Questions tagged [amazon-web-services]
Amazon Web Services (AWS) delivers a set of services that together form a reliable, scalable, and inexpensive computing platform "in the cloud". If you have a question about a specific web service, consider asking on its tag, e.g., amazon-ec2.
8,773
questions
0
votes
1
answer
104
views
What are the options for Layer 7 DDoS protection of AWS resources
The following are my assumptions based on AWS docs. It's only because the docs do not precisely address my questions that I'm here asking.
AWS WAF (whether used directly or via Shield Advanced) is ...
0
votes
0
answers
32
views
What part does AWS Global Accelerator play in established TCP connections
Reading the docs I can see that Global Accelerator (GA) routes to nearest region and has failover protection that will cause it to route to a different region if one fails.
I can't find any info that ...
0
votes
0
answers
15
views
How to define which AWS services to use and how to use them when deploying an ACS server? [duplicate]
I want to use AWS for deploying an open source ACS software that uses mongodb to manage my CPE devices. I want it to manage thousands-tens of thousands of devices with minimal interruption. What ...
0
votes
0
answers
61
views
Route53 IPv6 Outbound Resolver not forwarding
I can't seem to get Route53 to correctly forward DNS requests to nat64.net when using IPv6. The host in this case is Ubuntu 22 (though I think this is about AWS).
Here's the background:
I've created ...
0
votes
0
answers
49
views
Base image similar to Amazon AMI 2018.03
My question is without having to take an old AMI server snapshot, where can I get an image (ISO or VB vdi etc) very close to the AMI 2018.03 image?
I think? this version was based off Centos while the ...
0
votes
1
answer
149
views
Why does `aws s3 ls s3://mybucket/ --recursive | wc -l` list fewer files than the number of objects mentioned in the AWS web UI in my S3 bucket?
I have an AWS S3 bucket s3://mybucket/. Running the following command to count all files:
aws s3 ls s3://mybucket/ --recursive | wc -l
outputs: 279847
Meanwhile, the AWS console web UI clearly ...
0
votes
0
answers
42
views
Rancher with AWS LB controller fails health checks
I'm trying to launch Rancher with the AWS LB controller and i'm getting health checks failed for the ingress. Can someone please look at my set up and let me know if something that's obvious?
EKS ...
0
votes
0
answers
33
views
RDS in the same security group does not allow connection whilst another does
I had a similar issue with EC2 (not solved yet: SSH to EC2 times out, but other instances in the same security group are reachable) and here is the same with RDS.
I have existing RDS running with SG ...
0
votes
2
answers
91
views
SSH to EC2 times out, but other instances in the same security group are reachable
Something really weird happened to one of my EC2 istances.
So I have a security group and a bunch of instances associated with that group. I can SSH into all of those intances.
I created a new ...
0
votes
1
answer
291
views
Fluent-Bit - How to extract part of a file name and append it to log_stream_name for Cloudwatch log group
New to Fluent-Bit and looking for some guidance on this.
Latest version of Fluent-Bit is installed on ec2 and successfully running and working.
I am pushing logs from /var/log/nginx... to Cloudwatch
...
0
votes
0
answers
31
views
AWS IAM policy for partial username match (extract username from SSO)
We are using single sign-on for AWS users, so when a user logs in they assume a role, and they don't have an actual IAM user account.
We use CodeCommit, which requires an SSH key added to an IAM user.
...
2
votes
2
answers
759
views
How can I know which AWS S3 bucket(s) an AWS key and secret key that can access?
I have an AWS key and secret key that can access some AWS S3 buckets. How can I know which ones?
1
vote
1
answer
94
views
NAT gateway costs on AWS
I have a django app on AWS using ECS Fargate behind a VPC. A NAT gateway is required with this setup, but most of the costs are from the NAT gateway.
How I can reduce this? My docker image is 600 MB. ...
0
votes
0
answers
43
views
Client --> AWS ALB --> AWS Lambda: connection lost somewhere, how to identify?
The client made an API request.
Client --> ALB --> Lambda
Lambda worked fine with a response. Lambda duration is only about 3 seconds.
The client encountered timeout at 15th second.
The ALB ...
0
votes
0
answers
55
views
Is it possible to deploy Milvus on Kubernetes without using Helm?
I'm trying to deploy an application on Kubernetes using a Helm chart, specifically the storage classes, following the instructions provided in the documentation (https://milvus.io/docs/eks.md). ...
0
votes
1
answer
47
views
Redirection of Domain in Route 53 and AWS
I have help desk created in Zendesk, but the zendesk provided an URL with their domain ("example.zendesk.com"). I wanted to redirect this service with my domain name, so I added an Route 53 ...
0
votes
2
answers
76
views
Wordpress and MySQL on same EC2 instance, different subnets. One public one Private
My goal is to have a single EC2 instance containing both WordPress and its MySQL database on same VPC and have the WordPress available on the public subnet and MySQL on the private subnet. The purpose ...
0
votes
2
answers
69
views
Windows server spot instance shuts down randomly (status failed / bad-parameters)
I've been using AWS for decades at this point and I started using spot instances for various reasons including professional reasons such as testing software I develop, etc. I mostly use Windows Server ...
0
votes
1
answer
100
views
Best practices on managing Terraform project repositories
As part of a new job role, I have started learning Terraform recently. Before, my main orchestration/provisioning tool was Ansible, and the best practice at my previous place was to hold the state for ...
0
votes
1
answer
112
views
AWS SSL Certificate for Laravel on EC2 instance
I have Laravel application on EC2 instance on Ubuntu, also I have Application Load Balancer and verified AWS SSL certificate. But logically I can’t run Laravel without, NGINX or Apache.
I can adjust ...
0
votes
1
answer
66
views
What exactly is aws load balancer "Protocol : Port"?
I have never been able to figure out what this configuration is or does when creating load balancers.
The documentation says
Choose a protocol for your target group that corresponds to the Load ...
0
votes
0
answers
29
views
Charts of Lambda Function usage in AWS
I have multiple Serverless PHP applications deployed at AWS via Vapor for Laravel.
The Lambda bill is high since a few months. I wanna know which Lambda are causing the higher usage. But I can't find ...
0
votes
0
answers
41
views
Unable to join EC2 worker to VirtualBox master
Im deploying a Hybrid Cloud(VirtualBox-AWS) Kubernetes cluster. What I have done so far:
Set the control-plane on Ubuntu Server 22.04 LTS via VirtualBox 6.1.
Change network adapter to bridged
Ran the ...
0
votes
0
answers
25
views
Lambda horizontal scaling when consuming from FIFO SQS queue
We have messages which need to be consumed by a lambda. We opted to use a FIFO SQS queue solely for the deduplication ID feature, but do not otherwise need FIFO features.
The lambda is not scaling ...
0
votes
0
answers
64
views
Options to enforce transitive routing in 3 peered VPCs in AWS
To start this off, this is strictly a test scenario that I'm playing with, I know transitive peering is not allowed but I would still like to know what technical workarounds are possible to enforce ...
0
votes
1
answer
518
views
unable to login via putty ssh to my ec2 linux instance in aws : no supported authentication methods available
i am new in aws,
i created two linux instances : amazon linux and ubuntu linux
I downloaded RSA ppk key pairs + imported to putty, however I am unable to login via putty,
i get this error
no ...
0
votes
1
answer
122
views
Outbound IPv6 connection replies not routed back to firewall in VPC
In a newly-built AWS VPC (deployed with Terraform to minimise typos), I have one "DMZ" subnet and one internal. A firewall appliance bridges the two, with an interface in each. Both ...
1
vote
1
answer
367
views
Migrate AWS ECS cluster IPV4 to IPV6
I'm trying to avoid this new cost (public IPv4) in aws for small projects because it will represent a big percentage of the cost.
In my ECS cluster, I use EC2 instances as capacity providers, ...
0
votes
0
answers
141
views
AWS Appflow - Incremental Transfer & Overwriting Existing Files in S3
I'm using AWS Appflow to transfer files from a SharePoint site to an S3 bucket. My goal is to achieve the following:
Weekly Runs: Schedule the flow to run on a weekly basis.
Incremental Transfers: ...
0
votes
0
answers
160
views
EC2 network burst credit balance
How do I know my usage of network credit balance? I have a t4g.small instance and periodically I face timeout issues on the networking services hosted there.
As it stated here:
An instance receives ...
0
votes
0
answers
30
views
Not able to FTPS to another server from EC2 under ALB and WAF
I'm having an issue whereby I'm not able to ftps to another server from my EC2.
If I run a simple command
lftp username:password@serverurl:2121
then proceed to ls, I will be stuck at ls at 0 [...
0
votes
1
answer
79
views
AWS-SES sending from one site, from is another site - will DMARC help or hurt
Alright, to keep this simple:
I have a project that is using AWS's SES to send transactional emails. The project is hosted on one site (let's call it example-site.com), but for reasons, the From: is ...
0
votes
0
answers
24
views
Does EKS bill include the costs for control-plane (master) nodes?
EKS costs $0.10 / hr + you pay for the worker nodes (EC2 + storage + data transfer). But EKS itself runs master nodes. So the question is: does $0.10 covers the costs of master nodes? If not, then how ...
0
votes
1
answer
286
views
AWS VPC CNI PLUGIN - Error: container runtime network not ready due to NetworkPluginNotReady - How to Resolve
I am facing difficulty in this, maybe the answer is simple so if someone knows the answer, please comment here.
I have created an EKS cluster using the following manifest.
apiVersion: eksctl.io/...
0
votes
0
answers
211
views
How to create a Service Principal Name (SPN) for an AWS RDS-managed SQL Server instance computer object in AD?
We are using AWS RDS for SQL Server, an AWS managed service. We joined our RDS to our self-managed AD:
We found the Active Directory Service Principal Name (SPN) for the RDS-managed-service database ...
0
votes
0
answers
42
views
Updating csi-driver without stopping
I'm now facing this.
# module.eks_volume_provisioning.aws_eks_addon.csi_driver will be updated in-place
~ resource "aws_eks_addon" "csi_driver" {
~ addon_version ...
0
votes
0
answers
76
views
Cluster Openshift on AWS with IPI, installation error no such host
I'm trying to deploy an OpenShift cluster on AWS using the IPI installation. I've used a t3.xlarge instance and followed the steps in the following guide https://docs.openshift.com/container-platform/...
0
votes
1
answer
297
views
Best approach to install gdal for rasterio in aws/lambda/python Dockerfile
The python dependencies for an AWS lambda application have exceeded the 250 MB limit for AWS Lambdas. One of these dependencies is rasterio which depends on gdal. I'm attempting to build a docker ...
0
votes
0
answers
33
views
AWS CodeBuild user doesn't take on service role
I am working on setting up a build project in CodeBuild that creates a Docker container from a GitHub repo, and pushes it to ECR. This build process uses a container built previously that's stored in ...
-1
votes
1
answer
108
views
Linux system mails alternative for sending and receiving besides SMTP
I have multiple EC2 servers which run either Ubuntu or Amazon Linux. I want to run automatic system updates but get a message when the system is updated. The yum-cron package can send emails, but I do ...
0
votes
0
answers
106
views
dns problems in self managed aws ec2 cluster with aws-vpc-cni
I'm new to k8s and I've been trying to learn it. I faced a problem with trying to setup aws-vpc-k8s-cni on my fresh k8s cluster with coredns. Here's the problem in detail.
Cluster & Network ...
0
votes
1
answer
320
views
AWS Security Group Inbound rules for SSM Session Manager
I have an instance in a private subnet and a security group that allows any inbound access. I can connect to it with Session Manager.
If I restrict inbound access to port 22 only I can no longer ...
0
votes
0
answers
67
views
Observing AWS App Runner 429s
During performance testing we're seeing 429s from App Runner. The body of the response will say "Max queue length has been reached". I know this is a known issue and it's described here in ...
0
votes
0
answers
63
views
PVC is in terminating state and PV is in bound state in Kubernetes
I have the PVC which is in terminating state (because it is referenced from 3 other pods) and the PV is in bound state. PV has the retain reclaiming policy.
Also I am not sure on the reason for the ...
0
votes
0
answers
41
views
How can I set separate phase 1 and phase 2 IPs using AWS Managed IPSec offerring?
I'm trying to setup an AWS Site-to-Site VPN connection that is IPSec based. It seems to be their managed offering. A particular connection I am trying to setup specifies distinct Phase 1 and Phase 2 ...
0
votes
0
answers
13
views
AWS VPC Connect Endpoint and Workbrench integration
I have some RDS instances under a private subnet and a bastion host (ec2 instance) with a public IP to connect to it. As part of getting a security certification we need to get rid of all ec2 ...
0
votes
0
answers
121
views
AWS ALB inbound requests/traffic and denial of wallet attacks
Scenario: I have an AWS ALB protected by AWS WAF with lots of AWS Managed WAF Rules, rate limiting rules, etc.
I'm having a hard time in understanding why, even requests blocked by WAF, are impacting ...
0
votes
0
answers
55
views
404 error on jaeger-collector in kubernetes deployment
I've tried istio in kubernetes by referring official site of istio. In that, I can access kiali, prometheus but I can't connect the jaeger-collector. Since I'm using EKS and VM, I've exposed them as ...
0
votes
1
answer
51
views
MQ broker in private or public subnet?
I'm setting up an MQ broker in an AWS environment.
The MQ broker will be used by both services running in that AWS environment as well as services running in other locations.
All other services ...
0
votes
0
answers
64
views
AWS Site to Site VPN to Kerio Control Phase 2 parsed INFORMATIONAL_V1 request 380820527 [ HASH N(INVALID) ]
I'm setting up a Site-to-Site VPN between my on-premises network and AWS VPC, and encountering an INVALID_ID_INFORMATION error during the phase 2 (Quick Mode) negotiation. The setup involves IPsec ...