Networking & Content Delivery

AWS provides the broadest and deepest set of networking services with the highest reliability, most security features, and highest performance in the world. This helps ensure you can run any kind of workload you have in the cloud.

Recent questions

see all
1/18
  • Hi, When building private api gateways fronted by a vpc endpoint, the consumer needs to provide a host header with the id of the api. A workaround to fix that is to provide an ALB with Route53 record, which then fronts the vpc endpoint. In this way the consumer does not need to provide an host header. Are there any other workaround so that a consumer does not need to provide host header in order to cal a vpc endpoint fronted private api gateway? Thanks
    1
    answers
    0
    votes
    10
    views
    profile picture
    EXPERT
    alatech
    asked 8 hours ago
  • Hello everyone! I'm using Terraform to create a simple Application Load Balancer (ALB), but I keep encountering an error when running terraform apply. The error message seems to concatenate the ARN of the ELB Listener with the ARN of the AWS ACM Certificate, which I find strange. I've searched my entire project for any incorrect variable usage but couldn't find any issues. I'm hoping someone can help guide me through this problem. Here's the error message I'm getting: ``` Error: reading ELB (Elastic Load Balancing) Listener Certificate (arn:aws:elasticloadbalancing:us-east-1:{id}:listener/app/my-lb/###############/###############_arn:aws:acm:us-east-1:############:certificate/####################################): ListenerNotFound: One or more listeners not found ``` And here's a simplified version of my Terraform code: ``` terraform { required_providers { archive = { source = "hashicorp/archive" } aws = { source = "hashicorp/aws" version = "~> 4.0" } } required_version = ">= 1.4.2" } resource "aws_lb" "main" { name = "my-lb" load_balancer_type = "application" subnets = [some var] security_groups = [some var] } resource "aws_lb_target_group" "main" { name = "tg-main" vpc_id = [vpcid] port = 80 target_type = "ip" protocol = "HTTP" health_check { healthy_threshold = 3 interval = 100 timeout = 30 } #depends_on = [var.sh.main_alb] } resource "aws_lb_listener" "https" { load_balancer_arn = aws_lb.main.arn port = "443" protocol = "HTTPS" ssl_policy = "ELBSecurityPolicy-2016-08" certificate_arn = data.terraform_remote_state.global.outputs.certificate_arn default_action { type = "forward" target_group_arn = aws_lb_target_group.tg-main.arn } } ``` I'd really appreciate any guidance or suggestions to help me understand and resolve this issue. Thank you!
    0
    answers
    0
    votes
    6
    views
    0128
    asked 8 hours ago
  • I'd appreciate any help you can provide with this as I'm stumped, and I'm sure I'm missing something. I have a site to site VPN set up and I can confirm it's connect to our on-premises router (DrayTek 3900). The VPN has a transit gateway, customer gateway and static routing. I've set up a new EC2 instance with it's own VPC and I can access it via it's public IP address, and it can access the internet. I do not understand how I enable this EC2 instance to route traffic over the VPN to on-prem and vice versa? I need to be able to share resources between the EC2 instance and on-premise network. Thanks in advance for any help you can provide!
    1
    answers
    0
    votes
    13
    views
    asked 9 hours ago
  • I am trying to create and EC2 instance and in Network settings I am supposed to pick the default VPC selection but there no VPC onthe drop down, it was blank. I decided to create a default VPC but now I also have no subnet in the dropdown but cannot create one. How do I rectify this?
    1
    answers
    0
    votes
    10
    views
    asked 11 hours ago
  • Let us say, I have 2 API gateways in 1 single project, is there any option to deploy multiple API gateways at once ? Or we have to manually deploy each API Gateway ? What is the best CICD option for this use case ?
    1
    answers
    0
    votes
    14
    views
    Ashwin
    asked 13 hours ago
  • The following is the timeline of the events: 1. Private NLB is created across 4 AZs, 3 of them populated with EC2 instances which are part of the NLB's target groups. 2. Over time, the pool of instances shrinks down to occupy a single AZ. 3. Sometime later, we notice that the NLB's DNS record now resolves to a single A record pointing to an IP within the same AZ as the one containing the EC2 instances. This seems unusual, because NLB's private IPs are supposed to remain static after the LBs creation [as I've confirmed in this re:Post question](https://repost.aws/questions/QU3ym83kIyQyCJVIgtFsqf2Q/are-nl-bs-private-i-ps-subject-to-change-over-its-lifetime) 4. New EC2 instances are brought up in other AZs and are added to the NLBs target groups. The LB does not adjust to this by adding new IPs in these AZs; it continues to resolve to a single A record. So my questions related to the timeline above are: 1. Is the disappearance of previously attached IPs an expected part of the NLBs lifecycle? How does this square with the statement about NLB's private IPs being static? 2. Should I expect this NLB to remediate and add in private IPs across newly occupied AZs? 3. If all instances in the same AZ as the NLB's last remaining IP are taken down, will this NLB continue to sending traffic to the other instances if I keep cross-zone load balancing turned off?
    1
    answers
    0
    votes
    23
    views
    asked 17 hours ago
  • **Error ----------------------------------------------------------------------------------------------: ** <?xml version="1.0" encoding="UTF-8"?> <Error> <Code>SignatureDoesNotMatch</Code> <Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message> <StringToSign>PUT **Code in Python----------------------------------------------------------------------------------------------: ** import botocore import boto3 import datetime from botocore.exceptions import ClientError import json s3_file="test6.jpg" def lambda_handler(event, context): # TODO implement print("Step 1") try: s3 = boto3.client('s3') url = s3.generate_presigned_url( ClientMethod='get_object', Params={ 'Bucket': 's3_Bucket', 'Key': s3_file }, ExpiresIn=36000000 ) result = {'status': 'success', 'data': {'url': url, 'key':s3_file}} response = { 'statusCode': 200, 'body': json.dumps(result), 'headers': { 'Content-Type': 'application/json' } } except ClientError as e: print(f'Error generating presigned URL: {e}') return None return response
    1
    answers
    0
    votes
    15
    views
    asked 20 hours ago
  • Hello I created this instance https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#InstanceDetails:instanceId=i-0ca9edd25728c4f62 The goal is trying to create AD user from that instance, therefore both the AD and EC2 are under the same VPC. Question 1: I couldn't connect to the EC2 instance with RDP. I configured both the subnet and EC2 to accept RPC calls with ACL, no effect. Question 2: eventually, I'd like to use this https://us-east-1.console.aws.amazon.com/transfer/home?region=us-east-1#/servers/s-d0e008162fc04aa1a to recieve FTP file drops from the AD's user. Is the network correctly configured? Thank you!
    1
    answers
    0
    votes
    11
    views
    ev-user
    asked 21 hours ago
  • I need to mirror the traffic of an instance from an account (Source Account) to another AWS account (Target Account). The target Traffic Mirror (TM) is working well when the source is within the same VPC. However, I can't see the VXLAN traffic on my target TM when my source is in different VPC (Source Account). I've already shared the target TM on the Source Account and used that target TM as my target on the session with the ENI of my source instance as the source. But I still can't see the VXLAN traffic on my target TM - The source TM has supported EC2 instance -- T3 - The source TM has traffic allowed on port 4789/UDP as I already also tried mirroring the traffic of this source TM to a test target TM within the same VPC and was successful - I also have tried using the target TM within its same VPC and it is working. - The source TM VPC can reach the other VPC through transit gateway. I also had a successful result on Reachability Analyzer (from source to target 4789/UDP) and I can ping the destination from the source and vice versa Any suggestion on anything else I missed or further checking I should do? Thank you
    1
    answers
    0
    votes
    11
    views
    asked a day ago
  • Dear all: our DC provider required following info, but don't know how to get it (for MPLS) BGP Authentication key: vlanXXX Amazon side ASN: XXX VLAN XXX IP address provider side: X.X.X.A/30 IP address AWS side: X.X.X.B/30 Thanks in advance
    1
    answers
    0
    votes
    9
    views
    asked a day ago
  • I have successfully linked my app runner instance to the root my domain (mydomain.com) and everything is working fine .. However when I type www.mydomain.com I get a 404. How can I route traffic from www to mydomain?? I have tried creating an Alias record but its not working.
    1
    answers
    0
    votes
    8
    views
    ThaDev
    asked a day ago
  • Our team has a service that will be deployed in all regions, commercial, china and ADC. Our solution depends on API gratway MTLS which we came to find out is not available for some regions like MEL, the [public documentation](https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/) says its available. How can I confirm availability for all regions? And what would be a good alternative that is available in all regions?
    0
    answers
    0
    votes
    13
    views
    AWS
    asked a day ago
  • [Here is a link](https://ibb.co/YDhr3hC) to a screenshot of all the records in the hosted zone. After adding a new CNAME record, the record [will not resolve](https://www.whatsmydns.net/#CNAME/outreach.charliehealth.com) The new record: * Record name: outreach * Record type: CNAME * Value: proxy-ssl.webflow.com **NOTE**: I am only concerned with the CNAME record for **outreach**. I have been trying to get this subdomain to work for weeks now. The way I have added the record is exactly what webflow support has directed me to do. I also noticed some other records that are set do not resolve. For example, `links`: [links.charliehealth.com](https://www.whatsmydns.net/#CNAME/links.charliehealth.com). Meanwhile, `www` *does* [resolve](https://www.whatsmydns.net/#CNAME/www.charliehealth.com). Is there some kind of cacheing/flushing I can do? Or A possible misconfiguration?
    0
    answers
    0
    votes
    16
    views
    asked a day ago
  • I have a static website using cloudfront and S3, how do I clear the cache?
    1
    answers
    0
    votes
    21
    views
    asked a day ago
  • Hello, I was trying to build FTPS server using Transfer family, But I couldn't able to successfully build one. Could some one explain in details how to build one in detail. I tried browsing online for guidance all I could find is for building SFTP server. I need help in building "custom identity provider" using rest API and lambda function. I couldn't find the code for the lambda function.
    1
    answers
    0
    votes
    15
    views
    asked a day ago
  • Hi Team, I have a requirement to support Webhook (http notification requests) consumption and the applications/micro services which consumes these requests will be hosted on multiple regions in clusters. When http notification requests comes we want all these micro services running in different regions should get the requests equally so that proper load balancing will happen. Can we achieve this kind of functionality using AWS global accelerator service? If So, How? and is there any service along with AGA is needed ? Please let us know. Thank you so much in advance. Also, We are looking to have one URL exposed which boils down to one Fqdn/static IP address listening on port 80.
    1
    answers
    0
    votes
    15
    views
    asked a day ago
  • My instance was giving a 504 error. To my knowledge, nothing was updated about the site. My IP is 52.35.76.129 I spun up a new instance from a previous snapshot at 35.166.203.154 but am getting a network connection error. I also attached a classical load balancer and now am getting that the health check failed. What are the next steps?
    3
    answers
    0
    votes
    36
    views
    asked a day ago
  • i have attached private subnet 1c to public application load balancer. what would happen with the server which is in public subnet 1c. will the traffic reach to that server ?
    1
    answers
    0
    votes
    14
    views
    Cfr
    asked a day ago

Recent Knowledge Center content

see all
1/18

Recent articles

see all
1/12

Popular users

see all
1/18

Learn AWS faster by following popular topics

1/2