22 messages
Discussion related to Amazon Web Services (AWS)
Archive: https://archive.sweetops.com/aws/
btaialmost 5 years ago
anyone got a good reason to use savings plans over RIs?
Nathaniel Selzeralmost 5 years ago(edited)
audit2rbac scans kubernetes audit logs and automatically generates a rbac policy with least-privilege for a user. Anyone know of anything similar for cloudtrail/IAM?
Adrianalmost 5 years ago
Hi, when I use multiple packages like
First terraform creates the documentDB and then the elastic beanstalk stack.
I would now expect that if I use
aws-elastic-beanstalk-environment and terraform-aws-documentdb-cluster I get the error that the security group for the vpc already exists.First terraform creates the documentDB and then the elastic beanstalk stack.
I would now expect that if I use
allowed_security_groups = [module.vpc.vpc_default_security_group_id] for both, that both are in the same security group. is this not correct?
Marcello Romanialmost 5 years ago
Hello
Marcello Romanialmost 5 years ago
I have hit a wall when trying to remove an
We are wrapping the cloudposse module with a thin layer, so I’m looking into that as well, but is this somethign that others have seen?
eks cluster. I have added null_data_source.wait_for_cluster_and_kubernetes_configmap as per the README, but now when I’m trying to delete the cluster I getError: Get "<http://localhost/api/v1/namespaces/kube-system/configmaps/aws-auth>": dial tcp [::1]:80: connect: connection refusedWe are wrapping the cloudposse module with a thin layer, so I’m looking into that as well, but is this somethign that others have seen?
Brij Salmost 5 years ago(edited)
Hi all, looking for some networking advice. I’m looking to deploy an EKS cluster with managed nodes. I’m trying to figure out how to best size the VPC. All the nodes will be in private subnets, for a nonproduction account there will be 2AZ and for prod there will be 3AZ. For nonprod, I’ve got the following
Any suggestions on what a setup for prod would look like, I’m thinking a
/24 VPC 256 host
/26 private subnet
64
64
/28 public subnet
14
14Any suggestions on what a setup for prod would look like, I’m thinking a
/25 CIDR, but I’m not really sure
Zachalmost 5 years ago
We are investigating increased API error rates and increased provisioning/registration latencies for ELBs in the US-EAST-1 Region. Connectivity to existing load balancers is not affected.
sheldonhalmost 5 years ago
In case interested I threw together a custom AWS weekly update digest if you want a way to keep up and don't have a method already.
There are better ways I'm sure but this is custom and has social media top posts too. I didn't use Cloudpegboard because pretty sure I can't include redistributed updates from them on my digest if I share it.
YMMV. Reply to email and it will email me if you have any customizations.
https://app.mailbrew.com/sheldonhull/aws-cloud-news-6TwkFMMyI1ea?aff=sheldonhull
There are better ways I'm sure but this is custom and has social media top posts too. I didn't use Cloudpegboard because pretty sure I can't include redistributed updates from them on my digest if I share it.
YMMV. Reply to email and it will email me if you have any customizations.
https://app.mailbrew.com/sheldonhull/aws-cloud-news-6TwkFMMyI1ea?aff=sheldonhull
Vivek Kushwahalmost 5 years ago
i want to be able to change instance size using airflow dags, any ideas?
Zachalmost 5 years ago
ALB should be automatically adding an X-Forwarded-Proto header to incoming requests, is that correct?
msharma24almost 5 years ago
Looking for advice on Transit Gateway - Should you create and maintain seperate Dev and Prod TGWs or use one TGW with Prod and Dev Spokes attached and managing the routing with the TGW route tables to ensure dev spoke can't reach Prod Spokes?
sheldonhover 4 years ago
I'm having a problem getting nginx as a reverse proxy to work in docker compose. I've tried to use the mkcert + docker-gen +nginx combo (want to stick with docker compose).
My goal was to allow local development easily against what I'd be deploying to ECS fargate. Almost all the projects I'm working with need this pattern of reverse proxy to support ssl termination as an option.
Anyone have a docker compose project that spins up a reverse nginx proxy and uses docker-gen? I'm ok with using the tmpl file too, but so far no luck in getting anything other than direct access to container, no redirect from root oauth to /appname. Probably removing docker-gen soon but would be nice if I could leverage the automatic config it offers.
My goal was to allow local development easily against what I'd be deploying to ECS fargate. Almost all the projects I'm working with need this pattern of reverse proxy to support ssl termination as an option.
Anyone have a docker compose project that spins up a reverse nginx proxy and uses docker-gen? I'm ok with using the tmpl file too, but so far no luck in getting anything other than direct access to container, no redirect from root oauth to /appname. Probably removing docker-gen soon but would be nice if I could leverage the automatic config it offers.
Igorover 4 years ago
I have a root "dockerize" process sending logs to STDOUT from files on the container, which are showing up when running docker locally. However, these logs don't appear when running in AWS ECS using the awslogs driver. Any thoughts on what the issue might be?
Steve Wade (swade1987)over 4 years ago
does anyone have any strong opinions on an AWS infra tagging taxonomy?
sheldonhover 4 years ago
Anyone try using Lando?
https://docs.lando.dev/basics/
I'm interested in anything that simplifies local dev tooling without a ton of extra complexity and seemed interesting. Seems similar to Cloudposse modules in that they are trying to set "sane defaults" by default on the apps to reduce effort.
https://docs.lando.dev/basics/
I'm interested in anything that simplifies local dev tooling without a ton of extra complexity and seemed interesting. Seems similar to Cloudposse modules in that they are trying to set "sane defaults" by default on the apps to reduce effort.
Rhys Daviesover 4 years ago
Hey guys seem to be having read time out connection issues trying to run Terraform
applys from CircleCI on AWS currently. Is anyone else experiencing this?T
Tomekover 4 years ago
👋 we’re seeing the following Trace breakdown for a Java runtime based AWS Lambda. I know Java has a hefty cold-start time and I would expect the JVM starting would fall in the “Initialization” phase of execution. What is the 10 second gap before the Initialization phase that is happening in this trace?
ikarover 4 years ago
Hey guys, one of the API we're about to use requires IP whitelisting. Is there a way how to configure http proxy using AWS without the need to configure e.g. tinyproxy or nginx?
Brian Ojedaover 4 years ago
Any reason to prefer account-scoped cloudtrails over organization-scoped cloudtrails? I noticed that
terraform-aws-components seems to be preferring account-scoped trials.
Shreyank Sharmaover 4 years ago
Hi All,
I wanted to know is there any way in AWS to notify us if s3 bucket or lambda function is down using SNS with cloud watch.
Thank you
I wanted to know is there any way in AWS to notify us if s3 bucket or lambda function is down using SNS with cloud watch.
Thank you
Steven Phamover 4 years ago
Hey everyone, I'm excited to be part of this slack channel! Are there any recommended terraform/ansible repos with AWS that have prometheus/grafana visualization incorporated that you all pull from easily? I'd rather not work through and write up the IaC for it from scratch 😅
Mo Battahover 4 years ago
Best CI CD tool? Looking for the absolute best. PHP shop. Replacing all of our tooling so I can really start from scratch. Currently vetting CICD vendors