|
I'm fairly new to AWS so I apologise for the super basic question, but what service(s) would I use if I wanted to make a website that could compile less into CSS for a user to download? I figure that I should to do this in a Node.js Lambda and then send the result to S3 and publish to an SNS to say that the download is ready, which my webpage can then react to. Am I on the right track?
|
#
¿
Oct 10, 2017 06:02
|
|
|
|
| # ¿ Apr 30, 2024 18:59 |
|
|
You guys have both given me plenty to go on, thanks! In a way I'm fine with a little bit of over engineering too, since I'm also trying to learn how everything plays together.
|
|
#
¿
Oct 19, 2017 12:29
|
|
|
SnatchRabbit posted:Speaking of certs is there a good resource for free practice exams? I just finished a course for associate solutions architect so I'm looking for some more exams to make sure I'm on my A game. A Cloud Guru is what I used. You can get a membership for $20/mo that gives you access to all their courses plus the exam simulations which I would say were a HUGE help in my passing the exam. https://acloud.guru/membership
|
|
#
¿
Jan 10, 2018 03:41
|
|
|
I have a question - over the Christmas break one of my coworkers decided to wind down some EC2 instances that are only used for testing etc (i.e. not needed outside business hours). This is fine for most of our stuff, but some of the instances he terminated were actually belonging to Elastic Beanstalk stacks. Since they've been started back up, they've been having funny behaviour (constant cycle of scaling up and down, CPU strain etc). In each case, rebuilding the environment fixed the problem. I'm just wondering three things: 1) Is manually terminating the instances definitely what caused this issue or am I suffering confirmation bias? Has anyone experienced this before? 2) Is there a simpler, lower impact way to fix this problem other than a complete environment rebuild? 3) Is there a recommended way to do what my coworker was trying to do (i.e. pause the environment's underlying instances while they were not required)?
|
|
#
¿
Jan 10, 2018 03:53
|
|
|
JHVH-1 posted:Its really just there to prototype things and make it easier for developers, and not meant for a production environment. Is this really the case? I mean I can see that it would be the case in practice perhaps, if it's unreliable or a bit lovely or whatever. But is this truly AWS's intent for the service? JHVH-1 posted:If you stick with EB then I think you have to manage it through the cli or its own dashboard. If you start screwing with the EC2 instances it is using it tends to get confused. Thanks, this is kind of what I thought and I was honestly pretty annoyed that the tech lead went ahead and just started directly loving with the instances.
|
|
#
¿
Jan 23, 2018 23:01
|
|
|
Seventh Arrow posted:I booked my Solutions Architect - Associate exam for Feb 12 so I'm going to try and do as many labs and practice exams as I can until then. I've heard that there are a lot of scenario questions, so it seems best to have a well-rounded knowledge of the material instead of just mastering AWS trivia questions. Looking at the A Cloud Guru forums, however, it seems that the exams take a keen interest in subjects that one would never think to focus on initially - like bastion hosts, SWF use cases, and so on. If you're on A Cloud Guru I assume you're using their training material? In that case, try doing the exam simulation, it's reasonably close to what the real exam will be like.
|
|
#
¿
Feb 1, 2018 22:11
|
|
|
How on earth do you guys handle Environment Variables in Elastic Beanstalk for .NET projects? I can set them up just fine, but how do I access the values in code? The AWS documentation seems to imply that they will be made available in the AppSettings dictionary, but it's not working. A bit of Googling has revealed that apparently this is a known issue, but the suggestions I've found for addressing it aren't working and they seem kind of inelegant. Surely this is a common enough requirement that there's a well understood process for this, and my Google-fu is maybe just terrible?
|
|
#
¿
Feb 15, 2018 05:21
|
|
|
Cancelbot posted:Not sure if its because Elastic Beanstalk is being weird, but just use the Environment class; Yeah it doesn't work correctly apparently. There's a workaround to manually load in the JSON configuration file EB creates on the instances, and that's about the only option. It worked well once I got it set up, but what a pain in the arse...
|
|
#
¿
Feb 21, 2018 06:48
|
|
|
SnatchRabbit posted:Thanks, those are very useful links. Re: Lambda, I wasn't sure how feasible it was, it was more like an idea for us to dip our toe into serverless. Yeah, I'll bring that up that we are supposed to notify AWS. the problem with flow logs is that this is a build/test environment so I don't think there's much traffic flowing through as of yet. If it's just a one-time attempt to access a certain port to see whether it's open, a Lambda behind API Gateway is way overcomplicated. If you want to monitor the port that's a different story, but Lambda is still not really the appropriate tool. I don't have a lot of experience with pen. testing otherwise I'd offer you some suggestions on tools to use.
|
|
#
¿
Feb 23, 2018 01:03
|
|
|
Acidian posted:That's exactly what it was. I had a feeling it had to do with me being retarded. Not retarded at all, this gets every AWS user from time to time "Why can't I see this thing? Oh... duh..."
|
|
#
¿
Apr 19, 2018 03:33
|
|
|
I worked in a DevOps team at my last job and it was great. We had full knowledge of the pipeline and where everything deployed and how it all interacted. It's a great approach, it's a shame it's so often implemented so badly.
|
|
#
¿
May 2, 2018 10:31
|
|
|
Not AWS but hoping someone can help. We have a Varnish server configured to cache requests and behind that we have an Azure load balancer that balances between 3-4 VMs depending on requirements. The problem is that something about the Varnish server being there is causing the load balancer to go stupid and it seems to be confusing the traffic as one visitor and sending it all to the one VM. In other words, it doesn't seem to know or care about the X-Forwarded-For header when determining where to send requests. Am I right in this assumption? Is there any way to configure the load balancer to ignore the client IP and use the X-Forwarded-For header instead?
|
|
#
¿
Oct 16, 2019 09:42
|
|
|
12 rats tied together posted:There are a lot of different ways to load balance traffic but commonly you'll see a load balancer perform some kind of source NAT on incoming traffic, replace the destination IP on it with a selection from its available targets, and then forward it along. Thanks for the info, super helpful. I looked at the traffic using tcpdump as suggested and it definitely initiates using a different port each time, but always requests port 80 on the LB. Is this a problem? Sorry for the potentially stupid question, I'm far more Dev than Ops unfortunately.
|
|
#
¿
Oct 17, 2019 09:37
|
|
|
After some further investigation it seems like actually the load balancer itself is doing okay, but one of the servers just seems to have a much harder time processing requests. In other words its CPU spikes regularly even though it's handling the same volume as the others. Unfortunately this was all set up long before my arrival so these VMs are far from immutable, in fact they're significantly mutated, so it wouldn't surprise me if there's some configuration defect on that specific VM. Thanks for the help anyway guys, I definitely learned a lot.
|
|
#
¿
Oct 17, 2019 22:26
|
|
|
necrobobsledder posted:You can use a tool like goss to identify a lot of system configurations, emit a policy, and then use the tests to validate any new container or EC2 instance you build with automation. This looks amazing, but sadly Linux only 😢
|
|
#
¿
Oct 19, 2019 06:21
|
|
|
Curious to hear some feedback from anyone who has tried LocalStack for developing AWS stuff without actual resource spin up and pull down. It looks super promising to me, but I've never used it in practice, I'm keen to hear some thoughts from you much more experienced gurus?
|
|
#
¿
Nov 29, 2019 10:48
|
|
|
Vent time. I hate these weird gaps in functionality that AWS has, for no discernible reason and with no documentation available to explain the problem. In this case I'm trying to shift some of our current Azure poo poo over to AWS and wanted to set up our CICD stuff in the AWS tooling, Code Build, Deploy and Pipeline. Already I got stuck at the very first step because Windows is mysteriously missing from the dropdown list of build container environments. I Google and Google, and I look through all the AWS docs and they all say the same thing "Select Windows from the dropdown". Finally I try doing the same thing using a JSON file and the CLI tool and lo and behold I finally get a useful message. For some reason the Windows container environment is not available in ap-southeast-2. This is not mentioned anywhere in their documentation. Anyway, I Google this and see someone has asked about it and AWS's response is "we have no current plans to do this". This is so frustrating... On a related note: does anyone know of a way to build a .NET Framework project in a non-Windows environment? I've heard about Mono but I'm not sure how that works exactly, do you have to modify the project itself to get it to build with Mono? Is there some straightforward reading I can use to give me a fairly generalised understanding of the relationship between Mono and regular .NET Framework build options?
|
|
#
¿
Dec 26, 2019 23:14
|
|
|
deedee megadoodoo posted:You’ve learned one of the most important lessons: the AWS console is absolute poo poo and should be avoided. Well the problem isn't so much the Console in this case, rather the documentation which instructs me to do something that isn't possible in my region without mentioning that it's a region specific thing. But yes, I do agree that the Console loving sucks.
|
|
#
¿
Dec 27, 2019 02:16
|
|
|
Adhemar posted:Please also vent on the feedback forms, there should be feedback links on every doc page. I totally agree our docs are poo poo. Yeah someone mentioned this in the .NET thread, so I gave it a go. I had to change all of my projects to the new SDK style but it worked beautifully, and I now have a successful Build and Deploy pipeline set up. Thanks!
|
|
#
¿
Dec 31, 2019 02:12
|
|
|
Sorry for a pretty newbie question, but I'm looking at this: https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file-structure-hooks.html I'm setting up a CodeDeploy application to deploy to EC2 instances and I'd like to us the Blue/Green approach. I want to use original instances (not replacement instances), so I'm looking at the table showing available lifecycle hooks and it seems like I can only assign scripts to these two:
Is this correct? If so, why? Is there a technical limitation as to why I can't attach scripts to - for example - the AfterInstall hook?
|
|
#
¿
Jan 1, 2020 23:03
|
|
|
Adhemar posted:Not sure if I understand the question right; the three steps in the table are the only ones that happen for the original instances. There is no installation happening on them. Yeah I had a fundamental misunderstanding about how the in place deployments worked, I understand what's going on now. Ignore my idiot question haha.
|
|
#
¿
Jan 2, 2020 02:53
|
|
|
Has anyone had any success with the Packer/Ansible/Windows EC2 combination? All the Googling I'm doing seems contradictory (I'm assuming things have changed over time) and I'm not sure on the right combination of config options to get it all working. Packer is able to created the EC2 instance and retrieve the auto-generated password and connect to WinRM. But as soon as Ansible gets involved I get a permissions error regarding the Ansible remote temp directory. Does anyone know how to resolve this, or where to start looking? Packer output: code:code:code:code:putin is a cunt fucked around with this message at 06:42 on Jan 2, 2020 |
|
#
¿
Jan 2, 2020 06:34
|
|
|
Pile Of Garbage posted:Try removing the become configuration and just inject the following: This seems to have done the trick, thank you!
|
|
#
¿
Jan 6, 2020 00:01
|
|
|
Hmm I spoke too soon... It definitely seems to have gotten me further, but now I'm getting SSL errors. Again the problem I'm having in fixing this is that Google is returning advice from 2015-2019, all of which contradicts each other and there doesn't appear to be a single documented process for working with WinRM. Ansible has this page: https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html but doesn't mention anything about SSL (or at least it has some stuff about it, but indicates that the Windows server version I'm using should be configured correctly by default). I'm using a stock standard Amazon AMI and the Ansible supplied WinRM setup script, so I'm surprised that it doesn't work when I follow the documentation - I'm not doing anything strange, it's all just the standard poo poo. I wish I could just abandon the Windows servers but alas that's not an option  Edit to add more details: The specific error I'm getting is saying the SSL version is incorrect. The WinRM page from the Ansible docs says that it needs to be configured as TLS v1.2. So I've manually started up an instance based on the same AMI using the same userdata script, and when I use openssl to check the SSL info it tells me that it is definitely using TLS v1.2. putin is a cunt fucked around with this message at 00:56 on Jan 6, 2020 |
|
#
¿
Jan 6, 2020 00:46
|
|
|
Wow. Not at all an important part of AWS.
|
|
#
¿
Jan 23, 2020 04:31
|
|
|
I'm playing with ECS at the moment and trying to use Secrets Manager to hold my database credentials. This works fine, but the 'value' is an object with each of the necessary properties, serialised to a JSON string, so when I pass it into the environment variables for the container, it's just a JSON string which means I'll need to modify my project to read the variable as a string and then parse it into an object. I'd rather not do something like this just to satisfy a deployment-specific eccentricity, is there any way I can inject the credentials as separate environment variables? So I end up with four variables for Username, Password, Host and Database? I tried adding :host etc to the end of my secret ARN, but no dice. ECS just tells me it's an invalid ARN.
|
|
#
¿
Jan 24, 2020 04:32
|
|
|
Never mind, I should have Googled some more: https://github.com/aws/containers-roadmap/issues/385 What a pain in the arse :/
|
|
#
¿
Jan 24, 2020 04:40
|
|
|
I reckon there'll be someone here who will say "you loving idiot, obviously this is how you do it" because this seems like a pretty common scenario. With ECS, if you have a pipeline set up to deploy I'm finding that I keep hitting an issue where the new task won't start if it's on the same underlying instance because it uses the same port. How am I supposed to work around this? I did some reading that suggests using 0 as the host port so it'll use the ephemeral range, but if you do that how do you tell the load balancer to use the right port on a new deploy?
|
|
#
¿
Jan 31, 2020 09:36
|
|
|
Cancelbot posted:You link your ECS task/service to an ALB: https://aws.amazon.com/premiumsupport/knowledge-center/dynamic-port-mapping-ecs/ Precisely what I needed, this is why I love you guys! Thanks mate
|
|
#
¿
Feb 2, 2020 00:39
|
|
|
The Fool posted:I know this is possible in Azure with blob storage. Ew
|
|
#
¿
Feb 6, 2020 10:12
|
|
|
Can we please have a rule against suggesting self harm?
|
|
#
¿
Feb 6, 2020 10:14
|
|
|
Scrapez posted:That IP is just my PC. The instance is in a VPC/subnet that is routed to it via the VPC Endpoint. My actual issue is that retrieving the file via http protocol gets a 403 but pulling it down via s3 cp works fine: I'm no expert, but I think using the CLI within the EC2 instance would use the instance role, as opposed to HTTP which wouldn't have any associated role-granted permissions. Check the permissions policies on your bucket, in particular GetItem. Edit: nvm, I somehow missed that you posted the policy already putin is a cunt fucked around with this message at 04:09 on Feb 7, 2020 |
|
#
¿
Feb 7, 2020 04:06
|
|
|
Really simple question for the experts here I'm sure, but I have an ECS cluster and the underlying EC2 instance (just one at the moment, it's an in-development project) is using an AMI that now has a more recent version available. I know how to change the AMI and so on, but what is the easiest way to quickly locate the AMI ID for the latest version of this AMI? Searching for the AMI brings up a bunch of different ones and there is no way to sort by version, or even creation date.
|
|
#
¿
Feb 27, 2020 23:54
|
|
|
Skier posted:https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-ami-versions.html says Oh nice, thanks!
|
|
#
¿
Mar 2, 2020 01:12
|
|
|
How did you get into this situation anyway? Like I know the literal sequence of events that you posted, but why did that happen? Why are you still using resources that were created with a CF template that no longer exists? I'm not trying to override your question or invalidate it, sorry. Just curious what happened?
|
|
#
¿
Mar 21, 2020 09:43
|
|
|
I'm trying to use localstack to develop some S3 stuff and I'm stuck at the very start getting the AWS SDK to communicate with localstack. I've set the endpoint like this (using Node.js):code:getaddrinfo ENOTFOUND testbucket.localhost { "service": "user-service", "errno": -3008, "code": "NetworkingError", "syscall": "getaddrinfo", "hostname": "testbucket.localhost", "region": "us-east-1", "retryable": true, "time": "2020-05-28T04:56:21.583Z", "stack": "Error: getaddrinfo ENOTFOUND testbucket.localhost\n at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:66:26)" } For some reason it's trying to use testbucket.localhost as the endpoint URL, even though I've clearly given it a different one. Have I missed out a setting somewhere that I need to include? I can use awslocal just fine, so I know localstack is actually up and running properly. EDIT: As always, I struggled with this all day and as soon as I post about it I figure out the answer. I needed to include s3ForcePathStyle: true in my S3 config to force it to use the path style URLs. putin is a cunt fucked around with this message at 06:18 on May 28, 2020 |
|
#
¿
May 28, 2020 05:57
|
|
|
|
| # ¿ Apr 30, 2024 18:59 |
|
|
Is it possible to use AWS SDK v3 in a Lambda function? I've tried to install v3 of the S3 client but when the Lambda runs it says the module can't be found - this is a serverless application if that matters.
|
|
#
¿
Jul 14, 2021 06:27
|
|