Networking & Content Delivery
AWS provides the broadest and deepest set of networking services with the highest reliability, most security features, and highest performance in the world. This helps ensure you can run any kind of workload you have in the cloud.
Recent questions
see all1/18
- Hi, When building private api gateways fronted by a vpc endpoint, the consumer needs to provide a host header with the id of the api. A workaround to fix that is to provide an ALB with Route53 record, which then fronts the vpc endpoint. In this way the consumer does not need to provide an host header. Are there any other workaround so that a consumer does not need to provide host header in order to cal a vpc endpoint fronted private api gateway? Thanks
- Hello everyone! I'm using Terraform to create a simple Application Load Balancer (ALB), but I keep encountering an error when running terraform apply. The error message seems to concatenate the ARN of the ELB Listener with the ARN of the AWS ACM Certificate, which I find strange. I've searched my entire project for any incorrect variable usage but couldn't find any issues. I'm hoping someone can help guide me through this problem. Here's the error message I'm getting: ``` Error: reading ELB (Elastic Load Balancing) Listener Certificate (arn:aws:elasticloadbalancing:us-east-1:{id}:listener/app/my-lb/###############/###############_arn:aws:acm:us-east-1:############:certificate/####################################): ListenerNotFound: One or more listeners not found ``` And here's a simplified version of my Terraform code: ``` terraform { required_providers { archive = { source = "hashicorp/archive" } aws = { source = "hashicorp/aws" version = "~> 4.0" } } required_version = ">= 1.4.2" } resource "aws_lb" "main" { name = "my-lb" load_balancer_type = "application" subnets = [some var] security_groups = [some var] } resource "aws_lb_target_group" "main" { name = "tg-main" vpc_id = [vpcid] port = 80 target_type = "ip" protocol = "HTTP" health_check { healthy_threshold = 3 interval = 100 timeout = 30 } #depends_on = [var.sh.main_alb] } resource "aws_lb_listener" "https" { load_balancer_arn = aws_lb.main.arn port = "443" protocol = "HTTPS" ssl_policy = "ELBSecurityPolicy-2016-08" certificate_arn = data.terraform_remote_state.global.outputs.certificate_arn default_action { type = "forward" target_group_arn = aws_lb_target_group.tg-main.arn } } ``` I'd really appreciate any guidance or suggestions to help me understand and resolve this issue. Thank you!
- I'd appreciate any help you can provide with this as I'm stumped, and I'm sure I'm missing something. I have a site to site VPN set up and I can confirm it's connect to our on-premises router (DrayTek 3900). The VPN has a transit gateway, customer gateway and static routing. I've set up a new EC2 instance with it's own VPC and I can access it via it's public IP address, and it can access the internet. I do not understand how I enable this EC2 instance to route traffic over the VPN to on-prem and vice versa? I need to be able to share resources between the EC2 instance and on-premise network. Thanks in advance for any help you can provide!
- I am trying to create and EC2 instance and in Network settings I am supposed to pick the default VPC selection but there no VPC onthe drop down, it was blank. I decided to create a default VPC but now I also have no subnet in the dropdown but cannot create one. How do I rectify this?
- Let us say, I have 2 API gateways in 1 single project, is there any option to deploy multiple API gateways at once ? Or we have to manually deploy each API Gateway ? What is the best CICD option for this use case ?
- The following is the timeline of the events: 1. Private NLB is created across 4 AZs, 3 of them populated with EC2 instances which are part of the NLB's target groups. 2. Over time, the pool of instances shrinks down to occupy a single AZ. 3. Sometime later, we notice that the NLB's DNS record now resolves to a single A record pointing to an IP within the same AZ as the one containing the EC2 instances. This seems unusual, because NLB's private IPs are supposed to remain static after the LBs creation [as I've confirmed in this re:Post question](https://repost.aws/questions/QU3ym83kIyQyCJVIgtFsqf2Q/are-nl-bs-private-i-ps-subject-to-change-over-its-lifetime) 4. New EC2 instances are brought up in other AZs and are added to the NLBs target groups. The LB does not adjust to this by adding new IPs in these AZs; it continues to resolve to a single A record. So my questions related to the timeline above are: 1. Is the disappearance of previously attached IPs an expected part of the NLBs lifecycle? How does this square with the statement about NLB's private IPs being static? 2. Should I expect this NLB to remediate and add in private IPs across newly occupied AZs? 3. If all instances in the same AZ as the NLB's last remaining IP are taken down, will this NLB continue to sending traffic to the other instances if I keep cross-zone load balancing turned off?
- **Error ----------------------------------------------------------------------------------------------: ** <?xml version="1.0" encoding="UTF-8"?> <Error> <Code>SignatureDoesNotMatch</Code> <Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message> <StringToSign>PUT **Code in Python----------------------------------------------------------------------------------------------: ** import botocore import boto3 import datetime from botocore.exceptions import ClientError import json s3_file="test6.jpg" def lambda_handler(event, context): # TODO implement print("Step 1") try: s3 = boto3.client('s3') url = s3.generate_presigned_url( ClientMethod='get_object', Params={ 'Bucket': 's3_Bucket', 'Key': s3_file }, ExpiresIn=36000000 ) result = {'status': 'success', 'data': {'url': url, 'key':s3_file}} response = { 'statusCode': 200, 'body': json.dumps(result), 'headers': { 'Content-Type': 'application/json' } } except ClientError as e: print(f'Error generating presigned URL: {e}') return None return response
- Hello I created this instance https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#InstanceDetails:instanceId=i-0ca9edd25728c4f62 The goal is trying to create AD user from that instance, therefore both the AD and EC2 are under the same VPC. Question 1: I couldn't connect to the EC2 instance with RDP. I configured both the subnet and EC2 to accept RPC calls with ACL, no effect. Question 2: eventually, I'd like to use this https://us-east-1.console.aws.amazon.com/transfer/home?region=us-east-1#/servers/s-d0e008162fc04aa1a to recieve FTP file drops from the AD's user. Is the network correctly configured? Thank you!
- I need to mirror the traffic of an instance from an account (Source Account) to another AWS account (Target Account). The target Traffic Mirror (TM) is working well when the source is within the same VPC. However, I can't see the VXLAN traffic on my target TM when my source is in different VPC (Source Account). I've already shared the target TM on the Source Account and used that target TM as my target on the session with the ENI of my source instance as the source. But I still can't see the VXLAN traffic on my target TM - The source TM has supported EC2 instance -- T3 - The source TM has traffic allowed on port 4789/UDP as I already also tried mirroring the traffic of this source TM to a test target TM within the same VPC and was successful - I also have tried using the target TM within its same VPC and it is working. - The source TM VPC can reach the other VPC through transit gateway. I also had a successful result on Reachability Analyzer (from source to target 4789/UDP) and I can ping the destination from the source and vice versa Any suggestion on anything else I missed or further checking I should do? Thank you
- Dear all: our DC provider required following info, but don't know how to get it (for MPLS) BGP Authentication key: vlanXXX Amazon side ASN: XXX VLAN XXX IP address provider side: X.X.X.A/30 IP address AWS side: X.X.X.B/30 Thanks in advance
- I have successfully linked my app runner instance to the root my domain (mydomain.com) and everything is working fine .. However when I type www.mydomain.com I get a 404. How can I route traffic from www to mydomain?? I have tried creating an Alias record but its not working.
- Our team has a service that will be deployed in all regions, commercial, china and ADC. Our solution depends on API gratway MTLS which we came to find out is not available for some regions like MEL, the [public documentation](https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/) says its available. How can I confirm availability for all regions? And what would be a good alternative that is available in all regions?
- [Here is a link](https://ibb.co/YDhr3hC) to a screenshot of all the records in the hosted zone. After adding a new CNAME record, the record [will not resolve](https://www.whatsmydns.net/#CNAME/outreach.charliehealth.com) The new record: * Record name: outreach * Record type: CNAME * Value: proxy-ssl.webflow.com **NOTE**: I am only concerned with the CNAME record for **outreach**. I have been trying to get this subdomain to work for weeks now. The way I have added the record is exactly what webflow support has directed me to do. I also noticed some other records that are set do not resolve. For example, `links`: [links.charliehealth.com](https://www.whatsmydns.net/#CNAME/links.charliehealth.com). Meanwhile, `www` *does* [resolve](https://www.whatsmydns.net/#CNAME/www.charliehealth.com). Is there some kind of cacheing/flushing I can do? Or A possible misconfiguration?
- I have a static website using cloudfront and S3, how do I clear the cache?
- Hello, I was trying to build FTPS server using Transfer family, But I couldn't able to successfully build one. Could some one explain in details how to build one in detail. I tried browsing online for guidance all I could find is for building SFTP server. I need help in building "custom identity provider" using rest API and lambda function. I couldn't find the code for the lambda function.
- Hi Team, I have a requirement to support Webhook (http notification requests) consumption and the applications/micro services which consumes these requests will be hosted on multiple regions in clusters. When http notification requests comes we want all these micro services running in different regions should get the requests equally so that proper load balancing will happen. Can we achieve this kind of functionality using AWS global accelerator service? If So, How? and is there any service along with AGA is needed ? Please let us know. Thank you so much in advance. Also, We are looking to have one URL exposed which boils down to one Fqdn/static IP address listening on port 80.
- My instance was giving a 504 error. To my knowledge, nothing was updated about the site. My IP is 52.35.76.129 I spun up a new instance from a previous snapshot at 35.166.203.154 but am getting a network connection error. I also attached a classical load balancer and now am getting that the health check failed. What are the next steps?
- i have attached private subnet 1c to public application load balancer. what would happen with the server which is in public subnet 1c. will the traffic reach to that server ?
Recent Knowledge Center content
see all1/18
- AWS OFFICIALUpdated 2 days ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 4 months ago
Recent articles
see all1/12
- EXPERTpublished 5 days ago1 votes73 views
- EXPERTpublished 8 days ago0 votes249 views
- EXPERTpublished 10 days ago1 votes230 views
- EXPERTpublished 2 months ago0 votes370 views
- EXPERTpublished 3 months ago3 votes336 views
- EXPERTpublished 4 months ago0 votes241 views
- EXPERTpublished 7 months ago3 votes1065 views
Popular users
see all1/18
Brettski-AWS
EXPERTkentrad
EXPERTskinsman
EXPERTUri
EXPERTGreg_B
EXPERTIndranil Banerjee AWS
EXPERTalatech
EXPERTTushar_J
EXPERTiwasa
EXPERTMatt-B
EXPERTFabrizio@AWS
EXPERTAWS-User-Chirag
SUPPORT ENGINEERrobinkaws
MODERATORMassimilianoAWS
EXPERTAWS-User-Nitin
EXPERTChris_G
EXPERT