunable to connect We have to check many documents but not figure out what exactly happens. AWS Ec2 connect below issue is coming. `Failed to connect to your instance EC2 Instance Connect is unable to connect to your instance. Ensure your instance network settings are configured correctly for EC2 Instance Connect. For more information, see Set up EC2 Instance Connect at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html.`