I've read through all the white papers for Route53, Private Hosted Zones, and Workspaces and I'm too the point of banging my head on the wall. :p
I'm having trouble getting an EC2 instance and an Amazon Workspace within a private cloud to communicate using a Fully Qualified Domain Name. I need them to communicate with a FQDN instead of an IP address so that I can have an encrypted connection with an SSL.
Here is my configuration:
- Setup a VPC with two public subnets, a route table, and internet gateway.
- VPC is setup with DNSResolution and DNSHostnames enabled.
- Setup a Simple AD for the workspace within the private VPC.
- Setup an EC2 instance within the private VPC with a public subnet.
- Setup the EC2 instance with a security group that allows port 80,443, and 5003 open to 0.0.0.0/0.
- Setup a workspace within the private VPC with no security group.
- Disabled the firewall within the EC2 instance and Workspace.
- Setup a Hosted Zone on Route53 configured for Private and linked to the VPC.
- Setup an A Record pointing the private IP of the EC2 instance.
If I run a ping from the Workspace to the DNS record that was setup in Route53, I get a successful connection.
If I try to reach the EC2 server using a Web browser on Port 80 or Port 443 using the DNS record, it fails.
If I try to reach the Ec2 server using an application that runs on Port 5003 using the DNS record, it fails.
If I try to reach the EC2 server with either web browser or application by referencing the IP, it is successful. So I know that my ports aren't being blocked.
Did I configure the route53 record incorrectly or am I missing a particular IAM Role permission set?
Thanks and let me know if I need to elaborate on any of the configuration.
