Anybody try to do anything meaningful with Aurora Serverless yet? Wondering what sort of unknown horrors I'm about to encounter...
|
|
# ¿ Feb 8, 2020 00:45 |
|
|
# ¿ May 1, 2024 21:57 |
Cool, thanks for the feedback! For our use case we probably won't have scale to zero enabled, at least in production. Good to know though, may come in handy for internal dev/qa instances.
|
|
# ¿ Feb 8, 2020 03:08 |
22 Eargesplitten posted:Is there any viable reason to be using MS SQL on an EC2 instance rather than in an RDS instance? My suspicion is it's due to a lift and shift from on-prem to AWS and wanting to just copy everything over from the old on-prem DB setup. I know they were fussed about the price of MSSQL on RDS compared to on Azure but I'm not sure if a license for an on-prem version would transfer over to EC2 and save them the subscription cost. RDS is very expensive. Usually a database needs the features RDS has to offer, so it can be worth it. I've had a few unusual use cases where a SQL database was needed but without any replication, failover, etc that we used EC2 for instead of RDS. Those were not typical use cases of a database, which usually needs the features RDS has to offer. You pay a premium for it though!
|
|
# ¿ Sep 21, 2021 07:01 |
Scrapez posted:Is there a way to spin up an EC2 instance with only an ENI? No built in NIC? Why not stick these instances behind a NAT gateway so they all have the same public IP?
|
|
# ¿ Dec 2, 2021 00:39 |
Cheston posted:I'm trying to understand cloud pricing so I'm not such a mook. Data transfer out of us-east-1 costs $0.09 per GB. Cheaper regions cost $0.05 per GB. Backblaze charges $0.01 per GB. Both services claim eleven nines of durability. Why such a big price difference? Yup what the other guy says. AWS charges a premium because they are the market leader and can. It's way more expensive than the competition, but also way more complete in terms of all the services available in AWS.
|
|
# ¿ Apr 3, 2022 22:15 |
BaseballPCHiker posted:What are people doing here to manage and harden AMIs? Trying to push for us to at least patch the base AMIs at creation before they make it to production. Image builder seems like the go to but wondering what folks use. Packer for us as well. We use Amazon Linux 2 as our base AMI. Security updates are installed automatically on instance boot.
|
|
# ¿ Apr 5, 2022 21:30 |
I want to adhere to the principle of least privilege with my IAM policies and keep things organized, but it's so tedious. Is there an easier way to do this? I'm using terraform to define all of my IAM policies as a superuser, so they're at least version controlled. It's such a pain though!
fletcher fucked around with this message at 10:38 on Nov 15, 2022 |
|
# ¿ Nov 15, 2022 10:35 |
12 rats tied together posted:if you haven't already, check out the aws documentation page for IAM policy variables and tags. a big problem I often see people run into with terraform specifically is creating tons of policies with terraform interpolations in them that could actually just be one policy with an iam variable in it (typically aws:userid) Ahh that is super helpful, I have been making that same interpolation mistake with my policies! necrobobsledder posted:IAM access analyzer helps generate IAM policies based upon cloudtrail data. https://aws.amazon.com/blogs/securi...ccess-activity/ This is glorious. I was hoping there was some sort of audit2allow type of thing. Thank you both for the advice!
|
|
# ¿ Nov 16, 2022 00:15 |
Doesn't help the "compare things simultaneously" aspect but I've found the https://github.com/tilfinltd/aws-extend-switch-roles extension to be very handy for bouncing between accounts
|
|
# ¿ Nov 29, 2022 18:40 |
LtDan posted:Any suggestions for a intro level project with EKS? Maybe try deploying a self-hosted app that has a few different services involved, something like https://github.com/immich-app/immich/blob/main/docker/docker-compose.yml
|
|
# ¿ Mar 29, 2023 21:37 |
Anybody using AWS Controllers for Kubernetes ? We're currently a terraform & k8s shop. Sure terraform has its warts but at least we've got a few years of knowledge built up and the warts are all well known at this point. What's the compelling reason to consider adopting ACK? It seems like you would also need a k8s cluster to use ACK...so what provisions that? Terraform??
|
|
# ¿ Apr 13, 2023 19:31 |
Thanks for the replies!Docjowles posted:Disclaimer: I have not personally used ACK Yup that is my understanding, that it's for managing all those other AWS resources, not for managing the k8s clusters. Just seems like you would have to use something else at that point since it can't bootstrap a cluster itself. freeasinbeer posted:Don’t use ACK it’s a hacky AWS side project they barely support. Crossplane.io is much further along as far as features and has actual users, if you have to control stuff via Kubernetes control plane. This is good to know that it's a hacky side project, and more mature alternatives exist. Our particular use case is giving users of our product the ability to provision resources in AWS, but abstract away everything. The users would just have a button in the UI that does the provisioning - so my first thought was just have Java code shell out to terraform, since we've got plenty of institutional knowledge about those two things already. It's not perfect but it seems easy and minimizes the unknown unknowns that any alternative solution might have.
|
|
# ¿ Apr 13, 2023 21:13 |
The Fool posted:I would fully migrate to pulumi before trying to shove terraform cdk into things It looks nice and certainly seems like the more elegant solution. I'm still leaning towards just having Java code shell out to terraform though. I think part of the reason is that this project is more of a POC and we don't expect this use case to be repeated any time soon, so it's probably not worth the trouble of bringing in some new tech into our ecosystem. Certainly if the use case expands, then it's probably time to ditch the Java/terraform hacky solution for something more purpose built.
|
|
# ¿ Apr 14, 2023 17:39 |
Hughmoris posted:Is there any sort of 'community' around Redshift? I can't find any discords/slack channels/user groups/bloggers etc... Maybe the SQL Server and Postgres communities have spoiled me. Maybe they hang out on whatever is hosting those Google results that always have a solving my exact problem but I can't view the solution because I don't have a license??
|
|
# ¿ May 6, 2023 06:20 |
FISHMANPET posted:My read on those is that you have to "switch" into a role and isn't really meant to be a user's level of regular access. And it still has a policy attachment limit. The policies attached to roles is a soft limit though, they can increase it upon request
|
|
# ¿ Feb 15, 2024 16:46 |
Docjowles posted:It looks like both users (I would assume this also applies to groups) and roles have an initial limit of 10 policies and a hard cap of 20. So yeah you could request an increase and relieve the immediate pressure. https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html It's nice being able to see the permissions sort of grouped into their purpose though. I could craft one giant policy with all of them combined but it just seems like it's less organized. Why don't they just group them up behind the scenes for me?
|
|
# ¿ Feb 17, 2024 18:39 |
BaseballPCHiker posted:Im sure Im missing something dumb here.... What would that need for IMDSv1 permitted instance be? We enforce it at the AWS account level - starting with lower environments, fixing whatever broke, and then eventually enforcing it in production.
|
|
# ¿ Mar 1, 2024 07:38 |
|
|
# ¿ May 1, 2024 21:57 |
lazerwolf posted:Is it a good practice to use container images for lambda functions? Seems to be the easiest way to handle dependencies. Are there any obvious downsides? I think it is pretty standard. It's gonna be a container image either way, just a matter of whether it's amazon's or your own. I think the biggest downside would be that you need a way to build & deploy your images, which probably ranges from trivial to minimal effort. Years ago we were doing a simple lambda and it was one of the first ones with no other use on the horizon, so rather than a custom image to use the requests library we just inlined a simple http request function using python standard library, to avoid that bit of overhead of using a custom image.
|
|
# ¿ Mar 22, 2024 20:25 |