#aws - July 2021

Anyone here working on AWS Quicksight? To my knowledge only the API is available, but no terraform modules. The customer I am working with wants to be able to build quicksight dashboards in various environments with CI/CD pipelines (jenkins). Wondering if anyone has done something like this/worked on anything like this? Any help is very much appreciated.

Hi all,
is it possible to get the ip address of my elasticache nodes.

Hi,
we are migrating from Redis in ec2 to Elasticache, 
and we have a lot of applications accessing that using that Redis with a password. (i.e lambda and inside Kubernetes etc....(code written in java, c#, pythons))
now if I have to Elasticache with the password I have to enable, Encryption in transit -> Redis AUTH default user. which means all connections happen with TLS (am thinking we have to make lot of changes to code just to connect to redis)

is it possible to add a basic password without encryption in transit feature..
Thanks

Super useful addition to aws amplify! https://aws.amazon.com/about-aws/whats-new/2021/07/aws-amplify-cli-adds-support-for-storing-environment-variables-and-secrets-accessed-by-aws-lambda-functions/

Do we have a community solution to rotate the aws org wide IAM Keys ?
so far I have found this reference https://awsfeed.com/whats-new/apn/automating-rotation-of-iam-user-access-and-secret-keys-with-aws-secrets-manager

this is quite nice. makes the api easier for interacting with security group rules. could lead to a number of improvements for the terraform resource/data source implementations also... https://aws.amazon.com/blogs/aws/easily-manage-security-group-rules-with-the-new-security-group-rule-id

I need to create some kind of automation, maybe a runbook, whenever a step function fails. Any ideas on how to handle this?

Hi - I'm using Cognito for authentication flow. For a demo account (only) I want to have a passwordless login or atleast have no complex password. Has anyone done anything like this? Any pointers greatly appreciated. Thank you.

Free AWS training and 50% off the Exam for AWS Certified Solutions Architect - Associate
https://pages.awscloud.com/GLOBAL_TRAINCERT_takethechallenge.html

Hi all, I’ve got two EKS related questions:
1. has anyone managed to enable ASG metrics for managed node groups?
2. Has anyone been able to use the cluster-autoscaler to scale down to 1/0 nodes at a given time? (ie; at night)

Hi all, has anyone upgraded their AWS PostgreSQL 9.6 dbs yet? We have a master with 4 replicas that we’re looking to upgrade. We’d also like to switch to using encrypted volumes at the same time. The approach we’d use is:

1. Take site offline 😢
2. Take snapshot of master
3. Create encrypted snapshot from previous snapshot
4. Create a new master RDS instance from the encrypted snapshot
5. Create 4 replicas for the new master
6. Migrate the master (RDS will then migrate the replicas in turn)
7. Bring site back online
Does that approach sound sensible? (and fastest)

is there a way to only update the tags on an SSM parameter via the CLI ?

tailscale is blowing up... https://www.lastweekinaws.com/blog/corey-writes-open-source-code-for-lambda-and-tailscale/

Has anyone had first-hand experience with crossplane in AWS EKS, seems awesome on paper, just wondering in practice:
• documentation: seems ok, but when the rubber hits the metal, is it adequate?
• community: active, responsive? (maintainers, users)
• robustness: should I consider it experimental or prod-level? not just for the AWS resources it manages, but for the controllers themselves (eg is crossplane easy to upgrade? what if upgrade fails partially, is it easy to rollback? are error messages adequate to troubleshoot issues with custom resources?)
• AWS resource coverage: looks minimal, eg there's RDS and S3 but no SQS, SNS, documentDB, etc and for RDS there is no paramgroup so some things still definitely need to be provisioned outside of cluster

Hello,
I am new to EKS Fargate and I am trying to setup a fargate cluster using the AWS TF registry module. Upon creation I observed that the coredns pods stay in pending state looking for a node to run on. Do fargate only clusters need worker nodes to run coredns ( and other system pods) ?

Hi, We have 2 AWS account, for some reason resource inside Account B has to access a resource which is inside Account A, is it possible to do that??
other than Access key and secrets.

is it possible by using IAM assume role?

If anyone uses Amplify Console, I just wrote up a short piece on how to do fast rollbacks using a multi-branch approach: https://link.medium.com/YMubiWOq0hb

I have a requirement to find what all AWS secrets are using a particular API key. Is there a way to find all secret keys which are using a particular API key like can we find using regx or something??

Hi all 👋🏽 , has anyone been able to scale down managed nodes for EKS to 0 or 1 based on time? ie; Id like to scale the ASG down to 1 node if possible in the evenings. Is this possible? We use the cluster-autoscaler for scaling up but all my searches come up empty on if its possible to use the autoscaler to scale down.

Heya 🙂

I’ve set up a psql 13 master and replica in AWS, and am seeing some strange ReplicaLag on the replica. Currently there is no load on either the master or the replica.

Hi there, im new to terraform, i used your elasticsearch module to create an es instance, but i cant work out how to apply the access policy using your api?

[Blog Post] AWS Config is the AWS Configuration auditor. It is the foundation of cloud assets inventory, change management, cost management and security. But does it fulfils the promise?
https://blog.cloudyali.io/aws-config-know-before-you-take-a-plunge

I am trying to use this https://github.com/cloudposse/terraform-aws-ssm-tls-ssh-key-pair for an ec2 instance, im a little confused as to how to actually create the keypair with these credentials in ec2

hi guys ,we have a testing aws account with several pieces of infra that we dont use anymore, isnt it better to delete the aws account that is a part of an org instead of going manually to delete everything one by one?

Hi all, can someone point me to the proper direction of how to "write" health checks for load balancer target groups? we have servers running fine but we cant figure out how to create health checks for port 1883 (mqtt). we know that servers listen to this port because they write telemetry that are coming from the sensors to the database successfully, thanks!

We are changing the way that asynchronous invocations of AWS Lambda functions work when the function has reserved concurrency set to zero. Previously, if the reserved concurrency was set to zero for such a function, the events sent to that function were retried for up to six hours, or a customer configured maximum number of attempts or event age, before being sent to the dead letter queue (DLQ) or on-failure event destination configured for that function. As of August 16, 2021, for functions with reserved concurrency set to zero, all events will be automatically sent to the configured DLQ or the on-failure event destination immediately, instead of being retried. Customers who wish to process events that were sent while reserved concurrency was set to zero will need to consume the events from the DLQ or on-failure event destination. This behavior will be enabled in all regions. Please refer to the AWS Lambda User Guide for information on how to configure a DLQ[1] or an on-failure event destination[2].
[1] https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#dlq
[2] https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations

Is anyone great at EC2 userdata (cloud-init) ? - I have a userdata script that sometimes will be done in seconds and sometimes it takes over an hour.

• cat /var/log/cloud-init-output.log has logs in it, but only after above has started
• is there something I am unaware of that can prevent or slow down cloud-init ? It does not seem like there is a pattern
Thanks!