AWS: File saving into S3 from EC2 if only Elastic IP is associated to the instance in the target group. Else file not writing
I am currently learning AWS by following Pluralsight course AWS Developer: Getting Started. As a part of this course, a nodejs app(a pizza creating an app) need to deploy in AWS. This app runs on EC2 instance and when we create a new pizza and click create, a png file will be saved into an S3 bucket(Code running in the EC2 instance will write to S3).
When I triggered this app with load balancer URL, app loaded and when I try to save the newly created pizza(a png image), web page freezes and file not saving into s3.
But, if I associate an Elastic IP to one of the instances in the target group, the file is saving properly into S3.
Regarding permissions to the EC2 instance, the security group has only load balancer other than SSH.
And EC2 has full S3 access role.
But, still the app is working only if Elastic IP is associated even though the Elastic IP is unusable(as target group EC2 security group has only load balancer access other then SSH)
Why Elastic IP is needed in this case for the correct behavior.
Edit: Additional information:
S3 bucket: full public access is given.
Here below PUT allowed methods might be invalid. As a trail and error I provided this.
My Subnet Route configuration. I thought this is public subnet. Please correct me if I am wrong.
My assumption: I might be completely wrong but my understanding is that my subnet is public subnet and my ec2 instances are creating in this subnet. The EC2 instance(with full s3 access role) has a code to write PNG files to S3 with above settings(all public as per my understanding).
Hence I am expecting this ec2 should write file to S3 without Elastic IP.
But understood if auto assign IP addresses are enabled it is exactly in similar state as I am assigning Elastic IP's manually to EC2 and hence this scenario is working.
I understood that each EC2 instance will be assigned a different public IP address after enabling auto assign IP addresses. For this kind of requirements, Is this good method to go?
Having multiple public IP addresses assigned even though not using it(means will run only load balancer URL browser to access app not public IP) will cost more money?
There are generally three ways in which your instance can access S3 to upload your pizza file:
- Connect to the S3 public endpoint. This means, that your instance needs to be able connect to this endpoint over internet. If your instance is in public subnet with automatically assigned public IPs then it works out of the box. If your instance does not get auto-assigned public IP, you can use elastic IP to get a public IP for your instance.
- Connect to the S3 public endpoint using NAT gateway. This is useful when your instance is in private subnet, without direct access to internet nor any public IPs.
- Use S3 VPC gateway. This allow for fully private connections to S3 without the need for any internet access.
Your description seems to indicate that option 1 applies to you.
There could be other possibilities, e.g. S3 bucket has a bucket policy which allows uploads only from whitelisted IPs or IP ranges. Thus, maybe your elastic IP is whitelisted, while other IPs are not.
- How to use MFA with AWS CLI?
- How do I get the URL for the item using the Amazon API
- How to make links work with exported sites when hosted on AWS Cloudfront?
- Error launching CloudFormation Template for CloudHSM
- Glacier as Resource in CloudFormation template?
- how to secure keys for API calls from android device to amazon services
- Why is this IAM policy denying access with an MFA session?
- AWS Lambda Function Trigger API Gateway Issue
- GetMyFeesEstimate API Amazon vba
- AWS Cloudformation !Ref SecurityGroup returns an invalid ID
- How to set up AWS Client VPN with Keycloak as IdP
- How to view/identify which process taking how much memory?
- using bottlenose in python to extract product price from Amazon in different locale
- Unable to delete cfn stack, role is invalid or cannot be assumed
- How to Set Up Account Linking for a Skill using Alexa API from Amazon?
- GitHub actions "aws: not found" error on ubuntu-latest with Godot CI
- Download file from S3 to Rails 4 app
- Cloudfront (CDN) with Internal Application Load Balancer
- Connecting private load balancer to cloud front distribution?
- Request to Amazon API with delphi : Got HTTP/1.1 403 Forbidden
- Amazon QuickSight Connects Over Internet Instead of VPC to Public Redshift Cluster
- Shift Lambda infrastructure to ECS
- IAM policy to allow EC2 instance API access only to modify itself
- How to match these 2 tables?
- What is the best way of getting files from AWS S3, inserting them into zip and uploading that zip to the bucket?
- What does this mean? An error occurred (SignatureDoesNotMatch) when calling the GetCallerIdentity operation: Signature expired
- AWS ElastiCache in cluster mode has no Primary / Reader endpoints
- How to query: filtering on multiple primary partition keys and range on primary sort key
- How can I get boto3 script to run as a Lambda function?
- Testing AWS CDK Applications Locally