|
Virigoth posted:Agrikk what’s the deal with these “Senior DevOps Consultant” jobs I’ve had land in my inbox. 2 so far this week. Is this a new professional services offering spinning up to help people do the DevOps? It’s almost a perfect match to the DevOps Enablement initiative I’ve been working on at my company for 6 months but I’m guessing the pay and perks are better. That is correct. The DevOps Consultant is part of Proserve and is a combination of hands-on-keyboard and instructor. Scrapez posted:When performing a describe-network-interfaces, is there a way to do wildcards in the description filter to return all matching ENIs? FYI- Using a wildcard for the filter may result in multiple API calls being made in quick succession, which may result in RequestLimitExceeded errors depending on the amount of entries returned, other filters and other API activity in your account. I'm not saying that it will happen, but it could happen depending on your use case. Agrikk fucked around with this message at 07:16 on Feb 20, 2019 |
#
¿
Feb 20, 2019 07:10
|
|
|
|
| # ¿ May 22, 2024 17:20 |
|
|
Scrapez posted:So would it be better to set the description of all the ENIs to the same string (TestAdapter) and then instead do the query as: `aws ec2 describe-network-interfaces --filters Name=description,Values="TestAdapter"` That is correct. If this process is going to be anything other than a one-off you should probably build a tagging scheme and do your search based on tags.
|
|
#
¿
Feb 20, 2019 18:18
|
|
|
Cancelbot posted:Architectural one - We had an argument today of whether or not we should have environment based transit. For context: the developers have to provision a "mainline", "staging" and "live" environment by having a VPC for each per region they want to be in (so more often than not teams end up with 6 VPCs for 2 region redundancy) this adds headaches as theoretically it also means a pair of VPN tunnels per VPC-Region if they want to hit our on-premise infrastructure and a hell of a lot of NAT gateways. Like everything else AWS, "it depends." What need does segregation solve? If your company got burned somehow by unsegregated networking, then yeah, culturally you might want to go the three transit networks route. But other than that you have to ask yourself what gains do you achieve by adding triple the complexity for all of your interconnects.
|
|
#
¿
Feb 25, 2019 22:47
|
|
|
PierreTheMime posted:For S3, is there a preferred standard for object storage while keeping original location information? I'm planning on flattening my fullpath names into keys (removing the system name with a shortened reference name), which will make regenerating the files from objects as simple as performing the reverse. Am I going to run into any trouble this way? I'm sure I could store the old filepath within metadata but that seems just as messy. This is fine. I have clients using powershell scripts and robocopy to do a shake-n-bake backup nightly backup job. Robocopy generates a list of files with the archive but set Another command splits the list into 8 lists [one for each core on the server] Another command launches 8 [AWS s3 cp] commands to push the files to the bucket and reset the archive bit Not that it doesn’t reflect any deletes or renames or folder moves, so your bucket will end up with a lot of leftover artifacts. Agrikk fucked around with this message at 21:35 on Feb 26, 2019 |
|
#
¿
Feb 26, 2019 21:32
|
|
|
I sat for and passed the SA Pro cert without studying at all, but I basically teach this stuff to others all the time. That said, anyone with a rough overview to the AWS core services should be able to pass the associate after no more than a month of study from online materials and some practice tests. The associate is meant to be more of an initiation to the subject matter rather than a hurdle to cross. The Pro certs require a more in-depth knowledge. Protip: If the question mentions "real time" anywhere in the paragraph of words stop reading any further. The answer is kinesis. It is always kinesis. 
|
|
#
¿
Mar 13, 2019 07:19
|
|
|
Scrapez posted:Cloudformation drift detection...Does it just tell you that objects have changed since you launched your template or is there a way for it to produce an edited Cloudformation template that includes the changes? Or a separate template that only includes the additions/changes? No. Cloud formation launches itself and then is done. Any subsequent changes to the environment has to be monitored by other means.
|
|
#
¿
Mar 14, 2019 18:07
|
|
|
...and here is his update, presented the next year at re:Invent (2015) https://youtu.be/3qln2u1Vr2E They are each 45 minutes long or so but are worth watching.
|
|
#
¿
Apr 14, 2019 22:33
|
|
|
the talent deficit posted:i'm working with a client too cheap to pay for aws support but i have some questions about the service level guarantees of cloudwatch events, sns and sqs. whats my best bet for finding these? You can always try the AWS forums. They are moderated by AWS employees who are SMEs, but YMMV.
|
|
#
¿
Jul 14, 2019 06:15
|
|
|
Boris Galerkin posted:How do I get a list of all resources (lambdas, API Gateways, buckets, etc) that are currently in use on my account among all regions? I just saw that I had things uploaded to a S3 bucket in the wrong/different region that I would have never noticed except by accident and I'd like to just go through and get rid of everything I've ever set up through various tutorials and examples etc. The easiest way will be through cost explorer. If you a spend for a service, then you have stuff in that region.
|
|
#
¿
Aug 16, 2019 19:11
|
|
|
JHVH-1 posted:Ive heard of some orgs that just give each team their own account so they are isolated. It also has the benefit that they get to pay the bill so if they waste resources it comes out of their own budget. This happens a lot and the multi account strategy solves lots of billing and resource tracking problems, but can create huge problems as well. Before heading down a multi account strategy consider the following: - how well will our processes around account creation scale? What works at 5 accounts won’t work at 50. Or 500. - how will we manage account governance? All of these accounts will need to be secured somehow. What happens when someone switches teams? How will their access roles be moved? - how will we manage data security? Will there be a central team with review permissions on every account? Will each team be responsible for implementing our security best practices? - how will resources in these accounts talk to each other? Will they have a hub-and-spoke model or fully meshed? What do New VPCs look like in terms of peering relationships or VPN/DirectConnect access? - how will resources be identified? Will there be any company-wide naming conventions and tags? Etc. Getting these questions wrong (as in wrong for your company, since there are no wrong answers in general) will cause massive headaches when you hit that landmine. From countless experiences like this, I tell you that Architectural redesigns are incredibly disruptive and painful when the tech debt bill has to be paid. And 80% of them are avoidable with thorough analysis ahead of time. Agrikk fucked around with this message at 18:19 on Aug 18, 2019 |
|
#
¿
Aug 18, 2019 18:15
|
|
|
Or you can do what a customer of mine did: Be really clever and buy an iPhone and put all eighty of their accounts’ root 2FA on an instance of google Authenticator and keep the iPhone in a bombproof safe. They were all kinds of  until someone dropped the phone.I had to fly down there and get on a video call with our legal department and me sitting next to their leadership and vouch that their leadership was actually their leadership and we all had to present IDs and say who we were and that we were authorized to remove MFA from the account. We got to do this eighty times. Agrikk fucked around with this message at 02:35 on Aug 19, 2019 |
|
#
¿
Aug 19, 2019 02:32
|
|
|
Startyde posted:The first rule of AWS is Amazon hates you Hah hah hah! I’m getting this made into a t-shirt and am going to wear it in the office.
|
|
#
¿
Aug 24, 2019 23:48
|
|
|
Cancelbot posted:Cross posting here for the Agrikk goodness. I've reached the final stage (on site interview) to become an AWS TAM Be honest and forthright about what you know and don’t know. You got this far because you are demonstrating a keen mind, a personable demeanor and good judgement. Keep doing that. It’s totally okay to say, “I don’t know the answer to that, but here is how I’d find out. Also, would you mind if I took a minute or two to take a guess at the answer and try to reason it out?” This process demonstrates that you have a analytical mind even if you don’t know an answer and it shows you are comfortable with not knowing. With 150+ service offerings these days, it is impossible to know everything about everything, and we need you to be comfortable with that ignorance. Also: get your sleep and eat well the day before and have stuff to snack on during your on-site loop. The five hours [or whatever it is these days] can be a grueling affair and you are best to be well-rested and well nourished.
|
|
#
¿
Aug 26, 2019 22:01
|
|
I've had a little help from our current TAM and the Enterprise Support Manager after my second screen interview but i'm still super nervous. I've been writing down as many stories as I could for each of the leadership principles but concerned I'll forget it all and crash and burn when put in front of the 5 or 6 TAMs i'll face during the day.
|
You can bring in anything you want, but you are under NDA so you might not be able to take any notes out of the interview space. It’s enforced only when we talk about future roadmap type stuff but know that it does happen.
|
|
#
¿
Aug 26, 2019 23:51
|
|
|
^^^ this as well. If you have “migrated from on-perm to a datacenter” at the top of your resume you can me very certain that I am going to grill you on it: - what was your role? - how did you contribute? Not “your team” but “you”. If the next word out of your mouth isn’t “I...” then I’m now mad at you, and as your interviewer that’s a bad thing. - what did success look like? - what would you do different next time? (What did you learn from this experience?) It is really apparent to us if you were an active driver of the engagement or if you were a water-carrier.
|
|
#
¿
Aug 27, 2019 02:14
|
|
|
It’s not a trap. AWS doesn’t play interview games. Our questions are straightforward and you won’t see “why is a man hole cover round?” questions anywhere. If you found it easy then congratulations: you are exactly who we are looking for. Edit: And they are loops because interviews are ultimately an iterative process: if we like you and think you have Amazon qualities, we will keep cycling you through positions until we find a fit for you. But due to the revamped screening process, a loop is more of a straight line these days. Agrikk fucked around with this message at 21:42 on Aug 29, 2019 |
|
#
¿
Aug 29, 2019 21:38
|
|
|
The interviews are rough, yep. I hope the right thing happens for you!
|
|
#
¿
Sep 7, 2019 18:31
|
|
|
Cancelbot posted:I loving got it! Congratulations Cancelbot! 
|
|
#
¿
Sep 10, 2019 14:10
|
|
|
TAMs are always in Enterprise support since TAMs are only assigned to customers with enterprise-tier support contracts. What office will you be working out of? I’m curious if I’ll be your trainer. And don’t feel bad. I don’t return anyone’s calls. It’s what makes me such an effective TAM.
|
|
#
¿
Sep 12, 2019 16:19
|
|
|
TheCog posted:I was catching up with the thread, and well:  And asking your TAM for a SME should not take three weeks usually. Most importantly, your TAM should not have you wondering what is going on. Pinging your TAM with “uh, we haven’t had an update in a while. What’s up?” is completely warranted any time you are wondering about something.
|
|
#
¿
Sep 13, 2019 03:25
|
|
|
Jeoh posted:Contact your AWS TAM. We've been working intensively with the DMS team and they're really eager to change things based on customer feedback. Always this. For every project, you should be engaging your TAM (or entire account team) before you start the project. This way you don’t have to reinvent the wheel ad you’ll be given best practices for your project- ensuring you get it right straight from the beginning.
|
|
#
¿
Sep 24, 2019 23:37
|
|
|
Internet Explorer posted:What if you have a Solutions Architect and not a TAM? Then reach out to them. Solutions architects exist to help architect solutions. See? A TAM gets assigned to a customer only when the customer signs up for enterprise support (a minimum of $15,000 per year), but technically there is an SA and an Account Manager assigned to every account. That said, territory account managers can have hundreds of customers so access to the SA associated with your account might be limited. YMMV.
|
|
#
¿
Sep 25, 2019 05:49
|
|
|
AWS employees don’t hear about upcoming launches at retInvent until re:invent so yeah, I feel your pain.
|
|
#
¿
Nov 15, 2019 22:50
|
|
|
Be careful how you book sessions. If you are sloppy you can walk ten miles in a single day, like a customer did.
|
|
#
¿
Nov 20, 2019 21:13
|
|
|
Hughlander posted:Not sure what thread this should go to, but I want to get an elastic ip and vpn it to a set of containers on my NAS. Is that just going to be a Vpc, elastic ip and vpn endpoint? Or is there more to it than that? I'm not really sure what you are asking here, but I'll take a swing at it: You will want to create a VPC, set up a virtual private gateway (that in itself will have public IP addresses - you don''t have to create them) and then create your VPN tunnel to it. Then you can route in/out traffic through a NAT gateway which in itself will have a public IP address.  FYI: bumping an EC2 machine to a different class (T3 to M5) or size (large to 2xlarge) is trivial and requires only a reboot. Agrikk fucked around with this message at 21:05 on Dec 9, 2019 |
|
#
¿
Dec 9, 2019 20:58
|
|
|
Yup
|
|
#
¿
Jan 23, 2020 05:11
|
|
|
fluppet posted:How long does it take for an application to aws be rejected via the job portal? What’s the position? Things are moving a bit slowly in Post-new year. I recommend to keep after it and keep bugging HR people for updates. Eagerness is a good thing here.
|
|
#
¿
Jan 29, 2020 03:46
|
|
|
Matt Zerella posted:Maybe I'm a dummy, or my google skills suck. What is the workload? This is an odd architecture that resembles some kind of grid compute but putting nodes into an ASG and the requiring them to connect to a specific partner has me curious. Linking one server to a partner locks an architecture into a static configuration. Instead you’d build a stateless configuration which sends a completed work request from column A into a queue that would be pulled down into the next available server in column b. Agrikk fucked around with this message at 01:15 on Feb 19, 2020 |
|
#
¿
Feb 19, 2020 01:05
|
|
|
Matt Zerella posted:The idea is to spin this up, do a bunch of processing and tear it down. The Linux to Windows link is due to a service that only runs on Windows and consumes data from the Linux machine and sends it back. If this is a batch processing job, it makes it much easier and you don't need a ASG for this at all. But this is a simple fixed infrastructure design: Your workflow looks something like this: - A workload gets dumped into SQS - a lambda is triggered that spins up and tags a preset number of linux boxes and the same number of windows boxes - each windows box finds its linux "mate" via tagging and creates a secure connection - linux boxes drain the queue and shove workloads to its windows mate for processing - upon completion of the queue instances shut down and terminate note that termination is optional. Since this appears to be a recurring task, you could just as easily save yourself some baking time by shutting them down but preserving the EC2 instances until they are powered up by the next batch.
|
|
#
¿
Feb 19, 2020 05:22
|
|
|
Docjowles posted:I feel better about my harebrained design now that a TAM Careful, though. My idea came while in full vacation mode while waiting for my buffalo wings to arrive. I reserve the right to make fun of my own idea when I
|
|
#
¿
Feb 20, 2020 05:01
|
|
|
Nomnom Cookie posted:Our experience with the C* backend was poor and I don't recommend it. Switching from C* to ES for span storage cut the storage CPU/memory usage approximately in half, cut collector CPU by about 90%, and fixed persistent congestion in the collectors' queues for our production Jaeger instance. Recent ES versions can do recovery in a reasonable way and clean up old indexes automatically, so in the few months since switching we've had zero problems after dialing in cluster and index settings. I can DM you the settings we ended up with (do recommend if you haven't used ES before, the out of the box experience with Jaeger is not good). Can you send me the ES settings as well? I’m always curious to know more about ES v. C activity.
|
|
#
¿
Feb 21, 2020 06:05
|
|
|
Bhodi posted:Could probably ask our TAM as well, but I don't know really the line between proserv and support. Not responding directly to your question but more generally: Always open a support case. You pay for support, why not use it? Open a low severity general information case and select the web option. Paste the body of your post into the case, click send and lean back, smug in a job well done. In 1-2 days you will have a nicely formatted and annotated response with an answer to your question. If you aren’t sure if you should open a support case, always err on the side of opening one. Please give us a chance to help you. We know a thing or two because we’ve seen a thing or two. Hell- I work here and I open support cases when I don’t know something. Cloud Support Engineers are pretty good, yo.
|
|
#
¿
Feb 26, 2020 17:32
|
|
|
Protocol7 posted:Trying to price out some cloud options for a project I'm on. What is the “neural network stuff”? Because I’d use lambda for compute, s3 for image storage AND web hosting and CloudFront for your CDN.
|
|
#
¿
Apr 9, 2020 01:26
|
|
|
You could also try Athen for S3 and skip all the processing. Athena is simply a database-like wrapper for ordered files in S3.
|
|
#
¿
Apr 14, 2020 20:04
|
|
|
dividertabs posted:*To rant, this kind of marketing- instead of technical- focused documentation is the main reason I roll my eyes every time I hear someone in AWS mention "customer obsession" Triggered. I take this as an affront: The poo poo that my org does, the calisthenics we pull to bend over backwards for our customers is insane. We lobby for feature requests on existing services. We advocate for new services, we take the blame when a service falls short. We issue refunds when things so sideways. We inspect your poo poo to make sure it’s well-architected. We empathize when you ignore our advice and poo poo falls over and you blame us. To base “customer obsession” on documentation is ridiculous. Yes our documentation could be better and is often out of date or incomplete. How’s yours? But to judge our customer obsession on a generalized weakness of the IT industry is to say that apples are a terrible fruit because they eventually rot if left on a bowl on the kitchen counter. Agrikk fucked around with this message at 15:07 on Apr 15, 2020 |
|
#
¿
Apr 15, 2020 15:04
|
|
|
You can also set up an NFS share on the windows box and then rsync the NFS share to EFS mounted on a Linux EC2 host. But back up a sec. How are the file appearing on the Windows box? Is it possible to redirect the location of those files and have them end us straight on an EFS mount point on EC2 Linux?
|
|
#
¿
May 14, 2020 18:13
|
|
|
deedee megadoodoo posted:I've got a quick question about CloudWatch. We currently have 11 accounts and we're using the CloudWatch agent on our ec2 instances to ship system logs. The problem is we want a central location where we can view all of our logs. I was looking at doing this: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html and setting up a central logging account but I don't know how much of a pain that isto work with and maintain. Any thoughts? It’s actually really straightforward once you get it set up the first time. It is a bit more work to work on (since you’ll need two browsers open for the two console sessions for the two accounts), but creating a central longing account with some compute and lots of storage means that everyone will get in the habit of dumping log files there and only there and you’ll always know where a given log stream will end up.
|
|
#
¿
Sep 3, 2020 06:07
|
|
|
Like anything else AWS, going cross account is a real PITA. In the early years, no one anticipated customers needing to open more than one account and now, decades later, it shows. My constant refrain is to pull all the things into a central place and point your thing at that place. I recommend pulling logs from all your accounts into a single bucket and pointing Athena or elasticsearch at it, or push all logs into a database and add triggers to it, pull your trusted advisor checks into a database instead of checking them for each account, etc. And yeah, cloudwatch can be really rough.
|
|
#
¿
Sep 18, 2020 06:41
|
|
|
When I quit I’m issuing a sev1 trouble ticket (a sev 1 TT pages pretty much everyone pageable at the executive level) in return for my one ? email. One ? Email = one Sev1 TT. My boss’ boss’ boss told me over drinks that it is expressly forbidden. Which makes it all the more fun, huh?
|
|
#
¿
Sep 19, 2020 05:14
|
|
|
|
| # ¿ May 22, 2024 17:20 |
|
|
Good luck in your loop! Map all of your anecdotes to a leadership principle and you should do fine...
|
|
#
¿
Oct 11, 2020 06:22
|
|