Archive

Please reload

Tags

Please reload

How To Diagnose and fix Network failures in the Flow Logs Viewer

May 4, 2020

Our Flow Logs Viewer is designed to help you work with your VPC Flow Logs and your security groups. To do this, the instance needs access to AWS' public API endpoints.

 

The endpoints needed are:

https://logs.<region>.amazonaws.com

https://ec2.<region>.amazonaws.com

https://sts.<region>.amazonaws.com

 

where <region> is the equivalent of 'us-east-1' or the region you are operating in.

Example: https://logs.us-east-1.amazonaws.com

 

If you encounter an error such as:

We're sorry, but something went wrong.
Some customers see this error when their instance cannot access AWS' API Endpoints.
Please check if your security groups have blocked Outbound access to the AWS API Endpoints for your region.

Please see these fixes:

 

1. If your instance is in a private Subnet with an IGW or NAT gateway, you need to add an Elastic IP to the host

 

Documentation: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html 

 

Since the AWS API endpoints are outside of your subnet, traffic to and from those endpoints will route over an IGW or NAT Gateway, and to the "public" internet. 

 

2. If your instance is in a private subnet without an IGW or NAT Gateway, you need another way to route to the internet

 

The Flow Logs viewer must be able to access the API endpoints listed above. Your own VPN tunnel or network bridge device. This is an advanced network configuration.

 

3. Security Groups or Network ACLs are blocking access to the API endpoints

 

The pre-configured security groups in the PiaSoft Flow Logs Viewer CloudFormation template allow egress network access to 0.0.0.0/0 from the instance. If the group has removed this egress security group rule, you will need to add in a rule to permit access to the AWS endpoints.

 

Please contact us for support if you need help modifying the security groups, or if this article did not help.

 

 

Please reload

Recent Posts

Please reload

pia@piasoftware.net

(804) 5050PIA

(804) 505-0742

  • Pia Software on LinkedIn
  • Pia Software on Twitter
  • PiaSoftware on Facebook

©2017 BY PIA SOFTWARE.  All rights reserved.