So I’ve found myself in a position where I need to have access to dev vms for POC work but the organization is not prepared to deliver them or a dev space. I know, can you imagine? Anyways:
- What a savagely amazing way to put my certs to use than to build out my own lab infrastructure in the cloud. The different of competencies that allows me demonstrate with the various AWS services and Windows technology is a double whammy establishing chops as a systems administrator AND a cloud architect.
- It gives me a reason to learn new technologies like containers and kubernetes, S3, SageMaker, RDS, Lambda, Kinesis to name a few that I’m interested in.
- It’s not very expensive, let’s look at that before we hop in.
I’ve already spent an afternoon cleaning up my VPCs and doing the troubleshooting we’re gonna talk about in this post. with that my current spend is:
To be more targeted about this, I can see my EC2 costs for the afternoon were:
A whopping 7 cents. So just kinda peeping the pricing for t2 series instances it’s .032 cents an hour for a t2.small Windows Server 2022 EC2 instance so assuming I run 3 VMs for 4 hours ( or half a work day) that would be 3.84/day to have a small lab environment of 1 server and 2 hosts. so I have 2 obvious objectives:
- I need to Create Custom AMI (disk image) for Windows 10 Enterprise Evaluation Edition
- Which, according to the almighty StackOverflow is possible
- I need to research and decide which IaaC solution would work best for staging these labs. Cloud Formation? Terraform? If I’m going to get the most bang for my buck these environments need to come up as usable as possible as qucikly as possible. this is the part I’m low key most excited about.
OKAY, Now that we know it wont break the bank for me to do these experiments…lets talk about the troubleshooting.
Make sure you have a public IP address
So to start, I want to explore Desired State Configuration in a windows environment. To get started, I tried to spin up a windows server instance and, well, can you tell me what’s wrong with this picture?
My instance has no public IP address.
Now normally organizations would have something like AWS Direct Connect but obviously that would be overkill for my purposes, I think as far as I need to go is provisioning a public IP address for each EC2 instance and then setting vanity A records in Route53 (ike DLAB-Client01.dkemmet.cloud, or DLAB-DSC01.dkemmet.cloud) so things are easier to deal with.
so to fix this when you’re in the EC2 Provisioning screen You’ll need to modify the network settings and make sure auto-assign Public IP is set to enable
When you go to check your provisioned instance you should now see the public IP and IPv4 DNS for your instance:
Make sure the “firewall” is configured correctly
Assuming this didn’t solve your problem. The next place you would want to look is in your security group. As you saw from the screenshot above, the launch wizard security group already has a rule configured:
and the outbound rules are basically wide open:
So quick note, there is a solution called AWS Systems Manager, I kinda liken it SCCM, when you’re researching this issue you’re gonna see people talking about running the AWSSupport-Troubleshooting runbook but I didn’t mess with this cause:
- It requires configuring additional IAM policies for my EC2 instance and I like to KISS.
- There is a cost associated the service and, well, no.
Make sure your VPC has an Internet Gateway Attached
So this suprisingly ended up being my problem. My VPC did not have an IGW and the route table had a stale entry for the old IGW (which, why is it gone in the first place? I’ll never know).