Errors while bootstrapping controller in AWS

networking
help-needed

#1

Hi this is santhosh,

I’m trying to bootstrap controller in aws in particular vpc(this is not default vpc in that region). Used the below command:

ubuntu@x86inst-1a:~$ juju bootstrap --config "vpc-id=vpc-08b1e3735cf3" --config "vpc-id-force=true" aws test
it gives the error as below:

ERROR unable to contact api server after 1 attempts: unable to connect to API: dial tcp 172.86.1.14:17070: connect: connection refused

My another doubts,

  • will Juju don’t work in private subnet?? if yes then the whole point of private subnet is to be secure and to do our work or workloads securely. how can we make juju work in private subnet

  • can we --config or give --constraints for parameters like security group, subnet in aws. if yes what are the commands, is their any aws concentric documentation? can we give or specify those constraints during bootstrap or will only work for adding model/machine?


#2

**Does any one know how juju works with AWS??? **
Can any one let me know how to rectify above error or atleast why its occuring?


#3

I just re read your post.
172.86.1.14 is actually a public IP address. If that’s within the CIDR range of your private VPC the juju client is trying to connect over the internet.

172.86.1.xxx would need to be reachable from the juju client via a VPN or private circuit.

I would suggest keeping your VPCs CIDR blocks between 172.16.0.0 – 172.31.255.255.

Juju will work in a private subnet/vpc as long as the juju cli can communicate or has a valid route to that vpc, the VPC will also need a NAT gateway so that the juju controller can communicate with the AWS APIs so that it can spawn new instances.

Juju usually creates a security group if you don’t declare your vpc. You can go secure this after the controller is successfully bootstrapped