Difference between revisions of "Short Notes on AWS"
From PaskvilWiki
Line 20: | Line 20: | ||
** go to VPC > Route Tables, select route table for your VPC | ** go to VPC > Route Tables, select route table for your VPC | ||
** under Routes tab, make sure that route with destination 0.0.0.0/0, with Target being your internet gateway, exists and is Active | ** under Routes tab, make sure that route with destination 0.0.0.0/0, with Target being your internet gateway, exists and is Active | ||
+ | |||
+ | == Authorization header being removed by ElasticBeanstalk == | ||
+ | |||
+ | By default, AWS ElasticBeanstalk's WSGI server strips <code>Authorization</code> header from requests. | ||
+ | |||
+ | To get these back, just plug your wsgi config file through <code>.ebextensions</code>, adding a <code>wsgi.authorization.config</code> file, with the following content: | ||
+ | <pre>files: | ||
+ | "/etc/httpd/conf.d/wsgiauth.conf": | ||
+ | mode: "000644" | ||
+ | owner: root | ||
+ | group: root | ||
+ | content: | | ||
+ | WSGIPassAuthorization On</pre> | ||
== IAM Notes == | == IAM Notes == | ||
* you need policy AmazonRDSReadOnlyAccess for your IAM to be able to list RDS instances | * you need policy AmazonRDSReadOnlyAccess for your IAM to be able to list RDS instances |
Revision as of 15:29, 30 August 2019
Can't connect to EC2 instance
The obvious 2 problems with incoming requests, that are outside of AWS's scope:
- check the instance's firewall
- check that the app is listening to all incoming (0.0.0.0/0 or your IP, not just 127.0.0.1)
On the AWS side, check the following:
- make sure the Elastic IP is associated with the instance
- find the instance in the EC2 > Instances
- look under Description tab, Elastic IP
- if it's not, go to EC2 > Elastic IPs
- choose Elastic IP from the list (or, allocate new on) that is not associated with any instance
- choose Actions > Associate address, and associate it with the instance
- make sure Security group permissions allow the connection
- go to EC2 > Security Groups
- select the security group (you can find which security group instance is in in the list on EC2 > Instances page, last column)
- on the Inbound tab, check that your protocol is enabled for Source 0.0.0.0/0 (or from your IP)
- make sure your Internet Gateway is connected to your VPC
- make sure the Internet Gateway is attached to your VPC, under VPC > Internet Gateways > Summary tab
- go to VPC > Route Tables, select route table for your VPC
- under Routes tab, make sure that route with destination 0.0.0.0/0, with Target being your internet gateway, exists and is Active
Authorization header being removed by ElasticBeanstalk
By default, AWS ElasticBeanstalk's WSGI server strips Authorization
header from requests.
To get these back, just plug your wsgi config file through .ebextensions
, adding a wsgi.authorization.config
file, with the following content:
files: "/etc/httpd/conf.d/wsgiauth.conf": mode: "000644" owner: root group: root content: | WSGIPassAuthorization On
IAM Notes
- you need policy AmazonRDSReadOnlyAccess for your IAM to be able to list RDS instances