Questions tagged [amazon-web-services]
Amazon Web Services (AWS) delivers a set of services that together form a reliable, scalable, and inexpensive computing platform "in the cloud". If you have a question about a specific web service, consider asking on its tag, e.g., amazon-ec2.
8,773
questions
0
votes
1
answer
58
views
One site, multiple databases/servers
I'm using a US AWS region to host a website via Laravel Vapor. I have some potential European customers and due to regulations I need to have the AWS region that serves the site come out of Europe. ...
- 113
0
votes
1
answer
160
views
How can I keep track of nginx restarts and reloads?
I have an nginx reverse-proxy on a ubuntu server in AWS. How can I see when it's configurations were reloaded, either via CLI or otherwise, and when it was restarted altogether?
If it doesn't record ...
- 3
2
votes
1
answer
760
views
AWS ALB health checks of Windows Server 2022 on a HTTP/1 target group works but not with HTTP/2
I have set up an AWS application load balancer with a target group specified to be HTTP/1. The target group contains a single Windows Server 2022 instance running IIS. The health check functionality ...
- 21
0
votes
1
answer
1k
views
OpenSearch Cluster deployment in Kubernetes - Connection Refused Issue 9200 Port
I am running a Kubernetes cluster in AWS EC2 instances.
I have one master node (t2.2large EC2 Instance) and two worker nodes (t2.xlarge EC2 instance). I created the cluster using KubeADM. The cluster ...
- 63
0
votes
1
answer
2k
views
Error 400 - redirect_uri_mismatch in Google Console
I'm new to google console and encountering an issue while trying to access my app on Google Console, and the error message I'm encountering is:
Error 400: redirect_uri_mismatch
I have already added ...
0
votes
0
answers
504
views
AWS Route 53 > Error occured when creating/updating a record
I created a TXT record @.domain.com with TXT "v=spf1 a mx ~all" on AWS successfully. It didn't work with my post office config so I went to update it by removing the record name "@"...
- 101
0
votes
1
answer
730
views
My Cloudfront distribution is showing access denied despite enabling all public access to the bucket objects
I am using the following CF policy in my S3 bucket:
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"...
1
vote
0
answers
34
views
Cant login to AWS EC2 instance with IGW/VPC
Used this q's 2nd answer checklist
Hello,
I am trying to login to an AWS Linux EC2 instance without much success.
I am doing this via cloudshell/android phablet.
The VPC has an IGW and a seeming ...
- 180
0
votes
1
answer
53
views
Local terraform repository, remote ec2 with assumed role
My current setup is:
My local machine (actually one for each developper)
A git repository containing my terraform configuration
An EC2 instance which assumes an IAM role which grants it permissions ...
- 101
0
votes
0
answers
155
views
On AWS EKS, how can I update an addon multiple minor versions at once?
Some enabled add-on lags far behind the latest version. The add-on is NOT self-managed (checked using the doc with aws eks describe-addon)
That specific addon has no compatibility issues between the ...
- 1
0
votes
1
answer
119
views
How to get 2 tunnels UP between OpenSwan and AWS?
I have a VPC and network in eu-central-1 and one in eu-west-1 in AWS.
The eu-central-1 fakes my on-prem environment. There I installed and configured OpenSwan on an EC2. In in eu-west-1 I configured a ...
- 343
0
votes
0
answers
171
views
Issue with Laravel ECS Deployment: Access denied for user 'forge'@'10.0.20.124'
I am facing an issue with my Laravel application deployment on AWS ECS. The deployment process involves Jenkins, AWS ECR, and ECS. The new task is created, but there's an "Access Denied" ...
- 101
0
votes
0
answers
139
views
How to correctly load balance requests from a Java client to an NLB over multiple AZs
Requests from a Java client to an NLB over multiple AZs Not load-balanced
Summary:
Expectation: every request from Java is load balanced between two nodes.
Actual behavior: all the requests go to one ...
0
votes
2
answers
201
views
Nginx Failed to load resource: the server responded with a status of 443
This store using WooCommerce has been set up for years. Today I got the complain from customers about this error. I checked it and found out that the css/js/images couldn't be loaded. Does anyone know ...
- 189
0
votes
0
answers
140
views
Key_load_public : How does this particular 'no such file or directory' map to aws endpoint connect?
Simple ssh key-load-public serverfault article
UPDATE 1:'aws ec2 describe-instances' works just fine and gives valid data.
UPDATE 2 : aws Cloudtrail opentunnel reports 'dialfailure' ??
Hello!
How ...
- 180
0
votes
0
answers
42
views
AWS RDS Periodic Writes
I have an AWS RDS postgres instance (v15) that doesn't see much usage. However, every three hours at around the half hour mark, I get a flurry of writes (see screenshot, below). At first, I thought ...
- 113
0
votes
0
answers
272
views
Can't connect to my RDS instance
I created my RDS database with Postgresql using Terraform. But I can't connect to this instance from my computer.
It is set with Publicly accessible: Yes.
I have a security group for it too.
I also ...
0
votes
0
answers
69
views
How to set a pre-exiting password for an aws_db_instance resource, from a secure SSoT container while keeping it out of the state file?
I'm trying to find a solution for setting the master user password of an aws_db_instance from a pre-existing secret (which is currently in an existing Secrets Manager resource).
If I use password = ...
- 101
0
votes
0
answers
31
views
User dashboard: how to make sure user cannot access other people's data?
A user can log in to their dashboard. When they log in, the front end pulls data from an S3 bucket corresponding to the user, like (e.g.) bucket/data/user5/data.json. This data is then rendered into a ...
- 111
0
votes
1
answer
106
views
Guaranteeing two EC2 instances on different hypervisors in same AZ
As part of a security evaluation we've been asked if we can set affinity so that two EC2 instances in the same AZ are not hosted on the same physical machine. Obviously it's very unlikely that two of ...
- 1,270
0
votes
0
answers
83
views
ALB: Should load-balance health-checks retry on failure?
We have some AWS ECS-based Fargate-hosted tasks/services running behind many ALBs. We seem to frequently get not-meaningful alerts from our own monitoring in our health-checks. It happens every twenty ...
- 580
0
votes
0
answers
247
views
AWS WAF and websockets
Can anyone tell me if the AWS WAF supports websockets (wss if important)?
If so how is it costed given that it's a long lived connection and wouldn't seem to fit in to the per request style pricing I ...
- 1
0
votes
0
answers
76
views
Every so often AWS target-groups become unhealthy and ornery
Every so often, I find that a service deployment refuses to complete because target-groups get into an unhealthy state even though the port-assignments are fine and the tasks appear to be fine. Every ...
- 580
2
votes
0
answers
433
views
Why is CloudFront failing to pass a header from the origin to the client?
I have CloudFront configured with an API Gateway origin. In the application accessed via API Gateway, my application responds to a particular request with a Content-Disposition header so that the data ...
- 201
1
vote
2
answers
786
views
Why isn't `nslookup` able to resolve an A record in route53, when I specifically use a nameserver from my hosted zone?
I'm trying to host a static website in s3. I have a domain registered with namecheap, and it is pointing at route53 nameservers. This part seems to be working correctly based on dig:
dig getgargoyle....
- 11
0
votes
1
answer
144
views
API Error labels all over AWS management console (EC2 Dashboard)
After deploying a VPC using terraform, I get this:
What causes this / how can I debug this? the terraform validate always succeeds...
Often when I refresh the whole browser window, the issue is gone ...
- 117
0
votes
0
answers
58
views
Custom Linux AMI: How does AWS know where to install account SSH .PEM files when an AMI is provisioned?
We are building a custom AMI from a template EC2 EBS instance snapshot (Oracle Linux 8). This page shows there are many different user names depending on the AMI you choose:
https://docs.aws.amazon....
- 161
0
votes
0
answers
113
views
AWS ELB leaks private ip address via dns name that are only accessible via VPN - can this be considered a security risk?
I'm using VPN for my AWS development environment and i have some databases running on EC2 behind an ELB. The thing is whenever i connect to them via VPN i will use database-12345678.elb.us-east-1....
- 942
1
vote
2
answers
405
views
IPv4 to IPv6 NAT on AWS
AWS supports connecting to external IPv4-only services from an IPv6-only node using NAT64. Is there an equivalent for the reverse?
For context, I have an EKS cluster, which is currently IPv4-only, all ...
- 179
0
votes
0
answers
22
views
AWS Security Groups misunderstanding
I have 2 windows server instances in AWS, both have their firewalls disabled.
They are in the same VPC and the same availability zone.
I'm simply trying to allow these servers to ping each other.
Each ...
- 933
0
votes
0
answers
428
views
Understanding CPU Utilisation Graph for a task running AWS Fargate
I have a task defined with 0.5vCPU. It has two containers with 0.25vCPU
Can someone explain to me what the below CPU Utilization graph represents?
The above graph is from Health and Metrics section ...
- 353
0
votes
1
answer
396
views
AWS VPN Client fail
using debian 12 + aws vpn client 3.9.0
this is the log
Any ideaaa ?
2023-10-20 10:38:51.769 -05:00 [DBG] Cancelling socket listen token
2023-10-20 10:38:51.769 -05:00 [DBG] Dispose socket
2023-10-20 ...
- 101
0
votes
0
answers
114
views
K8s Kops 1/3 Master nodes always turn into Not Ready & kube-apiserver pod of that node abnormally restarts frequently
Our production KOPS Kubernetes v1.20 deployed in AWS is unhealthy. Intermittently, 1 of the 3 master nodes we have is frequently going into Not Ready Status. Furthermore, the kube-apiserver pod is ...
0
votes
1
answer
96
views
AWS NLB configuration for Tomcat hosts
I have a network load balancer setup with a TCP listener on port 443, nd in my target group I have two UI EC2 instances, both running tomcat. I would like for the users to be directed to second UI ...
- 1
0
votes
0
answers
261
views
How do I merge 2 partitions on AWS after expanding the volume and filesystem on linux
I have the original volume showing at 8GB on the default instance when i created it on AWS. Then I went through the process of expanding the existing volume to 500GB and then expanding the filesystem (...
- 101
0
votes
0
answers
13
views
Does elastic search m4.x instance type supports gp3 EBS type?
I am currently using elasticsearch on aws for m4.xlarge.search what I am trying to upgrade gp2 to gp3 and my question is does it supports m4 instance type referring toc this doc i see N/A for m4 in ...
- 101
0
votes
0
answers
26
views
Cloud solution architecture for sparsely used real-time AI [duplicate]
I have to deploy a real-time AI which is sparsely used, sometimes it's being used once in a week, sometimes 500 times in a day.
The solution is working in a container locally for now and basically ...
google-cloud-platform
0
votes
0
answers
84
views
Can AWS NLB be used to load balance requests to Read Replicas?
This article from Nginx describes how Nginx TCP load balancing can be used against MySQL cluster. In the first diagram, I would like to replace the Nginx LB with AWS NLB where, the MySQL cluster runs ...
- 111
1
vote
1
answer
384
views
How do I create an Elastic Beanstalk example?
I have tried to create and deploy on Elastic Beanstalk. It never works. I have spent over 14 hours trying to get EB to work over the course of 1 month. I have followed online tutorials in addition to ...
- 111
0
votes
0
answers
62
views
Where does .env (which contains the client secret) go?
I have a React app with a Node.js server.
Here is the directory structure:
.env
app
.env
.gitignore
build/
node_modules/
package copy.json
package-lock.json
package.json
...
- 111
1
vote
0
answers
180
views
Webapp in Azure huge time network response and latency compared to AWS
I own a pretty simple WebApp, based on php/mysql/redis/nginx.
I was trying to move the server to Azure, to see if I could save some money, and today I created a WebApp on Azure using the wizard UI of ...
- 111
0
votes
1
answer
396
views
AWS Cognito: auth page not showing up, DNS_PROBE_FINISHED_NXDOMAIN from hosted UI URL
Here is the url I am navigating to:
https://auth.[domain].com/oauth2/authorize?client_id=[id here]&response_type=code&scope=email+openid+phone&redirect_uri=https%3A%2F%2F[domain]%2F[...
- 111
1
vote
1
answer
91
views
failed to get disk format of disk /dev/nvme1n1: exit status 127
What happened?
I had an old AWS EKS kubernetes cluster, running 1.21, so i decided to upgrade it.
While upgrading to 1.23 if not mistaken i was prompted that i need to install the AWS EBS CSI driver, ...
- 11
0
votes
1
answer
373
views
Logon Message Powershell Script Runs But Does Not Launch Prompt
I'm trying to setup a login prompt according to https://aws.amazon.com/blogs/desktop-and-application-streaming/generate-logon-messages-for-security-and-compliance-in-amazon-windows-workspaces/ because ...
0
votes
1
answer
921
views
Adding more IP Addresses to a Subnet in AWS
I have a Subnet with CIDR 10.0.4.0/28 (15 IP addresses), which is now exhausted; so I want to add more IP addresses.
Is it possible to add more IP addresses to the subnet? I see that I can add a ...
- 1,582
0
votes
0
answers
190
views
SSH tunnel to access dual stack resources in AWS (IPv4 + IPv6)
I am trying to setup a Bastion and use it as an SSH proxy to access all my private resources in AWS.
I am having hard time debugging why an SSH tunnel to a specific host with dual stack (IPv4 + IPv6) ...
- 1
0
votes
0
answers
109
views
AWS - Setup OIDC authentication in ALB with AWS Beanstalk
I have to setup my application in elastic beanstalk with High availability. My architecture involves a php application running in beanstalk in private subnet with ALB (public subnet) which is also ...
- 35
0
votes
0
answers
68
views
AWS CDK : how do I add a StringParameter as a secret to an ECS container?
I'm creating a StringParameter using AWS CDK :
cwa_config = ssm.StringParameter(
self, name + "_ssm", string_value=json.dumps(cw_config_content)
)
How do I add this parameter to an ECS ...
- 1,630
0
votes
0
answers
238
views
Unexpected behavior with AWS Firewall and Default Stateful Rules
I have configured an AWS Firewall in our testing account, pretty much following the standard setup procedure as documented by AWS. From our private subnet, outbound traffic heading to the internet is ...
0
votes
0
answers
157
views
Problems getting ACM cert to validate in AWS
I have a domain that I moved to route 53, to simplify interoperability with other AWS services. I created a hosted zone, and added a CNAME record for a WWW subdomain. I then went to the ACM and ...
- 101