|
Does anyone know how bad the Developer - Associate cert is? I know the DevOps Professional will kick my arse but I need to get onto associate first. I'm going through the recommended "quest" first and will probably do the practice exam in a couple weeks. Background: Been doing AWS/DevOps stuff for a large UK online retailer for about 2 years now. Recently finished migrating all of our physical infrastructure to AWS and I come from a strong senior developer background, far stronger than my networking/infrastructure knowledge.
|
#
¿
Sep 12, 2017 14:28
|
|
|
|
| # ¿ Apr 30, 2024 21:51 |
|
|
Not sure if its because Elastic Beanstalk is being weird, but just use the Environment class; https://msdn.microsoft.com/en-us/library/77zkk0b6(v=vs.110).aspx pre:Environment.GetEnvironmentVariable("MYVAR");
|
|
#
¿
Feb 16, 2018 10:11
|
|
|
This is what we do to allow a common root "descend into child" permission; First the role  Then trust relationship  code:code:Cancelbot fucked around with this message at 13:55 on Apr 6, 2018 |
|
#
¿
Apr 6, 2018 13:30
|
|
|
AND lazy evaluation of conditional results. The amount of voodoo shite we've had to pull because it evaluates both the true & false case regardless is infuriating.
|
|
#
¿
Jun 30, 2018 20:50
|
|
|
Architectural one - We had an argument today of whether or not we should have environment based transit. For context: the developers have to provision a "mainline", "staging" and "live" environment by having a VPC for each per region they want to be in (so more often than not teams end up with 6 VPCs for 2 region redundancy) this adds headaches as theoretically it also means a pair of VPN tunnels per VPC-Region if they want to hit our on-premise infrastructure and a hell of a lot of NAT gateways. We're partway to a solution by having Transit VPCs span everywhere so everyone can share the NAT, Internet, and VPN tunnels through one account, but would you go a step further and split the transit into a "mainline", "staging", "live" set of transit gateways? In the end it's all the same address space and due to how hosed our on-premise network already is QA is already visible to Live and vice versa, save for security groups locking this down; plus there's the risk of someone just smashing the transits all together in their account and giving a giant middle finger to routing. However it could mean we get a bit closer to some network sanity by actually segregating poo poo and allowing for the networking team to try things out which doesn't bring every conceivable environment down. One argument against this was our switching & routing on premises isn't segregated physically so why would we do it in AWS?
|
|
#
¿
Feb 25, 2019 21:47
|
|
|
We haven't been burned by it at all. I think there's a desire to start from a clean slate as our on premises network doesn't have that. But in reality there's very little risk of this messing up unless someone did some lovely Terraform that was missed by the review processes we already have in place.
|
|
#
¿
Feb 26, 2019 09:33
|
|
|
Docjowles posted:Ok I have my own Route53 question. We were hoping to switch from managing our own internal resolvers to using route53. We created a new private hosted zone with like 1000 records in it using Terraform. It took ages to complete which I kind of expected. But it also takes ages to do a subsequent plan/apply even if there are no changes. Like 15 minutes per no-op run. Which is uh not going to fly for a frequently changing zone. Without a rewrite of the provider to be smarter; it's going to be bound by TF refreshing state of all of those records every time you do a plan. There's also a risk of hitting API call limits with AWS itself. You're probably better off doing something that takes the git diff on push/merge and translates that into R53 API calls. And something to reconcile the whole thing using a master file should that process inevitably fail 
|
|
#
¿
Feb 26, 2019 23:48
|
|
|
This might help: http://www.brendangregg.com/blog/2017-11-29/aws-ec2-virtualization-2017.html With the Nitro hypervisor you're probably not going to reap the full benefits of those optimisations. But a bare metal one makes it more likely; "Also announced at AWS re:Invent: the Amazon EC2 Bare Metal instances, which are just that – bare metal servers. 0% performance overhead. Run whatever you like: Xen, KVM, containers. Access all PMCs, and other processor features." But bare metal is hella expensive and I imagine you want to run this on a couple of much smaller servers, if so just go for the C5 if you're CPU bound, or R5 if you're memory bound. What does the app do?
|
|
#
¿
Jul 17, 2019 08:04
|
|
|
Cross posting here for the Agrikk goodness. I've reached the final stage (on site interview) to become an AWS TAM  I've had a little help from our current TAM and the Enterprise Support Manager after my second screen interview but i'm still super nervous. I've been writing down as many stories as I could for each of the leadership principles but concerned I'll forget it all and crash and burn when put in front of the 5 or 6 TAMs i'll face during the day.I can always fall back on "not being an idiot" if I stumble I suppose. But as a TAM yourself Agrikk what should I be demonstrating during this process?
|
|
#
¿
Aug 26, 2019 13:40
|
|
|
Agrikk posted:-snip- Awesome! Thanks for that as I've been very focused on having everything answered "right" but our TAM can't know everything, but he knows who to ask to find out and that's what I imagine they want to see. Also on the rest thing; AWS are paying for my travel and stay to London and have recommended I sleep in a hotel the night before, so I'd be insane to not take it up. Otherwise it's a 5am train which isn't a good idea. I'll take note of the snacks too, am I allowed to take in notes? I know it's not an exam but most interviews it's only my CV/résumé that's in front of me, but they've done all that in the screening process.
|
|
#
¿
Aug 26, 2019 23:06
|
|
|
During my technical screen I was told the same thing, they directed me towards putting things more in "I" terms as I did indeed do things and lead people etc. they told me I was being too diplomatic about it, of course a platform migration is a "we" thing but they only care about what I did to make it a success. Fortunately I am a driver of change throughout my career but British politeness & interviews tend to be anti self-promotion, the ESM told me to be a massive show-off for the onsite.
Cancelbot fucked around with this message at 09:04 on Aug 27, 2019 |
|
#
¿
Aug 27, 2019 09:00
|
|
|
Got my TAM interview confirmation with all the associated details now, next Friday is my loop day. Two questions; 1. Why do AWS folk refer to the interviews as "loops"? 2. The TAM test is... suspiciously easy. I don't think I can mention the contents but Agrikk this seems trap-like (but also not a trap). I appreciate I'll get an hour dedicated to the decisions I've made but I thought it'd be meatier.
|
|
#
¿
Aug 29, 2019 21:19
|
|
|
Couldn't you use SSM to get in? SSM doesn't rely on SSH IIRC as long as it's running the agent + has the IAM role, but you mentioned centos so there's a risk you dont have it. I don't know enough about userdata to know what user/permissions it has.
|
|
#
¿
Sep 4, 2019 08:51
|
|
|
Just got back from TAM interview - what an exhausting and exhilarating experience. I think I only flubbed a question once; it was mid-answer where I got asked about RAID which isn't my strong suit and I think I mixed 0 and 1 up. But the rest of the day I feel like I did relatively well. I told my stories, didn't repeat myself and went deep at the right times. I should know next week if it was enough.
|
|
#
¿
Sep 6, 2019 20:13
|
|
|
I loving got it! I'll be a Senior TAM in 2 months (notice period boo).
Cancelbot fucked around with this message at 12:51 on Sep 10, 2019 |
|
#
¿
Sep 10, 2019 12:49
|
|
|
Enterprise support I think... I've got the contracts & background check coming this week so I'll know for sure, but AFAIK It's in Enterprise.
|
|
#
¿
Sep 10, 2019 19:29
|
|
|
Scrapez posted:This is a voip telephony application running on the ec2 instances and our outbound carrier has to whitelist IPs to allow them to make calls. Based on this; https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-addresses.html Could you apply a filter where association-id is null/empty string? Or pipe the JSON into jq where that attribute is missing?
|
|
#
¿
Sep 12, 2019 09:12
|
|
|
Agrikk posted:What office will you be working out of? I’m curious if I’ll be your trainer. London, or to use what I've head from other AWS people: LHR14. I've been told I'm going to Dublin for a couple of weeks to do the CSE training and then another week of TAM training. There's a new office opening much closer to me but not sure when it's open. For TAM engagement: We had some issues with CodeDeploy and got to a service team within 2 weeks via a joint call with the SA, TAM, and product owner. We got a MS-SQL SME in a week. Cancelbot fucked around with this message at 08:24 on Sep 13, 2019 |
|
#
¿
Sep 13, 2019 08:10
|
|
|
Yeah, that's the spot. Couldn't remember the name.
|
|
#
¿
Sep 20, 2019 08:42
|
|
|
This is the only guide I found and requires a VPN between you and your VPC: https://docs.aws.amazon.com/efs/latest/ug/efs-onpremises.html I'm not great with Linux but you could potentially have something to detect & rsync the uploaded/changed files and auto sync that to EFS? It cuts out a step and you might be able to go further and build a rube-goldberg of rsync transactions
Cancelbot fucked around with this message at 08:32 on Sep 27, 2019 |
|
#
¿
Sep 27, 2019 08:16
|
|
|
In my previous org experience (I officially become a TAM in one day!!) If you're doing a thing that's pushing the edges of an AWS service and have a nice TAM you can get included on alpha and beta programs with the service teams being your point of call. I've done one usability study of an upcoming product and my previous team are on an alpha product. Both of which I can't tell you anything more specific, but getting involved is definitely related to several stars aligning. Cancelbot fucked around with this message at 13:54 on Nov 17, 2019 |
|
#
¿
Nov 17, 2019 13:52
|
|
|
Also I'm euro-TAM so if you applied in any of those countries I can help out as well. But absolutely keep bugging the recruiters. Edit: does this mean the thread is approaching a follow the sun model? Cancelbot fucked around with this message at 22:26 on Jan 30, 2020 |
|
#
¿
Jan 30, 2020 22:21
|
|
|
You link your ECS task/service to an ALB: https://aws.amazon.com/premiumsupport/knowledge-center/dynamic-port-mapping-ecs/ This article solves your exact issue: https://medium.com/@mohitshrestha02/understanding-dynamic-port-mapping-in-amazon-ecs-with-application-load-balancer-bf705ee0ca8e Cancelbot fucked around with this message at 10:07 on Jan 31, 2020 |
|
#
¿
Jan 31, 2020 10:03
|
|
|
S3 is internet facing, when you have a lambda that's part of a VPC it'll lose internet access unless its subnet is public, i.e. has an Internet & NAT gateway ($$: https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/) A better (read: cheaper) solution is an S3 Gateway endpoint which gives you S3 DNS & access within a private VPC: https://docs.aws.amazon.com/vpc/latest/userguide/vpce-gateway.html https://docs.aws.amazon.com/vpc/latest/userguide/vpce-gateway.html#create-gateway-endpoint and https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html Cancelbot fucked around with this message at 20:31 on Feb 4, 2020 |
|
#
¿
Feb 4, 2020 20:27
|
|
|
Scrapez posted:Is it possible to setup an S3 bucket to host a static website but not allow public access to it? I would want to be able to access it only from machines in a specific VPC via an S3 Endpoint. S3 website with a bucket policy to allow access only to a specific IP or IP range: https://aws.amazon.com/premiumsupport/knowledge-center/block-s3-traffic-vpc-ip/ The DNS will be public-resolvable but they'll get an error trying to reach the content if they're not in the IP/VPC range.
|
|
#
¿
Feb 6, 2020 14:29
|
|
|
I'm at work, and the design is good. It's not been compromised by buffalo wings hunger.
|
|
#
¿
Feb 20, 2020 14:23
|
|
|
Agrikk posted:When I quit I’m issuing a sev1 trouble ticket (a sev 1 TT pages pretty much everyone pageable at the executive level) in return for my one ? email. I take it you've seen the "notable TT" page? Including the paging level ticket where someone did a real number on a toilet?
|
|
#
¿
Sep 28, 2020 13:19
|
|
|
Agrikk posted:Good luck in your loop! Exactly this, be prepared to go deeper on your answers; impact and influence. I’m a TAM who does loops so I have to be careful about what I share. Map it all to the LPs.
|
|
#
¿
Oct 11, 2020 17:36
|
|
|
PKI/HSM isn't my speciality so I can't comment on that - however you get credits through an Account Manager, if you have a TAM they can refer you to the AM, but if you're under business/developer support you should have an AM allocated and should be able to help there.
|
|
#
¿
Jan 13, 2021 13:03
|
|
|
|
| # ¿ Apr 30, 2024 21:51 |
|
|
Also ensure that you have an S3 gateway endpoint attached to your VPC - this will save on NAT costs but also keeps the traffic within the AWS network for much more throughput.
|
|
#
¿
Jun 9, 2021 09:53
|
|