I'm a long time developer but not very experienced with DNS. Here's my problem:
Our app launches servers on Amazon EC2 for clients. One client wants to use custom DNS's for every server launched instead of the normal long public DNS provided by AWS: for example server-5.demo.ourclient.com, server-6.demo.ourclient.com.
What's the easiest/cleanest/best way to solve this challenge from inside our application that launches the servers and knows the Amazon public DNS? We can probably get control of demo.ourclient.com as well....
Are there nice hosted solutions with API's? Would we need to manage a DNS server for *.demo.ourclient.com?
Thanks!
Chad
Even better would be to use Route53, which is Amazon's Dynamic DNS service: http://aws.amazon.com/documentation/route53/
You could try one of the dynamic dns services. These allow you to define your own host names such as machine1.dyndns.org and attach that to an IP address. There are scripts you can run to update the dyndns resolver with the dynamic IP address provided by EC2.
I don't really understand why your client wouldn't either use an Elastic IP here, or an Elastic Load Balancer?
With an Elastic IP, you can keep a consistent name on your public DNS record and then manually or programmatically update the EC2 instance associated with that EIP whenever necessary using the elb API scripts.
With an Elastic Load Balancer, you could easily have just one active node attached to the ELB, and then could programmatically drop/add nodes and update Route53 accordingly.
You could use the internal machine's API to get the values (Instance ID, etc.) for these calls in a boostrap script.
This code gets your ip, and then sets it in route53. You have to provide the variables DOMAIN and HOSTED_ZONE_ID. You could run this at start up. If you don't want to rely on ifconfig.co, instead do
DOMAIN="desired.domain.com"
HOSTED_ZONE_ID="..."
# ANYWHERE, but relies on ifconfig.co
MYIP=$(curl -s ifconfig.co)
# ON EC2:
MYIP=$(curl -s curl 169.254.169.254/latest/meta-data/public-ipv4)
# create json to send to route53
cat > /tmp/actual_ip.json <<EOF
{
"Comment": "Update the A record set",
"Changes": [
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "$DOMAIN",
"Type": "A",
"TTL": 300,
"ResourceRecords": [
{
"Value": "$MYIP"
}
]
}
}
]
}
EOF
# update the dns entry
if ! /usr/local/bin/aws route53 change-resource-record-sets --hosted-zone-id $HOSTED_ZONE_ID --change-batch file:///tmp/actual_ip.json; then
echo "error calling aws $?"
fi
Related
When I run aws eks update-kubeconfig, my ~/.kube/config file contains the following line:
server: https://1234567890ABCDEF1234567890ABCDEF.xx0.region.eks.amazonaws.com
This hostname resolves to some IP address in our VPC.
Which used to work fine, but now my company is migrating to a DNS-based VPN and, due to factors outside my team's control, blanket DNS routing of a domain we don't control, such as eks.amazonaws.com, is not an option. Also the server hostnames are constantly changing because we use Blue-Green Deployment.
There's a really crappy workaround in which we manually keep a CNAME record in Route53 and manually edit that address in kube config after we run update-kubeconfig.
Is there a way to tell EKS to use a Route53 Record instead of that amazonaws.com URLs in a way that update-kubeconfig will know about?
DNS is the core discovery system for EKS, Kubernetes. Having said that, a potential solution is external DNS which integrates with Route53.
Aim: To set-up a subdomain that redirects to an elastic beanstalk instance
I recently bought a domain (tscthub.co.uk) from GoDaddy, transferred it over to 'AWS Route 53' via GANDI, and am waiting on SSL to be approved via 'AWS Certificate Manager'.
Separately I created an 'AWS Elastic Beanstalk' application running Metabase using this guide. This is up and running and I can successfully access it. Whilst the metabase env url works nicely, the public IPv4 address and public IPv4 DNS don't load anything when I follow them.
Next I tried to follow the "Routing traffic to an AWS Elastic Beanstalk environment" guide on the AWS docs. In 'AWS Route 53' I first created a new public hosted zone for 'tscthub.co.uk'. I edited the named servers in the registered domain to match that of the hosted zone. Then because my 'AWS Elastic Beanstalk' environment url had the region within it I thought I could use an alias as per the guide, however, upon trying I got the error "an alias to another record in the same hosted zone are global and available only in US East (N. Virginia)" and unfortunately I'm using 'eu-west-2' (this comment talks about this issue in more detail).
I therefore just used the backfall approach of creating a new CNAME record where the record name was 'test.tscthub.co.uk' and the value was 'http://metabase-env.eba-i2ysq7n4.eu-west-2.elasticbeanstalk.com/'. After waiting a couple of hours for everything to reroute I then tried to access 'http://test.tscthub.co.uk/' but I just get "This site can’t be reached".
It turns out that what the "Routing traffic to an AWS Elastic Beanstalk environment" guide fails to mention is that you can just create an "A" record and set that to the elastic beanstalk environment ...
I have an ec2 box, it is an ubuntu 18.04 OS. I can using "ssh -i {pemfile} ubuntu#{ip address}" also "ssh -i {pemfile} ubuntu#{ip-ipaddress.us-east-2.compute.internal}" from another EC2 box. Now I wanted to change the hostname and use it in ssh. I followed some of linux and AWS articles AWS Article and changed /etc/hostname and /etc/hosts file. Can not use route 53 DNS entry as per requirement.
/etc/hosts = 10.0.1.190 dev-host.example.trade
/etc/hostname = dev-host.example.trade
Getting below error "ssh -i {pemfile} ubuntu#dev-host.example.trade"
ssh: Could not resolve hostname dev-host.example.trade: Name or service not known.
As you’ve made the changes on the server only these will only be resolvable on that host (otherwise anyone could use any domain).
There are a few options you can take if you want to use a custom domain name.
The obvious one is you can use a domain you control, this will allow it to resolve across any hosts that are able to resolve your public DNS. If you don’t own a domain you can purchase one through a registrar (such as Route 53).
The second option is to look at using Route 53 private hosted zones. By attaching to your VPC you can set DNS records that resolve within your VPC. If you want these records to resolve in a hybrid network you would need to look at adding a DNS resolver.
The third option is to look at using a resource that can resolve the domain name, to do this you would either join a domain (using a service such as managed active directory or simple directory), or you could setup an EC2 host to resolve DNS. This is an expensive solution and the most complex if you’re using a hybrid architecture.
Take a look at the Centralized DNS management of hybrid cloud with Amazon Route 53 and AWS Transit Gateway post for more information about hybrid DNS
Your local machine knows nothing about changes you've made to the EC2 configuration. Those changes are local to the EC2 instance.
One way to connect to your cloud instance via a DNS name like dev-host.example.trade is to associate an elastic IP to the EC2 instance. Elastic IPs persist even if the instance is rebooted.
Next, create a new A-type DNS record at your DNS provider pointing to the newly issued IP address.
You can now connect to the server with the DNS name.
I have my web app running on Azure with scale out to have multiple instances.
I can get the list instances name using the Management API of Azure as below
https://management.azure.com/subscriptions/"SubscriptionID"/resourceGroups/"ResournceGroupName"/providers/Microsoft.Web/sites/"sitename"/instances?api-version=2018-02-01
This API provides me the below information
"value": [
{
"id": "/subscriptions/subscriptionid/resourceGroups/websitename/providers/Microsoft.Web/sites/websitename/instances/instancename",
"name": "68e9f48782245c3a112318 INSTANCE NAME ac97aa9f0b55a4b0eb7a0",
"type": "Microsoft.Web/sites/instances",
"location": "UK West",
"properties": {
"name": "68e9f48782245c3a112318 INSTANCE NAME ac97aa9f0b55a4b0eb7a0",
"siteInstanceName": "68e9f48782245c3a112318 INSTANCE NAME ac97aa9f0b55a4b0eb7a0"
}
I wanted to know the IP address of each instance. Can any one please help me how can i get that.
You can't know beforehand which IP address a given app instance will
use to make the outbound connection
So, unfortunately, you just can know the possible outbound IP addresses and not the exact IP address. The inbound IP address may also change when you perform some actions. But you can get a static inbound IP address if you configure an IP-based SSL binding. See Get static inbound IP.
You can retrieve the possible IP list of the scaled instances in Azure Portal. Find the possibilities of retrieving the IP of scaled instances here.
I have set up an EC2 instance and an Elastic IP which is associated to the instance. I have also set an A record in my DNS provider's Zone editor so that the domain name points to the elastic IP e.g. example.com = 123.123.123.123.
After reading many posts, this seems like it should be enough to work but my domain name still isn't resolving. I can't even ping the IP address! Weirdly I CAN ssh into the EC2 instance via the elastic IP and everything seems fine, except that my domain name doesn't resolve to the EC2 instance!
Any thoughts?
DNS names take a while to propagate so that is probably your first issue.
Go to http://www.whatsmydns.net/ and enter your domain name. If all of the locations are returning with the correct ip then you can safely assume its not a DNS propagation issue.
Enable ICMP rules in the security group. If using the aws console create a new rule for "All ICMP" with a source of "0.0.0.0/0". Enabling this creates a security risk for your server so only enable this temporarily while testing. At this point you should be able to ping your instance.
If using HTTP or HTTPS enable the correct ports on the security group for those protocols and as long as the instance is configured correctly with Apache you should be up and running.
Please check your EC2 security group & make sure desired ports are open