|
Hughlander posted:Not sure what thread this should go to, but I want to get an elastic ip and vpn it to a set of containers on my NAS. Is that just going to be a Vpc, elastic ip and vpn endpoint? Or is there more to it than that? I'm not really sure what you are asking here, but I'll take a swing at it: You will want to create a VPC, set up a virtual private gateway (that in itself will have public IP addresses - you don''t have to create them) and then create your VPN tunnel to it. Then you can route in/out traffic through a NAT gateway which in itself will have a public IP address.  FYI: bumping an EC2 machine to a different class (T3 to M5) or size (large to 2xlarge) is trivial and requires only a reboot. Agrikk fucked around with this message at 21:05 on Dec 9, 2019 |
#
?
Dec 9, 2019 20:58
|
|
|
|
| # ? May 17, 2024 20:12 |
|
|
Agrikk posted:I'm not really sure what you are asking here, but I'll take a swing at it: Thanks I’ll look at it more. What I want to do is I have a service on a port in digital ocean now that is barely worth the cost. It’s out grown the instance there and id need to pay $30 more / mo if I stay. I have the resources on my home network to run it, I just don’t want to have my ip published for it. I’m looking to having an aws public ip port be routed to a docked container on a node here. I know upping the machine size is trivial I just don’t want the expense for a hobby project.
|
|
#
?
Dec 9, 2019 22:21
|
|
|
Hughlander posted:I’m looking to having an aws public ip port be routed to a docked container on a node here. EIPs/Public IPs won't route to VPN networks directly. EIPs are attached to instances, which you could then configure as proxies to your host at home but you'll be paying some amount for that instance. Also data transfer out starts at .09/gb so if you are passing data not only between your app and users but also between home and proxy you could quickly become an indentured servant in Jeff's spaceship factory.
|
|
#
?
Dec 9, 2019 23:00
|
|
|
Hughlander posted:Not sure what thread this should go to, but I want to get an elastic ip and vpn it to a set of containers on my NAS. Is that just going to be a Vpc, elastic ip and vpn endpoint? Or is there more to it than that? Note if want a reliable IPsec VPN tunnel you kinda need a static IP on-prem otherwise the tunnel has to be reconfigured every time the IP changes. Also if throughput over the tunnel is important you'll need a capable router. Encryption is expensive CPU-wise and as such many routers have separate L3 and VPN throughputs listed.
|
|
#
?
Dec 10, 2019 19:08
|
|
|
Cloudwatch cron fired SSM Run command documents don’t seem to be honoring the log group and logging enable defined in the document. To get around it, we’re using the cron to then run the ssm command with the cloud watch output config flag but that seems really dumb. Is this a limitation of that service? Am I holding it wrong?
|
|
#
?
Dec 17, 2019 17:41
|
|
|
Anyone started using EC2 Image Builder? I have and IMO it's pretty good, when it works. Iterative development of components is tedious due to how everything is versioned except for image pipelines. If you update a component you need to create a new recipe version with the new component version and then create a brand new image pipeline from the new recipe version. Also the Amazon owned components are OK to start with except for docker-ce-linux which is basically hosed from what I've seen (Builds using the component fail, the SSM script that's meant to bootstrap the build orchestration gets a SIGHUP and explodes). Really only managed to narrow down the errors to that component through process of elimination on account of how obtuse build errors are. Anyone else managed to do a successful build using the docker-ce-linux component? Personally I just worked around it by creating my own component that does the same thing without the tests or delegating Docker permissions to ec2-user (That just seems like a bad idea in general).
|
|
#
?
Dec 19, 2019 20:38
|
|
|
Is Cloudformer development halted? I know it shows (Beta) when you use it but elsewhere I've seen people saying they have stopped developing it. It seems like it would be in high demand. I'm currently trying to replicate all objects we have in us-east-2 over to us-west-2. Cloudformer was helpful with generating the initial cloudformation template but it has some pretty serious flaws. One of which is that it didn't grab any of the user-data from the auto-scaling launch configurations. I'm augmenting the cloudformation template that cloudformer created to be used to build the objects in us-west-2 but if we change things in us-east-2 in the future, I'll have to repeat all of this manual work. Is there a better way of replicating everything from one region to another?
|
|
#
?
Dec 19, 2019 21:32
|
|
|
Scrapez posted:Is Cloudformer development halted? I know it shows (Beta) when you use it but elsewhere I've seen people saying they have stopped developing it. I’ve never needed them, but stack sets won’t do what you want?
|
|
#
?
Dec 19, 2019 22:35
|
|
|
Scrapez posted:Is Cloudformer development halted? I know it shows (Beta) when you use it but elsewhere I've seen people saying they have stopped developing it. They added this last month which is probably nicer but I haven’t tested it https://aws.amazon.com/blogs/aws/new-import-existing-resources-into-a-cloudformation-stack/
|
|
#
?
Dec 20, 2019 01:02
|
|
|
JHVH-1 posted:They added this last month which is probably nicer but I haven’t tested it https://aws.amazon.com/blogs/aws/new-import-existing-resources-into-a-cloudformation-stack/ It looks like even with this method, I have to write a cloudformation template from scratch that includes all of the objects in my region and then Cloudformation will import everything into a stack. With CloudFormer, it spins up an EC2 instance and takes inventory of everything in the region. There's a web interface that allows you to select which things in the region (or globally) you want to include in the template. Once you select everything, it creates the cloudformation template based on your selections. As I said, the problem is that it does not pull in certain things. One of which is user-data within launch configurations.
|
|
#
?
Dec 20, 2019 17:22
|
|
|
Vent time. I hate these weird gaps in functionality that AWS has, for no discernible reason and with no documentation available to explain the problem. In this case I'm trying to shift some of our current Azure poo poo over to AWS and wanted to set up our CICD stuff in the AWS tooling, Code Build, Deploy and Pipeline. Already I got stuck at the very first step because Windows is mysteriously missing from the dropdown list of build container environments. I Google and Google, and I look through all the AWS docs and they all say the same thing "Select Windows from the dropdown". Finally I try doing the same thing using a JSON file and the CLI tool and lo and behold I finally get a useful message. For some reason the Windows container environment is not available in ap-southeast-2. This is not mentioned anywhere in their documentation. Anyway, I Google this and see someone has asked about it and AWS's response is "we have no current plans to do this". This is so frustrating... On a related note: does anyone know of a way to build a .NET Framework project in a non-Windows environment? I've heard about Mono but I'm not sure how that works exactly, do you have to modify the project itself to get it to build with Mono? Is there some straightforward reading I can use to give me a fairly generalised understanding of the relationship between Mono and regular .NET Framework build options?
|
|
#
?
Dec 26, 2019 23:14
|
|
|
You’ve learned one of the most important lessons: the AWS console is absolute poo poo and should be avoided.
|
|
#
?
Dec 27, 2019 01:57
|
|
|
deedee megadoodoo posted:You’ve learned one of the most important lessons: the AWS console is absolute poo poo and should be avoided. Well the problem isn't so much the Console in this case, rather the documentation which instructs me to do something that isn't possible in my region without mentioning that it's a region specific thing. But yes, I do agree that the Console loving sucks.
|
|
#
?
Dec 27, 2019 02:16
|
|
|
a hot gujju bhabhi posted:Well the problem isn't so much the Console in this case, rather the documentation which instructs me to do something that isn't possible in my region without mentioning that it's a region specific thing. But yes, I do agree that the Console loving sucks. There's heaps of gotchas in AWS doco. They're often written in a way where there will be a single sentence amidst a paragraph that's extremely important but they just mention it as an aside. Also whaddup ap-southeast-2 friend.
|
|
#
?
Dec 27, 2019 08:42
|
|
|
a hot gujju bhabhi posted:Vent time. Please also vent on the feedback forms, there should be feedback links on every doc page. I totally agree our docs are poo poo. As for your .NET question, you could look into .NET Core, if your project builds on it. It runs on Linux too.
|
|
#
?
Dec 28, 2019 06:13
|
|
|
Adhemar posted:Please also vent on the feedback forms, there should be feedback links on every doc page. I totally agree our docs are poo poo. Yeah someone mentioned this in the .NET thread, so I gave it a go. I had to change all of my projects to the new SDK style but it worked beautifully, and I now have a successful Build and Deploy pipeline set up. Thanks!
|
|
#
?
Dec 31, 2019 02:12
|
|
|
|
|
#
?
Dec 31, 2019 09:35
|
|
|
https://twitter.com/jeffbarr/status/1212425207933095936?s=21
|
|
#
?
Jan 1, 2020 18:30
|
|
|
Sorry for a pretty newbie question, but I'm looking at this: https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file-structure-hooks.html I'm setting up a CodeDeploy application to deploy to EC2 instances and I'd like to us the Blue/Green approach. I want to use original instances (not replacement instances), so I'm looking at the table showing available lifecycle hooks and it seems like I can only assign scripts to these two:
Is this correct? If so, why? Is there a technical limitation as to why I can't attach scripts to - for example - the AfterInstall hook?
|
|
#
?
Jan 1, 2020 23:03
|
|
|
a hot gujju bhabhi posted:Sorry for a pretty newbie question, but I'm looking at this: https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file-structure-hooks.html Not sure if I understand the question right; the three steps in the table are the only ones that happen for the original instances. There is no installation happening on them.
|
|
#
?
Jan 2, 2020 01:53
|
|
|
Adhemar posted:Not sure if I understand the question right; the three steps in the table are the only ones that happen for the original instances. There is no installation happening on them. Yeah I had a fundamental misunderstanding about how the in place deployments worked, I understand what's going on now. Ignore my idiot question haha.
|
|
#
?
Jan 2, 2020 02:53
|
|
|
Has anyone had any success with the Packer/Ansible/Windows EC2 combination? All the Googling I'm doing seems contradictory (I'm assuming things have changed over time) and I'm not sure on the right combination of config options to get it all working. Packer is able to created the EC2 instance and retrieve the auto-generated password and connect to WinRM. But as soon as Ansible gets involved I get a permissions error regarding the Ansible remote temp directory. Does anyone know how to resolve this, or where to start looking? Packer output: code:code:code:code:putin is a cunt fucked around with this message at 06:42 on Jan 2, 2020 |
|
#
?
Jan 2, 2020 06:34
|
|
|
Try removing the become configuration and just inject the following:code:
|
|
#
?
Jan 2, 2020 08:55
|
|
|
Pile Of Garbage posted:Try removing the become configuration and just inject the following: This seems to have done the trick, thank you!
|
|
#
?
Jan 6, 2020 00:01
|
|
|
Hmm I spoke too soon... It definitely seems to have gotten me further, but now I'm getting SSL errors. Again the problem I'm having in fixing this is that Google is returning advice from 2015-2019, all of which contradicts each other and there doesn't appear to be a single documented process for working with WinRM. Ansible has this page: https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html but doesn't mention anything about SSL (or at least it has some stuff about it, but indicates that the Windows server version I'm using should be configured correctly by default). I'm using a stock standard Amazon AMI and the Ansible supplied WinRM setup script, so I'm surprised that it doesn't work when I follow the documentation - I'm not doing anything strange, it's all just the standard poo poo. I wish I could just abandon the Windows servers but alas that's not an option  Edit to add more details: The specific error I'm getting is saying the SSL version is incorrect. The WinRM page from the Ansible docs says that it needs to be configured as TLS v1.2. So I've manually started up an instance based on the same AMI using the same userdata script, and when I use openssl to check the SSL info it tells me that it is definitely using TLS v1.2. putin is a cunt fucked around with this message at 00:56 on Jan 6, 2020 |
|
#
?
Jan 6, 2020 00:46
|
|
|
a hot gujju bhabhi posted:Hmm I spoke too soon... It definitely seems to have gotten me further, but now I'm getting SSL errors. Again the problem I'm having in fixing this is that Google is returning advice from 2015-2019, all of which contradicts each other and there doesn't appear to be a single documented process for working with WinRM. Ansible has this page: https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html but doesn't mention anything about SSL (or at least it has some stuff about it, but indicates that the Windows server version I'm using should be configured correctly by default). I'm using a stock standard Amazon AMI and the Ansible supplied WinRM setup script, so I'm surprised that it doesn't work when I follow the documentation - I'm not doing anything strange, it's all just the standard poo poo. The section before the one you linked has better info on how the WinRM listener needs to be configured: https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html
|
|
#
?
Jan 7, 2020 06:13
|
|
|
EC2 API is broken in ap-southeast-2 right now. Auto Scaling is cooked and you can't interact with EC2 at all really. Cool good great...
|
|
#
?
Jan 23, 2020 03:51
|
|
|
Wow. Not at all an important part of AWS.
|
|
#
?
Jan 23, 2020 04:31
|
|
|
Less than 12 hour since eu-west-3 lost connectivity to an AZ too  Great week to be on call.
|
|
#
?
Jan 23, 2020 05:03
|
|
|
Yup
|
|
#
?
Jan 23, 2020 05:11
|
|
|
Any ideas on why running a Tika container on fargate would be around 10 times slower then running it on a t2 small? T2 small parses the file almost instantly, on fargate it’s taking up to 15 seconds.
|
|
#
?
Jan 23, 2020 16:00
|
|
|
If you have two EFS in two regions, can you use DataSync to synchronize bi-directionally? Or does it strictly replicate one EFS to another? Edit: To expand. I have EC2 instances in two different regions that need access to the EFS. Right now, I've just setup a VPC Peering connection and EC2 instances in the region the EFS resides in use the filesystem id to mount it. The EC2 instances in the other region use one of the three IP addresses/mount targets to mount the EFS. This leaves the region using the IP single threaded through one availability zone mount target. I'm trying to have redundancy on the EFS connection. Scrapez fucked around with this message at 22:08 on Jan 23, 2020 |
|
#
?
Jan 23, 2020 21:46
|
|
|
I'm playing with ECS at the moment and trying to use Secrets Manager to hold my database credentials. This works fine, but the 'value' is an object with each of the necessary properties, serialised to a JSON string, so when I pass it into the environment variables for the container, it's just a JSON string which means I'll need to modify my project to read the variable as a string and then parse it into an object. I'd rather not do something like this just to satisfy a deployment-specific eccentricity, is there any way I can inject the credentials as separate environment variables? So I end up with four variables for Username, Password, Host and Database? I tried adding :host etc to the end of my secret ARN, but no dice. ECS just tells me it's an invalid ARN.
|
|
#
?
Jan 24, 2020 04:32
|
|
|
Never mind, I should have Googled some more: https://github.com/aws/containers-roadmap/issues/385 What a pain in the arse :/
|
|
#
?
Jan 24, 2020 04:40
|
|
|
My team has/had that problem because SSM secrets were shared between ECS and Jupyter notebooks and were JSON strings, too. (Previous devs were really big on having single-sources of connection/credential info because we deal with a lot of external data sources.) I ended up writing this https://github.com/ian-d/ecs-template for use in our ECS containers as a lightweight entrypoint to pull / parse / templatize poo poo from SSM instead of baking it into the apps themselves. Keeps the apps more 12 Factor-ish and makes local testing easier since I could just rely on ENV vars and not SSM locally.
|
|
#
?
Jan 24, 2020 13:08
|
|
|
How long does it take for an application to aws be rejected via the job portal? Its been 3 weeks so I'm assuming they dont want to interview me
|
|
#
?
Jan 28, 2020 23:09
|
|
|
fluppet posted:How long does it take for an application to aws be rejected via the job portal? What’s the position? Things are moving a bit slowly in Post-new year. I recommend to keep after it and keep bugging HR people for updates. Eagerness is a good thing here.
|
|
#
?
Jan 29, 2020 03:46
|
|
|
Also I'm euro-TAM so if you applied in any of those countries I can help out as well. But absolutely keep bugging the recruiters. Edit: does this mean the thread is approaching a follow the sun model? Cancelbot fucked around with this message at 22:26 on Jan 30, 2020 |
|
#
?
Jan 30, 2020 22:21
|
|
|
Cancelbot posted:Edit: does this mean the thread is approaching a follow the sun model? Do we have an Aussie goontam?
|
|
#
?
Jan 31, 2020 00:27
|
|
|
|
| # ? May 17, 2024 20:12 |
|
|
sinequanon01 posted:Do we have an Aussie goontam? I hope there is an Australian tam named Tim
|
|
#
?
Jan 31, 2020 01:36
|
|