Questions tagged [amazon-web-services]
Amazon Web Services (AWS) delivers a set of services that together form a reliable, scalable, and inexpensive computing platform "in the cloud". If you have a question about a specific web service, consider asking on its tag, e.g., amazon-ec2.
8,773
questions
0
votes
3
answers
298
views
Upgrade mysql 5.6 to 8 not working on AWS Linux based EC2
I am working with EC2 for MySQL DB. The OS of EC2 is AWS Linux-based Ubuntu. The current version of MySQL is 5.6.50. I am going to upgrade it to 8.0. I tried to upgrade it with this command: sudo yum ...
- 51
1
vote
1
answer
89
views
API Errors on AWS management console
I am seeing these API Errors on the AWS management console (EC2 & VPC dashboards). Sometimes refreshing will allow it to work for a short time.
This only seems to happen when accessing from our ...
- 38
0
votes
0
answers
77
views
Prioritize S2S VPN on AWS when using 1 VGW
We have the following AWS setup:
1 VPC
1 Virtual Private Gateway (VGW)
8 Customer Gateways (CGWs)
8 Site-to-Site (S2S) VPN connections
We have 4 sites, each connected to our VPC with 2 S2S VPN ...
- 101
1
vote
0
answers
42
views
Python Flask application + MySQL DB -> needing advice for the infra in AWS when latency is at stake
I have a Python Flask application and a MySQL DB with which the app connects to. The app provides RESTful APIs.
There are around 10 pairs of (Flask and MySQL DB)s. Each pair has a unique url and ...
- 111
0
votes
0
answers
45
views
How do i nessus scan to the EC2 server which is behind load balancer
I have a EC2 server which is running behind a load balancer. Load balancer URL has been mapped as A record in route53.
Audit team is asking for the public ip address. How do i give them?
ALB URL even ...
0
votes
0
answers
46
views
Repository structure for flux/kustomize for common software on multiple clusters
I have a repository which manages multiple k8s clusters, the structure is as follows:
clusters/cluster-1/flux
clusters/cluster-2/flux
flux/common/common-software-1
flux/common/common-software-1
...
...
- 430
3
votes
3
answers
432
views
How can one copy an S3 bucket as faithfully as possible (e.g., copying all permission settings)?
I want to copy an S3 bucket as faithfully as possible (e.g., copying all permission settings).
The standard:
aws s3 sync s3://old-bucket s3://new-bucket --source-region us-west-1 --region us-west-2
...
- 1,252
0
votes
0
answers
170
views
Got read permissions but not write permissions in aws SFTP in EC2
I'm a bit new to aws and especially SFTP but I'm trying to set up an EC2 instance with SFTP so I can access it with FileZilla and I've set it up and can copy files from it into my own directories but ...
0
votes
0
answers
134
views
troubleshooting radius auth with okta and AD
I am running Amazon Workspaces, and wish to use RADIUS based MFA for login. MFA would be provided by Okta.
I have an AWS Managed AD with AD Connector connected to it. (I assume this is redundant, but ...
- 103
0
votes
0
answers
207
views
CloudFront Returns 502
I have configured a CloudFront distribution to point to an application load balancer (ALB). The ALB points to a lambda function. I have configured an A record in Route53 to point to the CloudFront ...
- 444
0
votes
0
answers
27
views
Trigger AWS Autoscale automatically
I have an Autoscale Web Application in AWS. When I don't use it, I terminated EC2 instances automatically with Lambda (with Cloudwatch). But I couldn't find an automatic structure to trigger it again.
...
- 103
0
votes
1
answer
60
views
No SSH access to EC2 instance launched by ASG, while I can access an otherwise identical instance
I'm trying to SSH to an EC2 instance that's part of an ASG associated with an ECS service. To help narrow down the problem, I created new instance from the same launch template. I've carefully ...
- 11
4
votes
2
answers
258
views
Abuse report attack on AWS SES
An application that runs on AWS uses SES to send verification emails to new customers. An attacker signs up to the website and reports the verification email as abuse.
I'm wondering what options are ...
- 138
0
votes
0
answers
29
views
Restricting access with VPC Peers or Transit gateway connectivity
I have two VPCs - VPCA and VPCB.
VPCA will make api calls to the kubernetes control plane on VPCB. VPCB will ultimately becomes many VPCs all with their own Kubernetes cluster and control plane.
In ...
- 133
0
votes
1
answer
744
views
Host Key Exhange failing on AWS Transfer Family SFTP
I have a customer who is unable to connect to an SFTP Server (AWS Transfer Family SFTP).
The error I am getting in my logs is:
ERRORS KEX_FAILURE Message="no matching host key type found" ...
- 101
1
vote
1
answer
207
views
'aws s3 ls' command was hanging until setting default region
I created setup show in the image in region Oregon (us-west-2) ,and I was sure that everything was in place correctly , then I tried to do aws s3 ls from the ec2 in the private subnet , it was ...
- 33
1
vote
2
answers
100
views
AWS Organizations does not allow Backup policy covering af-south-1
We use AWS Backup via a policy set at the AWS Organizations level (in the management account).
I now want to expand the policy to cover the af-south-1 (Cape Town) region, but that region is not ...
- 38
0
votes
0
answers
10
views
K8 Dual stack one master and multiple worker nodes - centos7
I have k8 dual stack one master and multiple worker node(oci-centos7). how I can failover if my master nodes goes down or whether it will impact running pods on worker nodes?
1
vote
1
answer
60
views
How to direct https traffic from aws ELB to gke pods in gcp cloud
We are in the middle of migrating our micro services from aws to gcp cloud. Our REST api's are served via an api-gateway which internally calls the respective micro services.
So ELB rules were ...
- 111
1
vote
1
answer
420
views
Velero Web UI for kubernetes
Does Velero supports Web UI or is it just CLI,
I have seen couple of Github repos with the SC.
https://github.com/winnieoursbrun/velero-ui
https://github.com/hsmade/velero-ui
- 119
0
votes
0
answers
95
views
DKIM settings with Amazon SES not finding primary domain
I'm attempting to send email via Amazon SES with a custom domain. I have one domain that works and the DKIM headers that come to my gmail account look like:
Authentication-Results: mx.google.com;
...
- 186
0
votes
0
answers
71
views
How to get MariaDB slow query logs to show up on RDS
I have a MariaDB instance on RDS which I would like to enable slow query logs for.
Following the documentation, I've created a paramter group which is assigned to the database.
When I make changes to ...
1
vote
0
answers
24
views
Dynamically Update Ips of AWS Autoscaling instances in Jenkins SSH Global configuration
We have few autoscaling groups in AWS and new instances are created frequently. We are using a declarative Jenkins pipeline to publish the build artifacts to those server using publish over ssh plugin ...
- 11
0
votes
0
answers
107
views
How to Deploy React App and WordPress on the Same CloudFront Distribution Domain Name with Different Origins and Behaviors?
I'm encountering challenges deploying both a React app and a WordPress site on the same CloudFront Distribution domain name while utilizing different origins and behaviors.
Here's my setup:
I have a ...
- 101
0
votes
2
answers
408
views
Optimizing PHP-FPM Configuration for WordPress on Bitnami EC2 t3a.medium instance
I'm running a WordPress website on an AWS EC2 t3a.medium (4Gb Ram) instance using Bitnami. The server's RAM often gets completely filled, causing the server to crash and I need to restart it from ec2 ...
1
vote
0
answers
108
views
How to enable SQL trace for AWS Oracle RDS
To enable sql trace under Oracle you would typically run the following via sqlplus after login:
ALTER SESSION SET SQL_TRACE=TRUE
On Oracle 19 RDS this results in the following:
Error report -
ORA-...
- 11
0
votes
0
answers
158
views
AWS ALB: Are Sticky Sessions possible with TCP?
I need to load-balance my clients. Some of these clients use TCP/TLS, the rest HTTP/HTTPS.
The target services of the load balancer can be in either EC2 instances or ECS containers.
Also, the clients ...
- 463
0
votes
0
answers
108
views
Kasten k10 dashboard 504 error
I Have installed the Kasten k10 on AWS k8, trying to access the dashboard from service port forward.
Dashboard has an network error with error logs on dashboard-svc pod and Gateway pod.
Below are the ...
- 119
0
votes
1
answer
142
views
Allow AWS Identity provider to access a private VPC where the OIDC Idp resides
We want to implement Gitlab-AWS short-lived credentials but our Gitlab instance is located inside a private, non internet accessible VPC Subnet.
I have looked into VPC Endpoints but I cannot find the ...
1
vote
2
answers
817
views
What is systemd "refresh-policy-routes" [AWS Linux 2023]?
I'm trying to find the cause of an instance outage, which seems to be from a scheduled systemd refresh-policy-routes service, followed by a 404 Error call to EC2RoleProvider. After the error, all ...
- 281
1
vote
0
answers
199
views
Can no longer SSH to my AWS EC2 instance - Operation timed out error
I am using the following command to SSH into my AWS EC2 server and this has been working fine for some time, however recently it hangs and then times out.
ssh -i "ec2-pro-clubs-server.pem" ...
- 211
0
votes
0
answers
139
views
Why can't I schedule more pods even with Ipv4Prefix enabled in my EKS cluster
I am using cilium as my CNI. I have successfully run the cilium connectivity test and all tests pass. My nodegroup schedules a t3.small nodes (3 of them), which allows me to run 11 pods without ...
- 123
0
votes
0
answers
247
views
The "count" value depends on resource attributes that cannot be determined until apply, Terraform cannot predict how many instances will be created
I am trying to create EKS cluster with manages nodegroup and I want to execute shell script that hardens worker nodes and sets proxy settings before cluster bootstrapp.
here is my "main.tf" ...
0
votes
2
answers
127
views
Allow AWS OpenID Connect through Security Groups
I have a GitLab self-hosted instance running in AWS EC2. Its associated security group blocks all incoming external traffic except for a handful of individual IP addresses.
To automatically deploy ...
- 261
0
votes
0
answers
136
views
Intermittent Nginx SSL handshake error
I have an Ubuntu server running nginx that forwards requests to a AWS elastic beanstalk environment running an API (partial migration, work in progress).
I am seeing intermittent SSL handshake issues ...
0
votes
1
answer
400
views
How can i get cilium to pass the failing connectivity test
I am trying to deploy cilium to my eks cluster, for context, this cluster is a private cluster running behind a private subnet, and routed to the internet through a NAT gateway and then an internet ...
- 123
0
votes
0
answers
41
views
AWS: access private API from public web application
I have:
Private API running on an ECS cluster behind an internal load balancer. This API is used by other services inside the VPC.
A public Next.js web application.
What I need:
Give private API ...
- 101
0
votes
1
answer
44
views
Debugging Lambda Connectivity to EC2
I have a simple Lambda deployed into my VPC that is making a call to an EC2 host in the same VPC (and subnet). They both share an SG and I've used the Reachability Analyzer (from the Lambda ENI to ...
- 63
0
votes
0
answers
71
views
AWS EC2 Ubuntu instance launches WildFly (Java / Jakarta EE server) but seems inaccessible via browser
I am trying to setup AWS for a JBoss WildFly 31.0.0.Final to get a demo webapp up and running. So I found this tutorial:
https://kamalmeet.com/cloud-computing/amazon-ec2-step-by-step-guide-to-setup-a-...
- 101
0
votes
0
answers
115
views
Want to use user_data (hardening script) for EKS nodegroups with EKS module (Hashicorp provided)
I am using EKS terraform module (https://github.com/terraform-aws-modules/terraform-aws-eks) to create EKS cluster and it is working fine.
I have written shell script to harden EKS worker and I want ...
4
votes
1
answer
2k
views
How to upgrade to IPv6 for AWS EC2?
Starting yesterday, AWS is charging for IP addresses (IPv4). I would like to upgrade my EC2 instances to IPv6, but I must be missing the docs on how to do that?
I can't seem to get an EC2 instance ...
- 399
0
votes
0
answers
49
views
How do I debug why my aws iot remote job is stuck in queued?
I have an aws IoT core MQTT broker that's working. I can connect to it and get message to various topics. But when I create a "remote job"
https://docs.aws.amazon.com/iot/latest/...
1
vote
0
answers
120
views
AWS Batch on Fargate is not allocating the correct number of vCPUs
I have a web application offloading some resource-intensive tasks to AWS Batch, backed by Fargate.
It's a very simple setup - a single queue, a single job definition, and a single compute environment. ...
- 111
1
vote
1
answer
144
views
Accessing RDS or EC2 instance without '.pem' key
I am working for a charity who has a few of their services on AWS.
They hired an agency years ago to spin up these intranet and tools platforms. I am trying to get a dump of their db, for backup ...
- 11
0
votes
0
answers
26
views
AWS Automatic IAM Roles for Service Users
I have an EC2 instance that has an assigned/assumed role. When I run:
aws sts get-caller-identity
as the main login user or with sudo it returns the account information expected. However, I have a ...
- 123
1
vote
0
answers
106
views
AWS Ingress-nginx loadbalancer: Targets are not within enabled Availability Zones
I have an EKS cluster with the following set up
2 VPCS 1 prod, 1 stage
each vpc has 3 subnets 1 public and 2 private
each vpc has 1 internet gateway and 1 nat gateway
The private subnets are connected ...
- 111
0
votes
1
answer
94
views
EC2: multiple subdomains with one public IPv4 address
i have many EC2 instances, each of which currently has a public IPv4 address associated with it:
Instance
Public IP
DNS
juno
7.8.9.10
ec2-1-2-3-4.compute-1.amazonaws.com
ceres
7.8.9.11
ec2-1-2-3-5....
- 11
0
votes
1
answer
235
views
how to block outgoing traffic in ec2 without blocking ssh
I have an EC2 with has public subnet and traffic is flowing through internet gateway.
Now, i have an requirement like I have to block all outgoing traffic in EC2.
I have tried to restrict the traffic ...
0
votes
0
answers
338
views
AWS ECR pull-through-cache fetch image via HTTP request to registry
I've set up an AWS ECR pull-through-cache for Docker Hub registry.
Say it is available under: 123.dkr.ecr.eu-central-1.amazonaws.com/docker.
Now after authenticating using:
aws ecr get-login-password ....
- 173
0
votes
1
answer
83
views
Why my AWS T2.Medium EC2 CPU utilization is at 27% constant, but on running top command shows 100%?
I am running my PHP Laravel application in AWS EC2 instance (T2.Medium, 2 core) through Laravel Forge. For 5 months continuously I am seeing constant CPU utilization of 27% in the AWS console graph. ...
- 101