39 messages
Discussion related to Amazon Web Services (AWS)
Archive: https://archive.sweetops.com/aws/
Karim Benjellounover 3 years ago
Hello, do you have any recommendations on unified (or SSO) for SSH? We do not want to manually copy-delete ssh keys all over our EC2 instances.
Karim Benjellounover 3 years ago
Thanks @Andrey Taranik. Any alternatives? We tried Teleport but for some reason we keep needing restarting services every now and then and I don’t find it straightforward
Andrey Taranikover 3 years ago
or just build your own solution as described in smallstep blog https://smallstep.com/blog/diy-single-sign-on-for-ssh/
Soren Jensenover 3 years ago
Does anyone know if it's possible to see how much electricity your aws resources are consuming? Alternatively find a co2 footprint of the resources?
jonjitsuover 3 years ago
Anyone have any flakiness issues with codedeploy? I have a lot of services using it and when I trigger too many codedeploys at once it seems the whole thing just freezes but not always, it's weird.
Adnanover 3 years ago
I am currently at at EKS version 1.20.
Do you know if there is a deadline for upgrading this version?
Do you know if there is a deadline for upgrading this version?
Yoav Mamanover 3 years ago(edited)
I’m having a trouble finding an answer on AWS docs, Anyone happens to know whether it’s possible to configure an Application Load Balancer to accept requests only from API gateway?
yi gongover 3 years ago(edited)
I meet an error when using terraform-aws-eks-cluster.
Error: Invalid count argument
on .terraform/modules/eks/main.tf line 34, in resource "aws_kms_key" "cluster":
34: count = local.enabled && var.cluster_encryption_config_enabled && var.cluster_encryption_config_kms_key_id == "" ? 1 : 0
Error: Invalid count argument
on .terraform/modules/eks/main.tf line 34, in resource "aws_kms_key" "cluster":
34: count = local.enabled && var.cluster_encryption_config_enabled && var.cluster_encryption_config_kms_key_id == "" ? 1 : 0
torover 3 years ago
Hey I was wondering where I could find documentation for all the arguments s3_replication_rules accepts for https://github.com/cloudposse/terraform-aws-s3-bucket#input_s3_replication_rules ?
torover 3 years ago
The documentation just says a list(any)
Saleem Clarkeover 3 years ago
Anyone know how to have session manager sit behind OpenVPN, so user is required to connect to OpenVPN before a session can be started
Saleem Clarkeover 3 years ago
this should be AWS CLI not via console
idan leviover 3 years ago
Hey all!
im trying to install your Aws-ebs-csi-driver by that guide
https://docs.aws.amazon.com/eks/latest/userguide/csi-iam-role.html
created all the roles and policies.
on a quick look at the ebs-csi-node pod at my k8s env i can see that i get that error from ebs-plugin container :
im using v1.7.0-eksbuild.0 deriver version and 1.20 k8s version.
do you now how can i solve it ?
Thanks !
im trying to install your Aws-ebs-csi-driver by that guide
https://docs.aws.amazon.com/eks/latest/userguide/csi-iam-role.html
created all the roles and policies.
on a quick look at the ebs-csi-node pod at my k8s env i can see that i get that error from ebs-plugin container :
`I0628 10:44:05.130666 1 metadata.go:85] retrieving instance data from ec2 metadata
I0628 10:44:05.135264 1 metadata.go:92] ec2 metadata is available
panic: could not get number of attached ENIs
goroutine 1 [running]:
<http://github.com/kubernetes-sigs/aws-ebs-csi-driver/pkg/driver.newNodeService(0xc0000c6f00)|github.com/kubernetes-sigs/aws-ebs-csi-driver/pkg/driver.newNodeService(0xc0000c6f00)>
/go/src/github.com/kubernetes-sigs/aws-ebs-csi-driver/pkg/driver/node.go:86 +0x269
<http://github.com/kubernetes-sigs/aws-ebs-csi-driver/pkg/driver.NewDriver({0xc000609f30|github.com/kubernetes-sigs/aws-ebs-csi-driver/pkg/driver.NewDriver({0xc000609f30>, 0x8, 0x55})
/go/src/github.com/kubernetes-sigs/aws-ebs-csi-driver/pkg/driver/driver.go:95 +0x38e
main.main()
/go/src/github.com/kubernetes-sigs/aws-ebs-csi-driver/cmd/main.go:46 +0x365`im using v1.7.0-eksbuild.0 deriver version and 1.20 k8s version.
do you now how can i solve it ?
Thanks !
ROover 3 years ago
Is here the right channel for questions regarding cloud formation ?
Karim Benjellounover 3 years ago
Question. Is it more common to do VPC Peering Connections with vendors of managed services such as Databases? Or is it more common to do VPC PrivateLink & Endpoints?
Tazover 3 years ago
I have been asked to move 2 .Net Core applications that are running as apps on Azure App Services to AWS. What is the best method to deploy these apps
Would the deployment need a beanstalk per .Net CORE App or would this option be more suitable. I am after the quickest solution!!
https://docs.aws.amazon.com/toolkit-for-visual-studio/latest/user-guide/deployment-beanstalk-multiple-application.html
Would the deployment need a beanstalk per .Net CORE App or would this option be more suitable. I am after the quickest solution!!
https://docs.aws.amazon.com/toolkit-for-visual-studio/latest/user-guide/deployment-beanstalk-multiple-application.html
Frankover 3 years ago
Hi all!
We have an Aurora Serverless PostgreSQL instance in a private subnet. Now our customer wants to connect an externally hosted application (on Azure) to it. As a temporary fix we have manually created a new "Regional Cluster" (non-serverless) based off a snapshot of the Serverless DB Cluster, gave it a public IP and firewalled it to the customer-provided subnets.
However, they would need more up-to-date information. I would like to prevent deleting the old DB regional cluster + re-creating it on a daily/weekly basis since it would give a new IP every time.
For this I am currently leaning toward setting up a fresh (public, firewalled, SSL-enforeced) DB and using DMS to sync the databases so that the external party always has access to the most recent data without needing access to the actual DB instance. The snapshot alone is 76GiB and the sync should be done outside of office hours, which makes it a bit more tricky.
Would this be a good approach or are there better/easier alternatives? Thanks!
We have an Aurora Serverless PostgreSQL instance in a private subnet. Now our customer wants to connect an externally hosted application (on Azure) to it. As a temporary fix we have manually created a new "Regional Cluster" (non-serverless) based off a snapshot of the Serverless DB Cluster, gave it a public IP and firewalled it to the customer-provided subnets.
However, they would need more up-to-date information. I would like to prevent deleting the old DB regional cluster + re-creating it on a daily/weekly basis since it would give a new IP every time.
For this I am currently leaning toward setting up a fresh (public, firewalled, SSL-enforeced) DB and using DMS to sync the databases so that the external party always has access to the most recent data without needing access to the actual DB instance. The snapshot alone is 76GiB and the sync should be done outside of office hours, which makes it a bit more tricky.
Would this be a good approach or are there better/easier alternatives? Thanks!
Kevin Hover 3 years ago
A friend of mine is the CEO of this early-stage startup and asked that I share it around, in case anyone finds it interesting: https://www.usage.ai/
nobodyreally needstoknowover 3 years ago
Hi I am trying to incorporate congnito with an ALB, but i am getting this error when creating the listener rule and with "client_credentials" oauth flow:
I don't understand why client credentials does not work with the ALB.
│ Error: Error creating LB Listener Rule: InvalidLoadBalancerAction: The authorization code grant OAuth flow must be enabled in the user pool clientI don't understand why client credentials does not work with the ALB.
Balazs Vargaover 3 years ago
hello all, Is there a way to renew a cert where we have only private hosted zone? I cannot access the main public domain so cannot do my trick to point it to a new public zone until cert will be renewed.
Eric Villaover 3 years ago
Hi! Is there anyone who is going to the AWS reInforce?
Desire BANSEover 3 years ago
Hello all. Is there a way to programmatically upgrade the Kubernetes version of an EKS cluster (on AWS) ?
Victor Grenuover 3 years ago
💌 AWS Security Digest Newsletter #79 is out!
1️⃣ Fourteen AWS Security Best Practices in IAM
2️⃣ [VIDEO] Speeding Up AWS IAM Least Privileges
3️⃣ Open-source proof-of-concept client for IAM Roles Anywhere
📖 Read more: https://asd.zoph.io
1️⃣ Fourteen AWS Security Best Practices in IAM
2️⃣ [VIDEO] Speeding Up AWS IAM Least Privileges
3️⃣ Open-source proof-of-concept client for IAM Roles Anywhere
📖 Read more: https://asd.zoph.io
DaniC (he/him)over 3 years ago
hi folks, am trying to get a feeling of what sort of solutions/ approaches you took to manage/ adhere to IAM least privilege principle ?
I find that the granular we go the higher the cost is to manage it for various users. AWS Managed policies are too "open" and then when you combine that across various accounts is getting even harder.
If going with AWS SSO then we need to work on permission sets and the main prob around manage them is still there imo.
I find that the granular we go the higher the cost is to manage it for various users. AWS Managed policies are too "open" and then when you combine that across various accounts is getting even harder.
If going with AWS SSO then we need to work on permission sets and the main prob around manage them is still there imo.
Adnanover 3 years ago(edited)
Did anybody experience latencies with one service calling a service in another subnet/AZ?
I have an issue where an app/pod running in EKS, is responding much faster to requests when running in a specific subnet/AZ compared to running in the other subnets/AZ's.
The only obvious characteristic of the "fast" subnet/AZ is that a Elasticache/Redis is running in it which the app is heavily using.
Ideas about how to debug this?
I have an issue where an app/pod running in EKS, is responding much faster to requests when running in a specific subnet/AZ compared to running in the other subnets/AZ's.
The only obvious characteristic of the "fast" subnet/AZ is that a Elasticache/Redis is running in it which the app is heavily using.
Ideas about how to debug this?
Tsu Wei Quanover 3 years ago(edited)
Hello team! I require some advice/help on this.
I just deployed terraform-aws-elasticsearch (7.10) from this module https://github.com/cloudposse/terraform-aws-elasticsearch via terraform.
Then via the aws console i updated my ES cluster to opensearch v1.2.
Now i wonder if my terraform code would be synced to the changes? i believe it will not be sync. Can i still use this same module for opensearch??
I just deployed terraform-aws-elasticsearch (7.10) from this module https://github.com/cloudposse/terraform-aws-elasticsearch via terraform.
Then via the aws console i updated my ES cluster to opensearch v1.2.
Now i wonder if my terraform code would be synced to the changes? i believe it will not be sync. Can i still use this same module for opensearch??
Jeremy (UnderGrid Network Services)over 3 years ago
I'd be interested to hear if anyone else has tried to have private hosted zones for services within a given region but also want to have a public hosted zone that can point to the active regional resource. I'm trying to figure out of there's an automatic way to go about this or if I need to look at crafting something external
Yordon Smithover 3 years ago
Hey Everyone.. Wondering a easy yet effective way to do a bulk deletion of EBS snapshots. Got a list (thousands) of older snapshots to be cleaned. Appreciate your inputs.
Balazs Vargaover 3 years ago(edited)
do you know anything about xcurrent issue ? any eta to solve ? all clusters in OHIO are down 😞
Josh B.over 3 years ago
Mine seems to have come back up for now, lol. Datadog ddos'd my voicemail though.
Balazs Vargaover 3 years ago
it comes back and goes down... flacky...
Josh B.over 3 years ago
Yeah, for sure.
Balazs Vargaover 3 years ago
they wrote only 1 az affected, but I saw errors on all AZ-s
Josh B.over 3 years ago(edited)
Yeah, it was def all of them, even if it was brief. I literally saw all of my AZ's go down lol
karandeep singhover 3 years ago
👋 Hello, team!
https://github.com/cloudposse/terraform-aws-emr-cluster
Does this module support instance fleet?
https://github.com/cloudposse/terraform-aws-emr-cluster
Does this module support instance fleet?