13 messages
Discussion related to Amazon Web Services (AWS)
Archive: https://archive.sweetops.com/aws/
Juan Pablo Lorierabout 2 years ago
Hi, I've being using the ECS module but I'm getting weird error now in a clean account:
Error: updating ECS Cluster Capacity Providers (XXXXXX): InvalidParameterException: Unable to assume the service linked role. Please verify that the ECS service linked role exists.
The role is not a requirement of the module, so not sure why this is failing, any hints?
Error: updating ECS Cluster Capacity Providers (XXXXXX): InvalidParameterException: Unable to assume the service linked role. Please verify that the ECS service linked role exists.
The role is not a requirement of the module, so not sure why this is failing, any hints?
Dexter Cariñoabout 2 years ago
Pavelabout 2 years ago(edited)
hey all, was hoping to get a quick answer for this WAF config i need to override:
I need to override
module "waf" {
source = "cloudposse/waf/aws"
name = "${local.app_env_name}-wafv2"
version = "1.0.0"
scope = "REGIONAL"
default_action = "allow"
visibility_config = {
cloudwatch_metrics_enabled = false
metric_name = "rules-default-metric"
sampled_requests_enabled = true
}
managed_rule_group_statement_rules = [
{
name = "rule-20"
priority = 20
statement = {
name = "AWSManagedRulesCommonRuleSet"
vendor_name = "AWS"
}
visibility_config = {
cloudwatch_metrics_enabled = true
sampled_requests_enabled = true
metric_name = "rule-20-metric"
}
},
{
name = "rule-30"
priority = 30
statement = {
name = "AWSManagedRulesAmazonIpReputationList"
vendor_name = "AWS"
}
visibility_config = {
cloudwatch_metrics_enabled = true
sampled_requests_enabled = true
metric_name = "rule-30-metric"
}
},
{
name = "rule-40"
priority = 40
statement = {
name = "AWSManagedRulesBotControlRuleSet"
vendor_name = "AWS"
}
visibility_config = {
cloudwatch_metrics_enabled = true
sampled_requests_enabled = true
metric_name = "rule-40-metric"
}
}
//bot prevention managed rule set
]
rate_based_statement_rules = [
{
name = "rule-50"
action = "block"
priority = 50
statement = {
limit = 1000
aggregate_key_type = "IP"
}
visibility_config = {
cloudwatch_metrics_enabled = true
sampled_requests_enabled = true
metric_name = "rule-50-metric"
}
}
]
}I need to override
AWS#AWSManagedRulesCommonRuleSet#SizeRestrictions_BODY to allow for bigger requests
Sairam Madichettyabout 2 years ago
Hi. Has anyone worked on Keyfactor + cert manager acme?
Joe Perezabout 2 years ago
Hello AWS Pros! I was wondering if anyone had any good insight into handling configuration files with secrets in ECS Fargate. Some background additional background from me is that we've transitioned from EC2 based systems to ECS fargate but we're still using ansible and ansible vault to maintain those configurations. 🧵
Gábor Zeleszkóabout 2 years ago
Hello, in ECR Repository is there any way with Lifecycle policy to automatically delete the images which were not pulled for 60 days?
If no, what is the best practice for this, what you use? Thanks!
If no, what is the best practice for this, what you use? Thanks!
Emiabout 2 years ago
🚨 IMPORTANT ADVICE 🚨
We've got critical information about changes to Amazon Elastic #Kubernetes Service that directly 📉 impact your costs. Read on to make sure you're in the know 👇️
Starting April 1, 2024, Amazon EKS will implement a pricing shift for clusters running on a #Kubernetes version in extended support. Brace yourself for a significant increase to $0.60 per cluster per hour. Yes, you read it right - an increase from the current $0.10 per hour. 💸
💻️ Take Action Now - optimize your infrastructure:
Head to our GitHub page ASAP to explore strategies for optimizing your EKS versions and mitigating these increased costs.
Update EKS versions to sidestep extended support charges 👉️ https://lnkd.in/dBRFsr_7
📢 Spread the word:
Share this update with your network! Please let your peers know about the impending pricing shift, and together, let's go through these changes as a community.
https://www.linkedin.com/posts/binbash_aws-eks-kubernetes-activity-7155171423546679296-Lfu2?utm_source=share&utm_medium=member_desktop
We've got critical information about changes to Amazon Elastic #Kubernetes Service that directly 📉 impact your costs. Read on to make sure you're in the know 👇️
Starting April 1, 2024, Amazon EKS will implement a pricing shift for clusters running on a #Kubernetes version in extended support. Brace yourself for a significant increase to $0.60 per cluster per hour. Yes, you read it right - an increase from the current $0.10 per hour. 💸
💻️ Take Action Now - optimize your infrastructure:
Head to our GitHub page ASAP to explore strategies for optimizing your EKS versions and mitigating these increased costs.
Update EKS versions to sidestep extended support charges 👉️ https://lnkd.in/dBRFsr_7
📢 Spread the word:
Share this update with your network! Please let your peers know about the impending pricing shift, and together, let's go through these changes as a community.
https://www.linkedin.com/posts/binbash_aws-eks-kubernetes-activity-7155171423546679296-Lfu2?utm_source=share&utm_medium=member_desktop
Samiabout 2 years ago
Hey all. I'm working to design a new AWS architecture for my current company to transition to. We're in a bit of a growth stage so I want to design something that will be flexible for future use but also not overly complicated for the time being due to deadlines and a smaller team.
I'm hoping to get some feedback the AWS organisations. The current design I have is laid out to segregate production and non-production workloads. I specifically want to create a sandbox space for developers to utilise so they can create resources during their research and development stages.
I'm curious if people segregate their organisations into environments like production, staging, etc or by workloads and what might be some trade offs between?
I'm hoping to get some feedback the AWS organisations. The current design I have is laid out to segregate production and non-production workloads. I specifically want to create a sandbox space for developers to utilise so they can create resources during their research and development stages.
I'm curious if people segregate their organisations into environments like production, staging, etc or by workloads and what might be some trade offs between?
Juan Pablo Lorierabout 2 years ago
Hi, I'm trying to set the min and max capacity for an ecs service but I can't find how to do it in the terraform-aws-ecs-alb-service-task module.
Anyone can point me where to look? Thanks
Anyone can point me where to look? Thanks
Seanabout 2 years ago
Hello, I am working to transition to a multi-account aws architecture and have been considering using atmos instead of a DIY solution. It seems I need to create a tfstate-backend > account > accountmap & the use of a workflow might be best since docs say account must be provisioned prior to account map. Is my understanding correct ? What is needed to access the
cold start document that I see referenced in some docs ?
j labout 2 years ago
Hi, is there something to consider when configuring a socket.io multi-instance server behind an ALB from EKS using alb controller? So far I have set cookie sickness, duration and host header preservation but doesn't seem to be enough.Does anybody has experience with this kind of setup? Thanks
Balazs Vargaabout 2 years ago
Hhello all. Anybody has issues with route53 dns entries?
Juan Pablo Lorierabout 2 years ago
Hi, is there a way to provide a custom name to resources without following the cloudposse construction for tenant, namespace, environment, etc? I need to customize alb, redis, ecs modules to adapt to a specific naming convention and I can't find a way to force it but with the name tag that not always works