Questions tagged [amazon-web-services]
Amazon Web Services (AWS) delivers a set of services that together form a reliable, scalable, and inexpensive computing platform "in the cloud". If you have a question about a specific web service, consider asking on its tag, e.g., amazon-ec2.
2,687
questions with no upvoted or accepted answers
11
votes
0
answers
7k
views
How can a Cognito user initialize TOTP on first login when MFA is required?
I am setting up Amazon Cognito for authentication to use a Kibana instance. I only permit administrators to create users, and I permit only the Cognito User Pool identity provider. When creating the ...
7
votes
1
answer
3k
views
How can one configure an AWS ElasticSearch access policy using CloudFormation?
The AWS documentation on ElasticSearch access control talks about how to grant access to the ES domains subresources while preventing changes to the domain's configuration by creating an ES domain ...
7
votes
1
answer
2k
views
Joining a server to AD via AWS cloudformation
I want to use cloudformation to automatically join new instances to AD.
When I googled this it looks like many people just use scripts in there cloudformation templates and pass in credentials- I don'...
7
votes
0
answers
2k
views
TCP congestion collapse
I am experiencing suboptimal performance on an EC2 instance connecting to an RDS instance. This particular instance was built before VPC's existed, so all the traffic is flowing through a single ...
6
votes
3
answers
4k
views
Best way to log to two different CloudWatch log streams from an ECS container?
We are running our services on AWS's ECS platform, and we send our logs to AWS CloudWatch.
We have two types of logs, any container can produce either type:
the usual application logs (access, error,...
5
votes
1
answer
7k
views
What options do I have if I need a firewall behind AWS network load balancer?
Today we're using WAF for Application Load Balancer and it's great, but WAF not support Network Load balancer.
So we need a solution that will protect us behind or after the NLB. For example:
1. ...
5
votes
1
answer
3k
views
EC2 VPC Intermittent outbound connection timeouts
My production web service consists of:
Auto-scaling group
Network loadbalancer (ELB)
2x EC2 instances as web servers
This configuration was running fine until yesterday when one of the EC2 instances ...
5
votes
2
answers
5k
views
AWS "No credentials specified" even when EC2 IAM policy applied
This is an odd issue which we can't find a solution for.
On AWS, we are running Microsoft Remote Desktop Services on Windows Server 2019. All servers are joined to an AWS AD Directory Services ...
5
votes
0
answers
5k
views
How to handle trailing slash in a redirect rule for an AWS S3 website?
I'm trying to build up some landing pages in my s3 hosted web site.
For example: http://www.example.com/products
That should redirect to http://www.example.com/products.html
To accomplish this, I ...
5
votes
0
answers
522
views
Updating to latest Docker images in Elastic Beanstalk Multicontainer
I'm running a site on Elastic Beanstalk using a multi container set up. I'm wondering what is the preferred strategy to pull in the latest images.
On the CI server, after successful commits to master,...
5
votes
0
answers
1k
views
CloudFormation fails deleting a stack if a hostedzone contains non-required records, how can it be avoided?
I wrote a CloudFormation template which creates a whole environment which includes the creation of VPC, HostedZone, Subnets, Autoscaling Groups, etc...
The servers which are created and are members ...
5
votes
0
answers
3k
views
Newly installed programs in Server 2016 can't be clicked from the start menu
I created a new instance of Windows Server Datacenter 2016 on AWS (Version: 1607 OS Build 14393.321). When I install a new application and try to click on it from the start menu it does not work.
...
5
votes
2
answers
742
views
Automate war deployment in VPC's private subnet on tomcat7
I have a VPC with public and private subnets.
Public subnet contains my Nating and Bastion instances
Private subnet contains my application servers (3 ec2 instances running tomcat7 with my project ...
5
votes
1
answer
895
views
ECS Stopped Task not Releasing Port
I have an ECS cluster with ELB. Last night I saw that a task was stuck in restarting loop. From the service Events log, it said:
"service xxxxx was unable to place a task because no container
...
5
votes
2
answers
2k
views
If you can't change the RDS endpoint of an AWS Beanstalk instance, how do you do a blue/green deployment?
From what I can tell, one can't change the Amazon RDS (RDS) endpoint of an existing Elastic Beanstalk (EB) instance?
If that is the case, than you can't have your code deployed to a stage server, ...
5
votes
2
answers
2k
views
AWS connection error: Permission denied (publickey)
Sorry if this sounds redundant to you but trust me its not. I have tried almost majority of the links related to this problem but nothing is working for me so far. I even tried this article two. Below ...
4
votes
1
answer
862
views
Will critical security updates get applied even with "auto minor version upgrade" disabled?
RDS offers an "auto minor version upgrade" setting, described in the docs, which causes AWS to automatically upgrade your database engine from time to time:
If you want Amazon RDS to ...
4
votes
0
answers
8k
views
Enabling HSTS header on AWS Application Load Balancer
We have a Spring Boot application behind an AWS Application Load Balancer. The load balancer terminates SSL before forwarding coming requests to our application and also redirects 80 port to 443 port.
...
4
votes
0
answers
3k
views
Why AWS Cognito client secret is not "secret"
We are setting up SaaS server-to-server auth solution using AWS Cognito + API Gateway using oAuth2 Client credentials flow.
And one thing is totally bugging me - I can access App client secret in ...
4
votes
0
answers
690
views
Getting error “PHP Fatal error: Uncaught Zend\Uri\Exception\InvalidUriPartException” on AWS server
I am getting following error in error_log after moving the site (developed in Magento ver. 2.3.2) on new server (AWS Server):
PHP Fatal error: Uncaught Zend\Uri\Exception\InvalidUriPartException:
...
4
votes
0
answers
2k
views
Understand S3 cost at folder level
I am planning for a use case wherein which my S3 bucket is used by 10 different users. All these users has separate folders within this bucket, to where they'll store their files. Now I want to know ...
4
votes
1
answer
2k
views
AWS console - This site cannot be reached - Only on my PC
I have an AWS insatance and whenever I go to the console page, ie: https://us-west-2.console.aws.amazon.com on a browser I get the message:
This site can’t be reached
us-west-2.console.aws.amazon....
4
votes
0
answers
1k
views
Autoscaling AWS ECS services with soft limits
As per the service utilization documentation it is possible to have a Memory utilizations over 100% when using soft limits in the ECS tasks (because you don't want to kill your app with hard limits). ...
4
votes
0
answers
5k
views
AWS: ssh_exchange_identification: read: Connection reset by peer
I am facing "ssh_exchange_identification: read: Connection reset by peer" error.
I am not able to ssh my instance.
Any help is highly appreciated. Thank you.
Below is the debug information
ssh -i ~/....
4
votes
0
answers
746
views
AWS ElastiCache Redis - Why has SwapUsage slowly climbed just over 100MB dispite having FreeableMemory available?
Starting around 7/28/2017 the SwapUsage started to climb for reasons I cannot figure out. I have spent many hours Googling and reading AWS documentation. At no point do we run out of FreeableMemory.
...
4
votes
0
answers
339
views
EC2 CPU Credit Balance: Why are there gaps in my credit balance graph?
I use CloudWatch to monitor dozens of aspects of our platform's ecosystem, and occasionally we'll have a machine that does this:
Why are there gaps in this green line? The other instances being ...
4
votes
3
answers
5k
views
How to enable DNS over HTTPS for the public DNS route in EC2
I am working on a Facebook bot app. A requirements is to setup a webbook on my webserver to return a token, to validate my account.
I configured a micro instance (Ubuntu) and created a web server (...
4
votes
1
answer
3k
views
Configure SFTP with OpenSSH and an AWS S3 Bucket mounted via S3FS on Amazon EC2
How do I allow multiple SFTP Users with S3FS and OpenSSH?
Everything works, except SFTP Users don't have permission to write to their Chrooted Home Directory: remote open("/some_file"): Permission ...
4
votes
1
answer
3k
views
Does CloudFront support S3 signature version 4 for KMS encrypted objects?
I'm using Cloudfront with an S3 origin that is using KMS to encrypt objects. I'm getting the following error when sending a GET request for an object in the S3 bucket.
Requests specifying Server ...
4
votes
0
answers
1k
views
S3 restoration using s3api get-object is not working in aws china region
I have set up a daily backup script in my aws china instance which uploads my required files to be backed-up to s3 bucket. I have a restoration script which uses s3api to restore the objects to the ...
4
votes
1
answer
669
views
AWS ELB: cloudwatch metric for open connections?
I'm setting up ELB, and I'm having trouble finding a suitable metric to use to adjust the size of the pool.
RequestCount doesn't work because some requests are much cheaper than others.
Latency ...
4
votes
0
answers
1k
views
AWS ElasticBeanstalk: container keeps restarting
I'm trying to deploy a multi-container docker Elastic Beanstalk cluster on AWS and my situation is;
I have 7 docker containers, six of which are Scala applications each
listening on port 9000 for ...
4
votes
0
answers
295
views
What does Process/CPU metric in atop really mean?
I've been using the excellent atop for reviewing load test impact in detail, and the distinction between the SystemLevel/CPU metric in the top (system-wide) section and the ProcessLevel/CPU metric in ...
4
votes
0
answers
358
views
Nginx setup on aws - redirecting to port 81, cannot reverse
I've tried to setup nginx on my free AWS instance so that it can host multiple domains on single ip address (not sure if it can be managed, but I'm trying to dig in). In that process I created ...
4
votes
0
answers
1k
views
Coreos auto scaling with docker and fleetctl on AWS
I spent a lot of time evaluating different ways to deploy an application to the cloud (let's assume AWS for this question) in the last few weeks but couldn't really find a satisfying solution.
We ...
4
votes
1
answer
1k
views
Dockerun.aws.json referring to bucket of another account
I have the following Dockerrun.aws.json:
{
"AWSEBDockerrunVersion": "1",
"Authentication": {
"Bucket": "bucket-of-another-aws-account",
"Key": "docker/.dockercfg"
},
"Image":...
4
votes
0
answers
611
views
Does AWS Elastic Beanstalk Swap Environment Url swaps environments for git push?
I have read the docs for zero downtime on aws but cant seem to understand what happens in this scenario?
I have a environment running in production called 'red'
I duplicate the environment as 'blue'
...
4
votes
2
answers
2k
views
Shared files folder in Amazon Elastic Beanstalk environment
I'm working on a Drupal application, which is planned to be hosted in Amazon Elastic Beanstalk environment. Basically, Elastic Beanstalk enables the application to scale automatically by starting ...
4
votes
2
answers
258
views
Abuse report attack on AWS SES
An application that runs on AWS uses SES to send verification emails to new customers. An attacker signs up to the website and reports the verification email as abuse.
I'm wondering what options are ...
3
votes
0
answers
3k
views
AWS VPN Client - "Unknown error ocurred. Try again"
I'm experiencing a persistent issue with the AWS VPN Client and need some assistance. Despite numerous troubleshooting attempts, I'm unable to establish a connection and fail even before reaching the ...
3
votes
0
answers
896
views
I get the error "AWS account ID not found for provider" when setting up LocalStack in on-premises environment
I'm attempting to set up LocalStack on my local environment to prepare for an AWS certification using this GitHub project.
So far, everything appears to be working correctly, but I've encountered an ...
3
votes
1
answer
732
views
Since S3 charges by request, couldn't a malicious hacker cause a huge AWS bill just by spamming requests?
What would stop them from doing so, against, say, a static website hosted using S3? Is there a good way to deny some requests such that one avoids getting billed for them?
(Context: I want to host a ...
3
votes
0
answers
4k
views
AWS OpenVpn "Connection failed. Try again" - Exception (0x80004005)
I have been unable to connect through the AWS OpenVPN client for quite some time. When I click connect, the message "Connection failed. Please try again." I found a similar case on other ...
3
votes
1
answer
3k
views
Deploying an AWS Load Balancer Controller for EKS Fargate API service
Context
I'm trying to deploy a containerised API service to an EKS Fargate cluster and have it service requests from external internet addresses as an over-engineered POC/learning experience. I'm ...
3
votes
0
answers
5k
views
Can't open port 443 on AWS EC2 fresh instance
I created a fresh EC2 instance, this is the setup:
Security Group
Inbound rules
IP version
Type
Protocol
Port Range
Source
IPv4
HTTP
TCP
80
0.0.0.0/0
IPv6
HTTPS
TCP
443
::/0
IPv6
HTTP
TCP
80
::/0
...
3
votes
0
answers
1k
views
EKS - Use IAM roles for service accounts on multiple clusters
I am trying to use IAM roles for service accounts in EKS.
https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
When it comes to create the IAM role to be assigned to a ...
3
votes
1
answer
1k
views
Configure AWS CloudFront to send custom query params to origin
Is it possible to configure my AWS CloudFront distribution to append to the request a custom query param (e.g a private key) before sending it to the origin?
For example, the front end is calling *....
3
votes
1
answer
2k
views
How do I resolve a private DNS address from within an AWS Fargate task
I'm trying to setup a connection to a MongoDB Atlas database from an AWS Fargate container. The VPC peering is setup and works and I can successfully connect to the MongoDB Atlas cluster from a ...
3
votes
1
answer
2k
views
Can't deploy same lambda in multiple regions from s3 bucket
We are deploying a lambda using CloudFormation SAM templates.
We would like to package the lambda into an S3 bucket, then deploy the AWS::Serverless::Function in multiple regions.
However, lambda code ...
3
votes
0
answers
296
views
Can an instance profile's condition reference EC2 instance's tags?
I'm trying to setup an instance profile for an EC2 instance that limits its access to a particular path within an S3 bucket, based on the Name tag of that EC2 instance. I've gotten a policy that's ...