Amazon EC2 Security Group with Host / Dynamic IP / DNS -


i seeking guidance on best approach take ec2 security groups , services dynamic ip's. want make use of services such sendgrid, elastic cloud etc use dyanmic ip's on port 80/443. access port 80/443 closed exception of whitelisted ips. far solutions have found are:

  1. cron job ping service, take ip's , update ec2 security group via ec2 api.
  2. create new ec2 act proxy port 80/443 open. new server communicates sendgrid/elasticcloud, inspects responses , returns parts main server.

are there other better solutions?

firstly, please bear in mind security groups in aws stateful, meaning that, example, if open ports 80 , 443 destinations (0.0.0.0/0) in outbound rules, ec2 machines able connect remote hosts , response if there no inbound rules given ip.

however, approach works if connection initiated ec2 instance , remote services responding. if require connections ec2 instances initiated outside, need specify inbound rules in security group(s). if know cidr block of public ip addresses, can solve problem can specify destination in security group rule. if don't know ip range of hosts going reach machines, access restriction @ network level not feasible , need implement form of authorisation of requester.

p.s. please bear in mind there soft default limit of 50 inbound or outbound rules per security group.


Comments

Post a Comment

Popular posts from this blog

inversion of control - Autofac named registration constructor injection -

does autofac support specifying registration name in components' constructors? example: ninject's namedattribute . you need use autofac.extras.attributed package on top achieve this so let's have 1 interface , 2 classes: public interface ihello { string sayhello(); } public class englishhello : ihello { public string sayhello() { return "hello"; } } public class frenchhello : ihello { public string sayhello() { return "bonjour"; } } then have consumer class, in want select instance injected: public class helloconsumer { private readonly ihello helloservice; public helloconsumer([withkey("en")] ihello helloservice) { if (helloservice == null) { throw new argumentnullexception("helloservice"); } this.helloservice = helloservice; } public string sayhello() { return this.helloservice.sayhello()...
Read more

verilog - Systemverilog dynamic casting issues -

i've code snippet following in testbench function void write_to_port( my_data_type_base data ); my_data_type_extended data_ext; if(!$cast(data_ext, data)); `uvm_error(get_type_name(), "failed cast"); `uvm_info(get_name(), $psprintf("data_ext :\n%s", data_ext.sprint()), uvm_medium) // write data_ext out port.... endfunction when run it, i'm getting uvm_error "failed cast." i'm not quire sure why $cast not returning 1. can see, i'm printing out extended class data item after casting uvm_info. can see it's being cast properly. if don't use $cast if condition, don't runtime error. isn't coding practice use if dynamic cast check if $cast returning 1 ? what might reason behind cast not returning 1 in above case? i think semicolon on line 'if' not belong? i think consumes if statement, , uvm_error executes regardless of how if evaluates: if(!$cast(data_ext, data)); <- no semico...
Read more

ios - Change Storyboard View using Seague -

i have following code checks connection server, , depending on want change views if no connection found. nsstring *connect = [nsstring stringwithcontentsofurl:[nsurl urlwithstring:@"http://myserver.com"] encoding:nsutf8stringencoding error:nil]; if (connect == null) { [self performseguewithidentifier:@"network_failure" sender:self]; } else { // other code here } my problem not change views. have added storyboard segue between 2 views identifier of network_failure . not have navigation controller or that, problem? thanks help! no not problem. first of all, in objectivec exists nil object oriented null . must use that. so: if(connect == nil) or better: if(!connect) so due fact nil not same of null , probably code does't enter in if scope . you have been able discover breakpoint. anyway: be sure set trigger segue (line) 2 view controller , , name network_failure (that not best name. should instead view1toview2 ) as, m...
Read more