Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I set the AWS peering connection DNS resolution options through CloudFormation?

Tags:

amazon-web-services

amazon-cloudformation

I have two VPCs:

  • VPC1 which holds our RDS instance.
  • VPC2 which holds our cluster of EC2 instances.

We have successfully setup a VPC peering connection, routes and security groups to allow appropriate communication.

In order to resolve the RDS instance AZ-appropriate local IP address from it's hostname, we need to follow these instructions and set --requester-peering-connection-options AllowDnsResolutionFromRemoteVpc=true.

If I do this manually through the AWS Console or the AWS CLI it all works fine, however I'm creating the cluster of EC2 instances through CloudFormation and the option is missing from the CloudFormation documentation.

The effect of this is that my stack starts up and fails because the services themselves cannot connect to the database.

Am I doing something obvious wrong, or is this just Amazon being incomplete?

Thanks!

like image 451
Dan Hardiker Avatar asked Jul 17 '17 22:07

Dan Hardiker

People also ask

How do you enable DNS hostname resolution for your VPC connection?

DNS servers resolve DNS hostnames to their corresponding IP addresses. To set up DNS in your VPC, ensure that DNS hostnames and DNS resolution are both enabled in your VPC. The VPC network attributes enableDnsHostnames and enableDnsSupport must be set to true .

Do we need IGW to use peering connections?

An instance will not receive any traffic if destination is not within the VPC. So, peered VPC without IGW will not be able to access internet with Peered VPC because when traffic does arrive into VPC which has IGW, source is outside VPC and destination is not local VPC (outside network).

What are the limitations of VPC peering?

You cannot have more than one VPC peering connection between two VPCs at the same time. Any tags that you create for your VPC peering connection are only applied in the account or Region in which you create them. You cannot connect to or query the Amazon DNS server in a peer VPC.

1 Answers

Due to the frequency of updates, there are many times where an AWS feature isn't available in CloudFormation (ALB targeting Lambda used to be) - you end up having to create a custom resource to manage it. It's not too bad, just make sure that your lambda responds with success or failure in all scenarios, including exceptions, otherwise your stack will be 'in progress' for hours.

like image 68
Dan G Avatar answered Sep 19 '22 17:09

Dan G
Sign in to Comment

Related questions

How to encrypt S3 bucket using Terraform
AWS Lambda Python - Return BytesIO file?
How to override rails configurations in regard to pluralized tables and snake cased columns
How to create a java OutputStream for an S3 object and write value to it?
Understanding Kubernetes cluster scaling
Create AWS Amplify Resources with Terraform
How can I deploy a new version of an existing Amplify app using the AWS/Amplify CLI without user interaction?
Amazon S3 creating unique keys for every object
Benefits of using AWS SNS vs directly working with Apple's APNS
ElasticBeanstalk - application changes not showing
Process signals to do a graceful exit with a nodejs app on Elastic Beanstalk?
Can't figure out why subnet is being updated
Ansible - include vars file from remote host
Issuing Temporary Credentials to sign into AWS Management Console using AssumeRole, existing Policies, and unique URL
Reading from an SQS queue with multiple threads
What is the parameter type passed to a Lambda function by a CloudWatch Events - Schedule trigger?
Rate limiting requests and Amazon SQS
ECS tasks desired count not working
How do I work out why an ECS health-check is failing?
How to test API Gateway methods with custom authorizer and empty $context.authorizer.* variables?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!