|
I'm using AWS I've created a VPC with public and private subnets. All subnets can access the internet, the private subnets obviously get there via NAT instance. My problem: I need to create an s3 bucket that is locked down to an instance, group of instances, or subnet in the private subnet that they can access. Things I've tried: Opening the bucket to 0.0.0.0/0 works, locking the bucket locking the bucket down to a specific range (10.0.0.0/0, my vpc is 10.53.x.x) I can't access it in the private subnet. I've attached a role to the machine that has privileges to do anything to any resource in AWS and even this doesn't work. Does anyone have any suggestions, I've read that s3 endpoints are a solution, but I wanted to see if I could do it the way I figured it would work first, has anyone else been through this particular problem?
|
#
¿
Oct 17, 2015 16:00
|
|
|
|
| # ¿ Apr 27, 2024 19:20 |
|
|
I have a website I host in aws. I have a dns alias record pointing to an ELB, and another ELB on standby. I update the application on one ELB, and then change the dns record from one to the other. This work perfectly in firefox, but chrome doesn't seem to pick up the DNS change, or at least not as fast, in fact it's very slow to pick up the change. I assume this isn't something wrong with the architecture? I assume this is a chrome problem? If so, what is it and how can I remedy this problem? Or is it that I need to put my elbs behind something that never changes IPs? If so, how would I go about doing this easily without changing too much architecture?
|
|
#
¿
Dec 22, 2015 00:10
|
|
|
Thanks Ants posted:Use Route 53 for your DNS and use an alias entry? I'm already doing that, that's the alias record I change
|
|
#
¿
Dec 22, 2015 00:29
|
|
|
Docjowles posted:Chrome maintains its own DNS cache which is why you probably don't see the change picked up instantly. I'm phone posting so this might not be entirely correct but you can clear it at something like chrome://net-internals/#dns in your browser. Through that obviously doesn't help the general public. I need this to affect the general public. I use only alias records so my TTLs should be pretty much instantaneous, the only record that isn't an alias is the SOA, and that's 10 seconds. So I'm really not sure what's going on. Firefox gets the change almost instantly, chrome is slow, or just doesn't get it, I'm not sure what Chrome is doing. Even when I clear Chrome's DNS it doesn't seem to taking the change, at least consistently.
|
|
#
¿
Dec 22, 2015 01:13
|
|
|
Thanks Ants posted:Is there an HTTP header you can send to get Chrome to gently caress off with the caching? Phone posting but this seems to be a Chrome thing and not necessarily something that can be resolved in your DNS setup. I have no idea, that's why I'm asking. It appears that Chrome is caching the DNS, and the content can't change until the DNS updates in chrome. A dig shows the machine is getting the right information, but Chrome is not.
|
|
#
¿
Dec 22, 2015 01:45
|
|