Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Yum repositories don't work unless there are exceptions in the AWS firewall. How do I make the exceptions based on a DNS name?

Tags:

amazon-web-services

redhat

yum

When I try to install something via yum (e.g., yum install java), I get the following:

Could not contact CDS load balancer rhui2-cds01.us-west-2.aws.ce.redhat.com, trying others.

Could not contact any CDS load balancers: rhui2-cds01.us-west-2.aws.ce.redhat.com, rhui2-cds02.us-west-2.aws.ce.redhat.com.

Earlier today I installed various yum packages. This evening I tried several, but none worked.

This link explains that certain firewall rules need to be made: https://access.redhat.com/solutions/11214

I don't have an explanation why all Yum install commands were working earlier today. Several different ones later stopped working. Here is the solution: via the AWS console, I opened all traffic over port 443 (inbound and outbound traffic).

This isn't an ideal solution or a permanent solution. The security groups in the AWS console only permit filtering based on IP addresses and IP address ranges. DNS names aren't part of the filtering.

Using AWS, how can I open port 443 and port 80 to specific DNS names?

like image 557
Propulsion Avatar asked Mar 02 '15 03:03

Propulsion

4 Answers

On AWS Amazon Web Services, make sure you are the 'root' user and not ec2-user.

Type:

sudo su - root

This fixed my problem.

like image 165
Basil Musa Avatar answered Nov 08 '22 15:11

Basil Musa

Try sudo yum install ...

That worked for me without doing any extra firewall changes.

like image 8
wisbucky Avatar answered Nov 08 '22 16:11

wisbucky

You want to defend against INBOUND traffic and can generally leave your OUTBOUND rules open. AWS Security Groups are a stateful firewall, so if a VM establishes a connection (e.g. to a yum repo), the return traffic will be automatically allowed.

You can test this by opening up your OUTBOUND rules and closing off your INBOUND rules to only allow your SSH connection. The yum commands will work assuming you're not being blocked by a VPC Network ACL.

like image 3
scubadev Avatar answered Nov 08 '22 17:11

scubadev

On AWS Amazon Web Services , can you try to ping yahoo.com ? if you get unknown hosts.

I got the same issue,i resolved it as follow , you can have a try.

you need config the dns resolver. 1.vi /etc/resolv.conf; 2.add one row nameserver 8.8.8.8

like image 2
Hao Kang Avatar answered Nov 08 '22 17:11

Hao Kang
Sign in to Comment

Related questions

Cannot exit AWS CLI help pages
How to deploy AWS elasticsearch using serverless.yml
Amazon DynamoDB via CloudFormation - point in time recovery
can't start minikube in ec2 shows "X Sorry, Kubernetes v1.18.0 requires conntrack to be installed in root's path"
aws beanstalk 403 error while deploying
How to execute commands on AWS Instance using Boto3
Running selenium webdriver in amazon lambda python
How does Amazon's SQS notify one of my "worker" servers whenever there is something in the queue?
Rails How to upload precompiled assets to Cloudfront
React Native upload to S3 with presigned URL
how handle refresh token service in AWS amplify-js
Simple DynamoDB request failing with ResourceNotFoundException
Use Reserved instance and autoscaling group
Configuring GSuite to work with route 53 - "MX record doesn't have 2 fields" error
You may not specify a referenced group id for an existing IPv4 CIDR rule. prompt when editing the Inbound rule in AWS Security Group
nginx auto-restart EC2
Basic User Authentication for Static Site using AWS & S3 Bucket
Cannot fix "The provided execution role does not have permissions to call CreateNetworkInterface on EC2"
S3 cp AccessDenied from AWS cli with root keys
AWS Launch Configuration error: The requested configuration is currently not supported

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!