Listener setup on AWS EC2 for Oracle

While trying to setup listener on AWS EC2 for multi-tenant database, you might encounter the issue "Which IP address to use as AWS EC2 has both public and private internal IPs".

Update /etc/hosts file

Add private IP and the hostname of the server in /etc/hosts file and it should look like below:

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

172.31.83.172	ip-172-31-83-172.ec2.internal	ip-172-31-83-172

Add Listener

While creating the listener, use the Private IP DNS name (IPv4 only) in HOST field

Here is the sample Listener file

LISTENER =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = ip-172-31-83-172.ec2.internal)(PORT = 1521))
  )

SID_LIST_LISTENER =
  (SID_LIST =
    (SID_DESC =
      (GLOBAL_DBNAME = CDB)
      (ORACLE_HOME = /u01/app/oracle/product/19.3/db_home)
      (SID_NAME = CDB)
    )
    (SID_DESC =
      (GLOBAL_DBNAME = PDB1)
      (ORACLE_HOME = /u01/app/oracle/product/19.3/db_home)
      (SID_NAME = PDB1)
    )
    (SID_DESC =
      (GLOBAL_DBNAME = PDB2)
      (ORACLE_HOME = /u01/app/oracle/product/19.3/db_home)
      (SID_NAME = PDB2)
    )
  )

Add TNS Entries

Use public IPV4 DNS in the tnsnames.ora file to connect specific container

CDB =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = ec2-3-83-124-67.compute-1.amazonaws.com)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = CDB)
    )
  )


PDB1 =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = ec2-3-83-124-67.compute-1.amazonaws.com)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = PDB1)
    )
  )


PDB2 =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = ec2-3-83-124-67.compute-1.amazonaws.com)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = PDB2)
    )
  )

Now you can happily connect to any container with SQLPLUS

sqlplus pdbadmin@pdb1

Still Not Able To Connect Remotely?

Login as sys user into the root container and issue below command

alter system register;

Verify 1521 port is added to inbound rules of the security group and issue below command as root user

firewall-cmd --zone=public --add-port=1521/tcp --permanent
iptables -AINPUT -p tcp --dport1521 -j ACCEPT
firewall-cmd --reload

Enjoy!