4

I am having issues launching an Elastic Beanstalk application inside my VPC that I created.

My VPC looks like the following:

id:  vpc-a1b
name: vpc-green
cidr:  10.0.0.0/16
route table: rtb-1ab
acl: acl-123

I then have 6 subnets:

vpc-green-public-us-east-2a (rt: vpc-green-rt-public)
vpc-green-public-us-east-2b (rt: vpc-green-rt-public)
vpc-green-public-us-east-2c (rt: vpc-green-rt-public)

vpc-green-private-us-east-2a (each has its own rt)
vpc-green-private-us-east-2b
vpc-green-private-us-east-2c

Route tables:

vpc-green-rt-public
    10.0.0.0/16     local
    0.0.0.0/0           igw-123

vpc-green-rt-private-us-east-2a
    10.0.0.0/16     local
    0.0.0.0/0           nat-001

Internet Gateway:

vpc-green-igw

ACL:

vpc-green-acl
    inbound:
        100     ALL/All/All 0.0.0.0/0  ALLOW
        *           All/All/All 0.0.0.0/0  DENY

    outbound:
        100     ALL/All/All 0.0.0.0/0  ALLOW
        *           All/All/All 0.0.0.0/0  DENY 

    associated subnets: all 6 (public and private)

Security Groups:

vpc-green-default
    inbound:
        All/All/All  sg-a123 (self)
    outbound:
        All/All/All  0.0.0.0/0

vpc-green-web
    inbound:
        tcp, 80, 0.0.0.0/0
        tcp, 443, 0.0.0.0/0     
        icmp, All, 0.0.0.0/0
        all, all, all, 0.0.0.0/0
    outbound:
        UDP, 123, 0.0.0.0/0
        all/all/all, 0.0.0.0/0


EB-Load-balancer
    inbound:
        tcp, 80, 0.0.0.0/0
    outbound:
        tcp, 80, 0.0.0.0/0

EB-VPC-Security
    inbound:
        tcp, 80, source=EB-load-balander
    outbound:
        all, all, 0.0.0.0/0

The actual ec2 instance that ElasticBeanstalk creates looks like:

t2.small
security groups:
    vpc-green-web
    EB-VPC-Security
subnet:
    one of my public subnets (vpc-green-public-us-east-2a)

The load balancer that EB created looks like:

security groups:
    EB-load-balancer
subnet:
    one of my public subnets (vpc-green-public-us-east-2a)

I am getting an error:

The EC2 instances failed to communicate with AWS Elastic Beanstalk, either because of configuration problems with the VPC or a failed EC2 instance. Check your VPC configuration and try launching the environment again.

    Stack named 'awseb-e-xxxxx-stack' aborted operation. Current state: 'CREATE_FAILED' Reason: The following resource(s) failed to create: [AWSEBInstanceLaunchWaitCondition].

There is a help page here: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/events.common.connectivity.html

It says that "... this means the Amazon EC2 instances did not communicate to Elastic Beanstalk that they were launched successfully."

Given the above information, what exactly is the problem?

I am not sure how I can fix this as it looks fine to me.

If I visit the url that EB generates it does not work:

xxxxx.us-east-2.elasticbeanstalk.com is currently unable to handle this request.
Blankman
  • 2,891
  • 10
  • 39
  • 68
  • 1
    Are you able to access *any* external services from that EC2 instance? Can you SSH into the instance? – EEAA Feb 13 '17 at 21:22
  • Try launching it again. You might try opening up the firewall as well, perhaps after a bit of research about the ports required by EB. – Tim Feb 13 '17 at 21:26
  • @Tim I have launched in many many times, Im really suck. – Blankman Feb 13 '17 at 21:53
  • @Tim I'm not sure what you mean by opening up ports, my instance has both inbound/outbound to all ports open -- see the security group and routing table. – Blankman Feb 13 '17 at 22:01
  • @EEAA I relaunched using a keypair, so I can SSH into the instance. I tried to ping google.com and I got an error "ping: unknown host google.com" Where in my VPC setup above does it look like the problem is then? confused! – Blankman Feb 13 '17 at 22:31
  • It's incredibly difficult to troubleshoot this without actually getting my hands on it. I'm certain I could find the problem within about 5 minutes of getting console access, but that's out of scope here. I'd recommend you contact AWS support and see if they can help you. Beyond that, just think through packet flow, starting at the instance and moving outward. Methodically go through each network device and ensure it's configured correctly. – EEAA Feb 13 '17 at 22:33
  • 1
    My general idea is that there may be a controller somewhere that the EC2 instance needs to communicate with, but I haven't used EB myself. I think EEAA is right, pay the $50 or whatever for support for a month. – Tim Feb 14 '17 at 00:45
  • @Tim I didn't realize it was that cheap for support, thanks! – Blankman Feb 14 '17 at 01:20
  • Actually developer is $29 and business is $100, but you can use developer since it's not urgent. – Tim Feb 14 '17 at 02:31
  • 1
    "Unknown host" indicates a DNS problem. Does your VPC have the enableDnsSupport option set to true? See http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html#vpc-dns-support – Peter Dolberg Feb 14 '17 at 19:32
  • @PeterDolberg Yes that was the issue man! – Blankman Feb 14 '17 at 20:58

1 Answers1

1

So the problem ended up being that my DNS hostname and support in my VPC settings was not set to True.

Aws supported paid for itself today folks!

Blankman
  • 2,891
  • 10
  • 39
  • 68