We have a Phoenix App that is connecting to an AWS Aurora RDS instance for the database. However, we are using the DNS string (e.g. company.cluster-sdfssfd.us-east-1.rds.amazonaws.com) which is dynamic. Last night we noticed that the underlying ips were rotated by AWS, however, our app did not pick up on these changes and was trying to write to the old dns mapped host which was now a read-only replica. How can we get Phoenix/Ecto to automatically refresh the DNS?
Related
I am thinking of moving from mysql --> aurora and have a question in regards to cname
In route 53 I have a dns CNAME for my database that points to the RDS endpoint; can I just update the cname records after I promote aurora to production to point to the aurora instance. Will there be any delay in my application getting this update? EC2 would be connecting to the database in the same region.
If you want to continue to use CNAMES, go to your DNS server and make note of the TTL value for this entry. Change the entry to the shortest TTL value.
Wait for the amount of time specified by the old TTL. Upgrade from RDS MySQL to Aurora. Change the DNS entry to point to the new server. Change the TTL back to its previous value.
By following the above steps you will minimize the DNS resolution switch over time.
I am trying to connect my app, running on one EC2 instance, to MongoDB, running on another EC2 instance. I'm pretty sure the problem is in the security settings, but I'm not quite sure how to handle that.
First off, my app's instance is in an autoscaling group that sits behind an ELB. The inbound security settings for the instance and ELB allow access to port 80 from anywhere, as well as all traffic from its own security group.
The EC2 instance that runs Mongo is able to take connections if the security group for that instance accepts all inbound traffic from anywhere. Any other configuration that I've tried causes the app to say that it cannot make a connection with the remote address. I've set rules to accept inbound traffic from all security groups that I have, but it only seems to work when I allow all traffic from anywhere.
Also, my db instance is set up with an elastic ip. Should I have this instance behind an ELB as well?
So my questions are these:
1) How can I securely make connections to my EC2 instance running mongo?
2) In terms of architecture, does it make sense to run my database this way, or should I have this behind a load balancer as well?
This issue is tripping me up a lot more than I thought it would, so any help would be appreciated.
NOTE
I have also set the bind_ip=0.0.0.0 in /etc/mongo.conf
Your issue is that you are using the public elastic IP to connect to your database server from your other servers. This means that the connection is going out to the internet and back into your VPC, which presents the following issues:
Security issues due to the data transmission not being contained within your VPC
Network latency issues
Your database server's security group can't identify the security group of the inbound connections
Get rid of the elastic IP on the MongoDB server, there is no need for it unless you plan to connect to it from outside your VPC. Modify your servers to use the private internal IP address assigned to your database server when creating connections to it. Finally, lock your security group back down to only allow access to the DB from your other security group(s).
Optional: Create a private hosted zone in Route53, with an A record pointing to your database server's private IP address, then use that hostname instead of the internal IP address.
We're running MongoDB on Azure and are in the process of setting up a production replica set (no shards) and I'm looking at the recommendations here:
http://docs.mongodb.org/ecosystem/tutorial/install-mongodb-on-linux-in-azure/
And I see the replica set config is such that the members will talk to each other via external IP addresses - isn't this going to 1) incur additional Azure costs since the replication traffic goes thru the external IPs and 2) incur replication latency because of the same?
At least one of our applications that will talk to Mongo will be running outside of Azure.
AWS has a feature where external DNS names when looked up from the VMs resolve to internal IPs and when resolved from outside, to the external IP which makes things significantly easier :) In my previous job, I ran a fairly large sharded mongodb in AWS...
I'm curious what your folks recommendations are? I had two ideas...
1) configure each mongo host with an external IP (not entirely sure how to do this in Azure but I'm sure it's possible...) and configure DNS to point to those IPs externally. Then configure each VM to have an /etc/hosts file that points those same names to internal IP addresses. Run Mongo on port 27017 in all cases (or really whatever port). This means that the set does replication traffic over internal IPs but external clients can talk to it using the same DNS names.
2) simiilar to #1 but run mongo on 3 different ports but with only one external IP address and point all three external DNS names to this external IP address. We achieve the same results but it's cleaner I think.
Thanks!
Jerry
There is no best way, but let me clarify a few of the "objective" points:
There is no charge for any traffic moving between services / VMs / storage in the same region. Even if you connect from one VM to the other using servicename.cloudapp.net:port. No charge.
Your choice whether you make the mongod instances externally accessible. If you do create external endpoints, you'll need to worry about securing those endpoints (e.g. Access Control Lists). Since your app is running outside of Azure, this is an option you'll need to consider. You'll also need to think about how to encrypt the database traffic (mongodb Enterprise edition supports SSL; otherwise you need to build mongod yourself).
Again, if you expose your mongod instances externally, you need to consider whether to place them within the same cloud service (sharing an ip address, getting separate ports per mongod instance), or multiple cloud services (unique ip address per cloud service). If the mongod instances are within the same cloud service, they can then be clustered into an availability set which reduces downtime by avoiding host OS updates simultaneously across all vm's, and splits vm's across multiple fault domains).
In the case where your app/web tier live within Azure, you can use internal IP addresses, with both your app and mongodb vm's within the same virtual network.
I need to set up a custom DNS server within EC2. I have one instance that acts as the DNS server, and N other instances that use this DNS server to connect to one another. Is this posible? Basically, I need to modify the DHCP settings for the N instances so that they connect to the DNS server. I can't find any good documentation on modifying the DHCP settings for an instance.
Note: I did find some documents, but they seem to only apply to Amazon VPC. Is there any way to do this without using VPC?
Short answer - no. You need a VPC. But once you have the VPC created - you can effectively do whatever you like with it.
Long answer - traditional AWS hosting gets an address directly from Amazon. This means you've got no control whatsoever of the IP addresses.
New accounts however come with a VPC by default, which means you can install a machine to act as a DNS server. (And I've done this in the past using Windows Active Directory)
I've been working on my new server configuration for my website and now I'm a little stuck...
How I can access my RDS instance (MySQL) without using the very long AWS DNS address?
Like I would be able to access my RDS instance from: db.exemple.com using a A, CNAME or any other DNS record.
Here's the new configuration:
Amazon EC2 - Linux Instance - Ubuntu 12.04 w/ LAMP
for web services like PHP, Apache, Zend, etc.
Amazon RDS - MySQL Instance
for MySQL database
separated from EC2 instance for performance and managing purpose
You could create a CNAME record that would map to the RDS address. However, it would be rather pointless. All you will get is an extra DNS lookup.