Armayss i want to move a web application on amazon, should i follow this tutorial https://docs.aws.amazon.com/en_us/gettingstarted/latest/wah-linux/web-app-hosting-intro.html or use elastic beanstalk ?
BejgliArmayss: elastic beanstalk would be the easiest way
Bejgliit's managed web hosting
Bejglibut depends on what else you need
Armayssyes this is what i thought Bejgli thanks
ArmayssBejgli, did you do that with multi containers ?
BejgliArmayss: if it's wordpress for example, there are wordpress AMIs (machine images) available
Armayssno it's a js application
Armayssnode and angular
BejgliArmayss: I just tried beanstalk, i'm not running any web service myself
ArmayssBejgli, i have to write a dockerrun file
Armaysswith two images
aindilisanyone know how to set the utterances.txt and intent_schema.json for an AMAZON.LITERAL type, or has that been deprecated?
aindilisfor Echo Alexa
aindilisin the developer portal
Keksikehey! I'm trying to use S3 presigned urls, but I get a error 'The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256'. I'm using eu-central-1 (frankfurt). How can I set the proper authentication method for S3 in JS (Node.js)
AikiLinuxHi , I am trying to create a peering between 2 VPC's so i can use the internal IP's for communication
AikiLinuxi have create a peer connection, and added routeing table, but still no connections
AikiLinuxthe security groups allow access form the internal range
AikiLinuxthe VPC's ranges are 172.30.0.0/16 , 172.31.0.0/16 and 172.32.15.0/24
rdgno connections to what
rdgKeksike: you solve your problem?
guest5684hi guys anyone got an amazon echo ?
cloudyMoonguest5684: i do, but i havent done anything with it
cloudyMoonit just sits muted on my desk
rdgguest5684: any particular question?
rdganyone know the difference between CognitoIdentity and CognitoIdentityServiceProvider functionally?
guest5684oh wow some guys have them :)
guest5684mines playing happy music
guest5684ive been looking at coding apps for it
guest5684i see there are intents
guest5684how can i get every word you say to it ?
guest5684i saw a {Source} intent
rdgyou can't
guest5684but i found translated skill
guest5684and it says every word you say to it back plus on amazon alexa app it prints what you say to it there
guest5684so it gets every word you say
guest5684i had a look at a translator app example and it passes {payload} to google translate api and uses a {Source intent}
guest5684i mean a {Source} intent
guest5684Translated Skill (gets every word you say to it) https://www.amazon.com/Translated/dp/B01N9BZJPZ
guest5684translator example uses {Source} intent http://blog.rapidapi.com/2016/10/07/alexa-api-project/
guest5684has code
guest5684rdg: did you look at the links
rdgno
guest5684cloudyMoon: did you look at the links
guest5684anyone have a amazon alexa and knows how to use {Source} intent
rdgman i just have no fucking idea what i'm doing with cognito and federated identities
Tantait makes more sense if u did SAML or OAUTH or something before
Tantait's an old idea
rdgit's really the API that's killing me I think
rdgI have a person connect their Echo to my Alexa app via their Amazon Account
rdgno big deal, I can make a federated identity with their LoginWithAmazon token
rdgbut I also want them to make a real account so they can change some things outside of Alexa
rdgand I can't figure out how to combine the two
rdgI don't mind just using Login with Amazon for now except I can't figure out how to make it support testing from localhost
guest4577hi guys does anyone know how to use the {Source} intent with amazon alexa
rdgyou need to go read the docs on how Alexa works
rdgthere is no {Source} intent
rdgthat's why you don't understand what's happening in the rapidapi docs
rdgin fact, I don't think the rapidapi thing does what you think it does
devnull84hey dudes/dudettes
devnull84anyone know how i can stream aws s3 cloudtrail logs into an ELK or AWS managed service of ES/Kibana
cloudyMooni do not.. but given the key word streaming, did you check out kinisis? (super new to aws here, but thats the word association that comes to mind)
amcmdevnull84 see if you can trigger a lambda from cloudtrail ? Might not have to run through kinisis
hspencerhttp://docs.aws.amazon.com/lambda/latest/dg/with-cloudtrail.html
hspencerdevnull84: maybe that will help?
kgirthoferdevnull84: lambda
cloudyMoonwhy is lambda always the answer
livingstnSay I have a web site, myoldsite.com, and I want to redirect its traffic to mysite.com...but have some conditional rules based on paths, etc. Is there a logical place to do that outside of actually spinning up a web server to field the requests?
TantaALB
Tantaor API gateway
livingstnTanta Can you define all of those rules in an ALB? Something like "If URL equals myoldsite.com/my/path, redirect to mysite.com/other-path"?
Tantadunno, did u read the docs
Tantait does URI based routing
livingstnlol no, you sounded confident so I figured I'd ask before researching ;-)
Tantawell those are the products which would fit your solution
TantaI don't know if they are guaranteed to do exactly what you want
livingstnI'll check them out
livingstnthanks
Tantabut ALB does have a capability that is at least close to your quetsion
Tantaso I would start there
Tantahttp://docs.aws.amazon.com/elasticloadbalancing/latest/application/tutorial-load-balancer-routing.html
Tantathis seems helpful
livingstnyeah iirc alb can only do a finite number of paths
livingstnthe other option would be using a reverse proxy like varnish
livingstnTanta "Each rule action has a type and a target group. Currently, the only supported type is forward. You can create a rule that forwards requests to the specified target group."
livingstnlooks like that won't work for the time being.
devnull84yep seems like lambda to do this shit for me
Tantathen your alternate path is a reverse proxy with nginx + ec2 or something
devnull84more $$$
devnull84ffs
kerouacexit
kerouacexit
kerouacblah
GK___1wm____SUACTION sah
m9xDRv8TeTryi created two RDS clusters A and B, and set up a replication stream from A to B using AWS DMS. what do i need to do to start treating cluster B as the master, serving reads and writes?
m9xDRv8TeTrysimply kill the DMS replication stream?
m9xDRv8TeTrywhat happens when i write to B while the replication stream is going ?
m9xDRv8TeTrywill those changes be overwritten by DMS via the binary logs
Tantai would open a support ticket
TantaDMS is pretty new
Tantawe played around with it for bulk import but not replication
m9xDRv8TeTryit has to be a binlog sync
m9xDRv8TeTryso im guessing it goes one way, and A just overwrites B at the binlog level
m9xDRv8TeTrythe docs don't go into very much detail
balazsWhat should I look at for when moving lambda functions from node 0.x to 4.3 ?
cloudyMoonanyone have a good way to check if an s3 bucket exists?
kgirthof_aws s3 ls?
kgirthof_or do you mean something more existential
cloudyMoonthat seems like a great set up for a head in the clouds type of joke
kgirthof_if you can't see it - does it really exist?
kgirthof_anyway - just try to list the bucket.
kgirthof_it'll tell you it doesn't exist
kgirthof_aws s3 ls s3://notarealbucketdasflkjasldkfjal
kgirthof_An error occurred (NoSuchBucket) when calling the ListObjects operation: The specified bucket does not exist
cloudyMoonim trying to script out a cloudforation cross region replication but both buckets need to exist..
kgirthof_unfortunately someone actually made a bucket called "notarealbucket"
kgirthof_lol
roberthlYeah, a simple GET on the bucket URL root will return an error if the bucket doesn't exist
kgirthof_ah that makes new buckets?
cloudyMoonyeah
cloudyMoonso run onece to build bucket one
cloudyMoonrun twice builds bucket two and corss region rep. to 1
cloudyMoonthen run a third time to compleat the loop and do the rest of stuff?
cloudyMoonidk, aws makes me feel like im super dumb (well i know this but aws keeps rubbing my face in it)
roberthlSounds like you need three templates: region 1, region 2 + rep to region 1, rep to region 2
kgirthof_nah you're good. So what is the end result you're looking for?
kgirthof_you can also put in a parameter where you type in the name of the buckets
cloudyMoonthats what im currently doing
cloudyMoondoing/working on
cloudyMooni know it wouldnt be very pythonic but i kinda wish that boto3 returned errors as part of the return dictionary rather than an error :P
roberthlI do not wish that
cloudyMoonlol im just a terible person
m9xDRv8TeTrycloudyMoon: me too
cloudyMoonm9xDRv8TeTry: gladd to be in /good/ company
falgraAnyone here have experience with the migration from CloudWatch via ec2config to ssm?
cloudyMoonive played with ssm param store and run commands but thats about it
falgradocs say to copy the AWS.EC2.Windows.CloudWatch.json to the SSM plugins dir, and then restart the service. when restarting service it changes IsEnabled:true to IsEnabled:false and not doing crap
javi404is there a way to replace key on an instance store backed instance in classic?
javi404this is an old instance smeone forgot about for 4 years
javi404no on has key
m9xDRv8TeTrycloudyMoon: don't say the word "company". it freaks me out
malikeyehowdy... anybody have some advice for locking down DBA's to specific VPC's for RDS? I've tried various conditions and I'm not having any luck
gholmsNot sure why luck would be involved
gholmsOne way you could do it is by limiting security group rules or IAM policies to specific addresses.
gholmsThat can get a bit squirrely in a hurry, though.
nezZarioI have an interesting issue here ..
nezZarioWe have about 500 websites that are sitting behind a single classic load balancer
nezZarioNot a single one has https/ssl
nezZarioWe want to get ssl for all of them ...
nezZarioIs that even possible?
malikeyeI already limit some people to specific VPC's via subnet allowance... haven't tried that on RDS though
epequenonezZario: sites? like vhosts on several instances? or do you mean 500 instances?
roberthlnezZario: You can use "Subject Alt Names" to put several domain names on the same certificate
nezZarioepequeno: yeah that many vhosts ...
gholmsnezZario: One way is with a single cert with lots of names.
roberthlnezZario: Search for "SAN certificates". Amazon Certificate Manager offers them, but by default limits it to 10 domain names per certificate
roberthlnezZario: They say you can ask for an increase to the limit, I don't know what the theoretical limit is
nezZarioroberthl: well that wouldn't work anyway .. these are customers .. we drop and add new sites relatively frequently
nezZarioI could just use a "TCP" load balancer and handle the SSL on my end, couldn't I?
gholmsSure
nezZarioI really don't use any of the HTTP-level features of the load balancer anyway
gholmsIf you're doing it with vhosts you will still need a huge cert or a cert and a different port per site.
roberthlYou can use SNI to have different certificates on the same port
gholmsYeah, assuming all your clients support it
nezZarioRight .. yeah .. we were just going to use SNI ... Windows XP Internet Explorer users be damned
roberthlSNI is pretty acceptable these days, the web is unusable by clients that don't support SNI
nezZarioWell the thing is we aren't going to force anyone to use https either .. the http site will be available
nezZarioWe just have a large number of customers that have been told by SEO companies that https helps and, therefore, we keep getting asked for it.
roberthlWell it does, Google openly state that HTTPS increases your Google juice, and Chrome has a medium-term plan to mark HTTP sites as insecure
gholmsI sure wish all the embedded crap I used supported SNI.
nezZarioDoes the new "Application Load Balancer" support HTTP/2 yet?
roberthlYes, it supported it from Day 0
nezZarioOh nice ..
Tantacerts are free with letsencrypt
Tantaincluding SNI
Tantawhy not just do that
gus_Hey, apologies if this isn’t the right place, but I have a question about Cognito Federated Identities
gus_I’d like to use either a cognito user pool or a federated identity for account linking with an alexa skill
gus_Is that even possible? It doesn’t seem like user pools are oauth2 providers at all
gazarsgonezZario: i just benchmarked TCP passthru vs elb/alb termination. it consumes a lot more CPU to do TCP passthru instead of letting the loadbalancer terminate SSL, even if you do HTTPS end to end. also ALBs are 30% faster than ELBs.
gazarsgoanyone know why cloudwatch metrics look different on dashboard view than they do in the ec2 interface? looking at surge queue length and getting fractional amounts for averages where ec2 shows integers :-/
balazsDoes anyone have a ElastiCache::CacheCluster example in a VPC, so using VpcSecurityGroupIds ?
roberthlYes
balazsroberthl: can I see it ? It's seriously making my head hurt
roberthlbalazs: https://gist.github.com/roberthl/e6de3b3a9307a74bfb4b11ba40272b48
balazsroberthl: Where is HttpInstanceSecurityGroup tough ?
roberthlIt's just a security group ID, I've updated it to be more clear
balazsoh, the penny's dropped. I always just use CIDR, so wasn't sure what it was supposed to be. Thanks!
roberthlBest to avoid using CIDR when creating rules to target AWS resources
balazstrue
gus_irelandHey, apologies if this isn’t the right place, but I have a question about Cognito Federated Identities
gus_irelandI’d like to use either a cognito user pool or a federated identity for account linking with an alexa skill
gus_irelandIs that even possible? It doesn’t seem like user pools are oauth2 providers at all
gazarsgogus_ireland: what are you using for your alexa skill hosting ?
gus_irelandgazarsgo: we’re running the skill on lambda
gazarsgodo you have api gateway in front of lambda ?
gus_irelandYeah
gazarsgohttp://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html
gazarsgoi don't know where oauth2 might come into play...
gus_irelandI’m following this tutorial: https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/linking-an-alexa-user-with-a-user-in-your-system
gus_irelandI have user data in cognito sync that I’d like to access from an alexa skill
gazarsgoyou can create some more lambdas to act as an oauth2 server ... weird that the alexa skill kit doesn't include instructions to do so
gus_irelandOk, I figured I’d have to do something like that
gus_irelandThanks for the help!
cnnxanyone know if amazon lightsail vps's are guaranteeed rsources for ram/cpu/hdd?
gholmsGuaranteed?
cnnxyes
cnnxi.e non-shared
roberthlThey are just EC2 instances (i.e. Xen) behind the scenes, so you'll definitely get the RAM and HDD specified. CPU performance could be affected by other instances on the same host, just like with EC2.
cnnxwhats the cheap solution to get guaranteed cpu
gazarsgothere are no guarantees in this world ...
chainzcheap and guarantee don't go well together
roberthlThere isn't. If you're virtualised there is always the risk of contention with other tennants.
cnnxis a vps enough to host a website?
gholmsIIRC, they're t2 instances, which would mean there's contention.
chainzyou can get dedicated instances
chainzor dedicated hosting
roberthl!= cheap
chainzdedicated instance is probably cheaper than dedicated hosting though
cnnxwell i'll start small
cnnxill go with a regular vps
gazarsgodedicated tenancy is super expensive
chainzand a reserved dedicated instance would be cheaper than an on demand one
cnnxif its too slow for my website users
cnnxill get soimething better
gazarsgoyou could always make the code faster instead ;)
cnnxwhy is lightsail better than linode or digital ocea?
cnnxocean
cnnxi'm comparing as many as i can
roberthlIt is a good place to start if you intend to use any of AWS other services, aside from that it isn't objectively better.
cnnxok
cnnxwhat other services could i benefit from
jonjitsuI have an ec2 with a role in account A and would like to give it s3 access in account b. Is the only way through a bucket policy?
cloudyMoonyes
cloudyMoonbut its not a pain in the ass
cloudyMoonthough its way easer to pull than to push an object...
amcmWhat's a "website"?
gholmsYou don't need dedicated tenancy to not be sharing resources.
RemramHi! I'm wondering if there is a way to use the AWS API on another user's behalf (OAuth kind of thing), eg. on my website, have a button that launches something on the clicking user's account
gholmsYou just have to not use a t instance.
cloudyMoonas in, if you push an object in to another account's s3 bucket the account that pushed the file will still own the file unless assume a role on account 2
cnnxwho has a nicer control panel out of all vps providers
cnnxmost features
jonjitsuit's possible for an ec2 to assume a role? Is that by creating a user and having the credentials on the ec2?
cloudyMoonjonjitsu: http://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example2.html
cloudyMoonjon, it is but boto3 is easer than using the cli
cloudyMoonthough thats an opinion more than a fact :P
gazarsgogholms: that's not true ... ? heh
RemramAnyone knows if this is possible on AWS at all? Or another provider?
jonjitsuI have a bucket policy that works. I was just wondering if there were other ways
gazarsgoRemram: that's what the marketplace does
cloudyMoonjonjitsu, sorry yes, but you have to asigne the role on making the ec2 instance
gholmsgazarsgo: What makes you think otherwise?
gazarsgoRemram: https://aws.amazon.com/marketplace/
cloudyMoon(( jonjitsu, misread your question))
gazarsgogholms: because you have cpu steal to contend with
gholmsCPU steal doesn't happen on non-t instances.
gholmsEC2 doesn't oversubscribe them.
cloudyMoonjonjitsu: you can use boto3 (or any of the sdks) assume a role with sts then upload the file
jonjitsucloudyMoon, actually I think they changed the on create restriction in february
cloudyMoonreally!??!!
cloudyMoonthats awsome
gazarsgogholms: you're wrong :)
Remramgazarsgo: So I could have a button that links to an app on the marketplace, and the user goes through the wizard to choose the instance parameters and launch it
gazarsgoRemram: yep
jonjitsucloudyMoon, If I have a role on my ec2, I can use it to access a bucket in another account without using bucket policies?
gholmsgazarsgo: I'm just going by what EC2 engineers told me at reinvent, but if you can point me to docs that say otherwise I'm happy to change my tune.
RemramI see
cloudyMooni... i dont think so jonjitsu, i think it needs to be in both places
jonjitsuhttps://aws.amazon.com/blogs/security/easily-replace-or-attach-an-iam-role-to-an-existing-ec2-instance-by-using-the-ec2-console/
gazarsgogholms: i only have empirical measurements ... even on new instances like i2s i have seen cpu steal
gazarsgo(newer)
gazarsgoi can't say whether it's the hypervisor stealing cpu or other instances on the same metal, granted
gholmsIt's the hypervisor and EBS that's doing it.
gazarsgoi didn't have EBS in my stack at the time
gholmsDefinitely not other instances, unless they have been outright lying to their customers.
gholmsIt's easy to test if dedicated tenancy makes a difference. Just not super cheap.
jonjitsucloudyMoon, so basically I can't use cross-account roles for this by somehow linking it to my ec2 role in the other account?
cloudyMoonnot quite, you can make a cross account bucket policy
gholmsI *will* say that the primary reasons they introduced dedicated tenancy and dedicated hosts are compliance and licensing, not performance.
cloudyMoonthat will allow the sending account to put files in the second account's bucket
jonjitsucloudyMoon, ok thanks, that's what I have so I'll stick with it
jonjitsuno choice...
cloudyMoonjonjitsu: i may be dumb...
jonjitsucloudyMoon, you don't seem to be
cloudyMoonyou can assume a role...
cloudyMoonyou just have to do it with code on the ec2 box
cloudyMooncheck out sts
cloudyMoonsorry im trying to figure out a threading thing too and its taxing what little brainpower i have :P
cnnxis there good support for aws light sail in here?
cnnxif something goes wrong
cloudyMoonum... im not a fan
cnnxor do they have ticket/phone support too?
gholmsYou can buy support if you want.
gholmsOtherwise it's generally limited to billing issues and community support.
cloudyMoonthis is a lightsail box and i kinda regret it...
cnnxwhy
cnnxi was gonna run websites on mine
cnnxif i buy one
cnnxcloudyMoon: which vps provider do you recommend then for quality?
cloudyMoonits not as flexible as a t2 for what i use it
cloudyMoonaws
cnnxi dont want to spend much
cnnxjust for a website
cnnxit has maybe 20 users a day
cloudyMoonwere you worried you were going to burn all your cpu credits?
cnnxyeah
cloudyMoonis it pretty cpu intensive?
cnnxnot really
cnnxjust a mysql database
cloudyMoonhum..
gholmsIf you aren't using the CPU all that much then it shouldn't make a huge difference.
cnnxi'm ok with the 5$ deal then?
cloudyMoonyeah, trial a t2 that makes sense for your load
gholmsYou could always try it and see what you think.
cnnxdoes it have debian
cloudyMoonand see how it works
gholmsNo, but it has ubuntu.
cnnxmy current system is on debian
cnnxi rather migrated to another debian
gholmsThat'd be an argument against using lightsail today, then.
cnnxok
gholmsYou have exactly two choices of operating systems, IIRC.
cnnxwho else can i check
RemramIt seems that both Digital Ocean and Google Cloud Compute offer OAuth, allowing a user to let my app start stuff on their acount
RemramI'm surprised AWS doesn't have this?
gholmsRegular EC2 has more OS options, of course.
cnnxis there agoogle cloud flat rate option like 5$?
cnnxi want flat rate
cloudyMoonis t2 not flat rate?
cnnxt2.micro?
cnnxthought it was by the minute
cloudyMoonit is but you can buy longer for less money
gholmsYeah, but if you're up all the time you always pay the same amount per day.
cnnxhow much would it cost
gholmsYou can also pay for a whole year in advance if you want. Gives you a discount.
cnnxok
cnnxare all aws servers in us datacenters?
gholmsNo
cnnxcan i choose mine in a usa one?
cnnxwiht a us ip?
gholmsYes
cnnxok
cnnxor should i go with google cloud
cnnxwhtats the difference
cnnxthey are the two biggest right
gholmsIt might be worth reading the EC2 docs.
RemramTheir pricing is a bit different but not much
gholmsThat would answer a lot of your questions.
cnnxok
cnnxthanks
cnnxgoogle cloud offers debian?
gholmsTheir pricing is a little different and image creation is hampered on gce, but meh.
cnnxthey have a 300$ credit right now
cnnxshould i take that ?
gholmsI think you should try out whatever looks good to you and see what you think.
RemramAWS offers you a free year of limited usage
gholmsMhm
RemramGCE offers you a lot of usage for 2 months
cnnxok
RemramAWS's free tier is probably better for you
cnnxbut the pricing is the same?
RemramThe prices are comparable but not the same no
gholmsThey're fairly similar.
cnnxwhos more expensive
gholmsNot the same, though
Remramthey are clearly stated on the websites so depending what you need you'll see how much it'll cost
RemramFor a small server running all the time it'd be about... $5/month?
cnnxon a t2.micro?
cnnxis 512mb enough for apache/mysql?
RemramFor little traffic, sure
RemramAh, here's the AWS pricing calculator: https://calculator.s3.amazonaws.com/
cnnxok i'll try aws
RemramHere is GCE's calculator: https://cloud.google.com/products/calculator/
amcmfrom the AWS cli can you see what role you're performing actions as? I'm in a task with an assumed role, that has putObject on a path inside an s3 bucket, but I'm still getting permission denied trying to aws s3 cp a file
amcmn/m ... I built a template for my policy, then didn't use it, just my garbage place holder
cnnxnot sure if i should go lightsail
cnnxor use the free 1 year t1.micro
cnnxwhat do you think
cloudyMoonyou will have more flexibility with the t type instance
cnnxwhich one is included
cnnxcause i got charged 55$ last month
cnnxthey refunded me
cnnxi choose RHEL instance
cnnxthats why
cnnxwhich is included
cloudyMoonamazon linux
cnnxok
cloudyMoonbut when you spin one up there's a checkbox for elegeble for free
cloudyMoonor something
cloudyMoonits on the left side
cnnxok cool
cnnxty
zivesterdoes lightsail overlap with ec2 in any way? as far as management, static IPs, etc ?
zivesterwould love the 1TB bandwidth for a project but would like to just manually administer everything
gholmsAFAICT it hides all that from you.
cloudyMoonziv, no.. ites really gimped
cloudyMoonim using one as my dev box and its kinda frusterating
zivesterwhats it missing for you?
cloudyMoonsecurity
cloudyMoonlike being able to set the role
zivesteru can't add security groups ?
amcmweird but true? you need s3:GetObject to use aws s3 rm ?
cnnxis a dedicated host a real physical server
cnnxin aws datacenters
cloudyMooni need to give it creds
cloudyMooncnnx, you dont need deticated
cnnxcloudyMoon: i know but i wanna know
gholmsYes, it is
cnnxok
gholmsThey allow that for licensing reasons.
kgirthoferit's vvvv expensive
cnnxwhats the max sizde for my hdd i can choose for free
cnnxdefault is 8
cnnx can i put 20 or 30
cnnxor do i need to pay
cnnxalso whats the default os if i chose linux
cnnxit didnt ask me which distro
cloudyMoonamazonlinux its based on rehl
cnnxi dont wanna pay extra
cnnxis rehl included?
cloudyMoonum, amazon linux is based on rehl, that is the free one
cnnxok
cnnxwhat about the hdd size
cloudyMoonas for hd size...
cnnxwill i get charged?
cloudyMoonidk
gholmsYou can run actual RHEL as well, but it costs extra.
cloudyMoon^
cnnxok it says
cnnxup to 30gb free
cloudyMoonhttp://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html
amcmIs it possible to limit ListBucket to a prefix ?
cloudyMooni dont think so
dc`anyone know the value for +/- infinity when using the api/cli to set up an austoscaling step policy?
cloudyMoonwell you can with the conditions
cloudyMoonbut not by having the resource be arn:aws:s3:::mybucket/these
javi404how old is an instance you can't even image?
gholmsEh?
cloudyMoonstill trying to get in to that?
cnnxcan the kernel be updated
cnnxon the free tier ami linux instance rhel
cnnx?
cloudyMooni know that they release new versions all the time
cnnxcan i upgrade?
cloudyMoonlike the ami are always chainging (ami are amazon machine images)
cnnxor i have to erase everything
cloudyMoonum... this is where it gets tricky and lightsail is dumb
cnnxim not on light sail
cnnxim on ec2
cnnxim logged in already
cloudyMoonyeah
cloudyMoonno sorry, i was going to say this is why i like ec2 better
gholmsLightsail does use the instance's kernel, right?
cloudyMoonif you put your code on an ebs volume, you can detatch the volume form the instance, scrap the instance, and attach the ebs volume to a new instance
gholmsThat's what basically every image published in the past several years does.
gholmsThose let you use dpkg/rpm/whatever to upgrade your kernel.
cnnxso i can upgrAde with yum
cnnxwithout losing my data
cloudyMoonyes
cnnxor rpm
cnnxok
cnnxcool
cnnxlet me get to work
cnnxto transfer my websites
cloudyMoonwell i mean with in reason right?
cloudyMoonif the upgrade fails it can trash the box.. but that could be the case for a computer sitting right next to you too
cnnxthre's no kvm?
roberthlNo, the best AWS offers is being able to take a screenshot
cnnxthat really sucks
cnnxeven cheap vps providers have kvm
cloudyMoonwhats kvm?
roberthlserial console
cnnxwhere you see the remove text console
cloudyMoonoh eew
cnnxin case you screw up
cnnxiptables
cnnxor your networking
cnnxor sshd
cnnxetc
cloudyMoonoh um.. i thought you ment web ssh thingy
roberthlAWS solution is to attach your EBS volume to another instance and fix it, lol
cloudyMoon^ yeah
dtypecnnx: the idea is that instances should be deploy and re-deployable. If it fails, image needs fixing and re-deploying.
dtypeor yeah, float the ebs image elsewhere if you're in a disaster scenario
dtypecan always snapshot or build an AMI from a running image if you're trying to create a rollback point, although probably not the cleanest thing
gholmsThey aren't really targeting the "VMs as pets" market with EC2.
dtypebut basically you don't want non-recoverable state on a running image
cnnxthe /vdx1 drive is seperate from the os?
gholmsBroken instance? Shoot it in the head and replace it.
cnnxthats what you mean detach?
dtypecnnx: attached ebs shares can be separate from the OS. Also possible running OS is on a root ebs share (probably is)
dtypejust block devices
dtypecnnx: fwiw, took me some getting used to, not having a console. Just have to start thinking of launched instances as somewhat transient. Even long running ones, in that you should plan for persistent data needs to be separate from OS.
dtype(is the correct strategy for hardware too, just easier to coddle bad practices with a piece of pet hardware)
gholmsEFS makes that a lot easier.
dtypeyeah, EFS a fun option.
cloudyMoonits the servers like cattle, not pets mentality
dtypealso pretty easy, as it just is a mounted share
cnnxaws is marketable right?
cnnxfor someone looking for a job?
cnnxto know
gholmsVery.
cnnxok
dtypeops people around my market aren't taken seriously if AWS isn't in their vernacular
dtypetry and build a silicon valley startup and mention "and we're building out hardware in multiple data centers" and see how fast you get shown the door. :)
gholmsWell, that said, AWS charges eating startups alive is also totally a thing. :P
dtypeyeah, depends on whether you're in operational stages or not
dtypehardware when developing things, great. When you plan to launch to 100,000 users that may turn into 1M users tomorrow, not so great.
gholmsI'm more referring to startups that suddenly find themselves burning $200k per month on EC2. :P
cloudyMoonholy crap...thats awkward
gholmsIt's sort of a good problem to have, I guess.
cloudyMoongholms, is that hyperboly? or actul moneys?
gholmsThere was a thing in the news about it a few months ago.
gholmsI forget who all it was about.
gholmsGiven the way most startups work, I doubt it's the common case.
dtypewe'll spend maybe 500k-1M bucks this year
dtypeand we're not huge
cloudyMoonthats still tier one right? between 0 and 500m?
gholmsWhen you're burning angel investment funds that is enough to hurt.
roberthlThe AWS bill at the startup I consult for has quickly balooned as they grew, but the reality is without AWS they wouldn't be able to afford the people power to run the software they need to operate at that scale.
dtypeat least cost should scale with actual use. If you're managing to burn cost without use, then that's your issue. :)
gholmsYeah
gholmsThat's far better than overprovisioning.
csmuleHi all. Is ipv6 available on EC2 instances in all regions now? Or particulary Oregon?
gholmsIt's available everywhere except cn-north-1.
cnnxis there a default firewall
cnnxon t2.micro
cnnxi installed httpd
cnnxand started it
cnnxbut cant telnet to port 80
gholmsCheck your security group settings.
cnnxand i binded it to 0.0.0.0:80
gholmsThat's the thing that firewalls traffic.
cnnxso its listenning
cnnxok
cnnx[root@aws1 ~]# netstat -plantu|grep httpd
cnnxtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2975/httpd
dtypecnnx: security group has your firewall. need to open up 80/tcp to an ip/range/world
cnnxdtype: thanks
dtypealso generally assuming that your instance is internet gateway reachable, or you wouldn't be ssh'd into it on a simple setup.
cnnxbut its confusing
cnnxport 22 is open by default without rules
gholmsThat happens automatically for the default VPC cnnx is probably using.
cnnxand you're saying 80 is closed?
cnnxyes
cnnxVPC ip
cnnxnot elastic
dtypeif you ssh'd in from the outside then your vpc is gateway'd out. Default/wizard based instance may have 22 open.
dtypeso you need an 80 rule just next to that one
cnnxok
dtypei think the launch wizard may open 22 to the world
cnnxi created it
cnnxbut it still doesnt work
cnnx HTTP
cnnx
cnnxTCP
cnnx
cnnx80
cnnx
cnnx0.0.0.0/0oops
cnnxhttp tcp 80 0.0.0.0
cnnxits simple
cnnxoh wait
cnnxit wasnt applied to the instance
cnnxworks now
cloudyMooncnnx been there...
steezehey all, wondering if anyone could shed some light/give me debug tips on this issue. my ec2 instances (behind elb) give me a 504 but memory and cpu usage is low and health checks are fine. ive checked everything i could think of but cant get any more insight into what is happening
gazarsgosteeze: your health check doesn't necessarily correspond to application health. are you seeing 504s in your application logs or from ELB backend connection errors?
steezeon the client
steezeim not sure the server is ever responding
steezewe just set up the ELB on our demo env and it's working. of course, ha. i didnt do the implementation though, so not sure what was different between the 2
cloudyMoonquestion, i have an alarm from cloudwatch going to sns then ending at a lambda to write the results to slack. i cant tell what the body of the message is...
cloudyMoonthe lambda test gives it as a string but it looks like a json from cloudwatch...
gazarsgosteeze: you can run into problems with not having the correct availability zones assigned to the ELB, or security group problems with the instance not allowing traffic from the ELB, or routing table not allowing subnets to route to/from the elb subnets and the instance subnets
cloudyMoonsorry i guess my question is wth cloudwatch...
cnnxi'm getting 82ms roundtrip on my pings
cnnxfrom montreal to san jose california
cnnxis that normal?
cnnxmontreal to montreal i would get 20ms
cnnxso my VM is running on a physical server somewhere in california
cnnxif thats where i chose right?
gazarsgocalculate the speed of light and convert it into miles
gazarsgolast time i did so, amazon gets around 30% of lightspeed
gazarsgo(or km if you're canuckian i guess)
wilornelHey ##aws!
wilornelI would like to spin up a Tensorflow AMI EC2, to try out wavenet
wilornelI have never done this kind of work before. Does anyone know how much time would training on a p2.xlarge would take? How could I approximate that?
wilornelIt would be nice if I could only pay for the compute time on the high performance GPUs, and not pay for the uptime of the EC2. Is that possible?
gholmsWell, you can certainly shut instances off when you don't need to run them.
wilornelI think I'll do this. Just install some script that will check if it is idle for 10 mins and send a shutdown signal then
gholmsSeems pretty straightforward to me
gholmsIf you only have one instance you probably don't need to do anything super complex.
gazarsgoi just open up a tmux and `do_some_work.sh && aws s3 cp results s3://mybucket/results && shutdown -h now`
wilornelActually, I think I'll use : https://aws.amazon.com/about-aws/whats-new/2013/01/08/use-amazon-cloudwatch-to-detect-and-shut-down-unused-amazon-ec2-instances/
wilornelhmmmm
gholmsThese days you can even have a cloudwatch alarm kick lambda and shut the instance down for you.
wilornelwoah, I think gazarsgo's way is nice
wilornelbut if do_some_work.sh fails, it won't shutdown, gazarsgo
gazarsgoyeah
wilornelmaybe you want `do_some_work.sh ; aws s3 ... ; ...`
gholmsThen replace the last && with ; :)
gazarsgothat's usually intentional, so you can inspect if you have an error
wilornelor like that, yes!
wilornelhmmm
gholmsUnless you want to keep it running and read output, of course
gazarsgoif you don't care, i use || instead of &&
gazarsgoi don't know why, i just avoid using ; in bash
wilornel(I see. I guess it might be because it seems like in A ; B, B will be executed right away if A spins off something in parallel?)
wilornelBut yes, I will use cloudwatch and gazarsgo's trick
gholmsIf A forks off then it won't likely matter what separator you use.
wilornelyes, I don't know why one would tend to avoid ;
gazarsgome neither, like I said :D
wilornelInteresting! "You can use the reboot and recover actions to automatically reboot those instances or recover them onto new hardware if a system impairment occurs". Does that mean that you can have an EC2 that runs in p2.xlarge but if something happens that you dislike, you can move it over to a t2.micro?
gholmsSure, you can change to any instance type you want while the instance is off.
gazarsgono, the cloudwatch based automated instance recovery has some limitations. in general you can stop and start an ebs-backed instance on a new instance size
wilornelAwesome!!
gholms(Assuming you boot from EBS)
wilornelhmmm ?
wilornelI'm confused now
gholmsYou probably will. Don't worry about it.
gazarsgoto change instance sizes is manual, to recover an instance will use the same instance size as failed
gholmsACTION nods
gholmsThat's just there to try and restart your instance if its host dies.
wilornelI guess I could write some script that would take care of changing the instance size
wilornelAnd I do not pay for a stopped instance, right?
gholmsOnly its storage
gholmsThat's miniscule compared to the price of the instance while it's running.
wilorneloh, I could figure out how to have two machines share storage. I have a t2.micro
wilornelBut they are in different regions, so I guess I can't do that
wilornelIs S3 storage cheaper than EC2 instances' storage?
gholmsIf they were in the same region they could use EFS, but yeah.
gholmsWhether your EBS volumes cost more or less per GB than S3 will depend on what you're doing, but S3 is usually cheaper.
gholmsWith EBS you pay for the whole volume, whether it has data or not.
wilornelI see, thanks for the info. So far I did not have to worry about this too much. But I think it's awesome that there are many available storage services with a nice cost
wilornellooking at amazon glacier. Might use it to back stuff up
gholmsOnly do that once you know you're in it for the long haul.
wilornelHave you ever used it? Photos/videos I think could easily be considered to stay there for the long haul. Documents?
gazarsgoglacier is really for "write only" workloads
gazarsgoif you know you're gonna need to read it back out, use s3
gholmsACTION nods
gholmsIt's made for archives, preferably written in batches.
gholmsIf you upload a bunch of files to it one at a time you're going to have a bad time.
nezZarioSo just curious, .. how would you guys implement a single app the hosts ~500 sites that all need SSL certs? ... One big redundancy issue we've always have is we only use one amazon AZ (us-east) for our ec2 instances ... I am thinking run an app level load balancer that hits 1 of 2x nginx load balancers in 1 of 2x amazon AZ's (maybe us-east and us-west) that
nezZariothen distributes it to the appropriate app servers
steezewhat exactly is a proxy timeout? just the time the proxy will stay open?
steezeand this could time out before the server times out?
wilornelgholms: Can you upload 1000 files in one batch?
wilornelwhat kind of work would need write only?
desnudopenguinowilornel: no idea
gholmswilornel: Sure if you upload something like a tarball.
gholmsIt's best suited for archiving data for things like DR purposes.
gholmsRetrieval times are measured in hours.
gholmsBut it is sure cheap per GB
livingstnPardon this dumb question: But what does encrypted cloudtrail logs actually protect against?
gholmsAt-rest encryption
susyHi I have a client asking to stress test AWS. I would ask him for more detail if I could but at the moment I need a general idea of what stress test means?
pbeamer@susy He likely wants to understand what the limits of particular service are. It's likely that your application would fall over long before AWS depending on the service. It would really help if he could enumerate what service/s he wants to stress test?
susyIt's a client from other agency so I couldn't ask question at the moment but I think it's web hosting (I only familair with DigitalOcean). So stress testing in this context could mean recording maximum concurrent page visit/database connection etc?
pbeamerthats what I would assume
susyThank you for your help!
nezZarioI created a TCP load balancer ..
nezZarioWhy does it insist it's an internal load balancer?
hspencerhow did you create it?
nezZarioNo public IP .. I didn't see an option for internal ...
hspenceryou create it via the GUI or via CLI?
nezZarioOh I'm sorry .. tricky bastard ... it checks it for you on the GUI
nezZarioI see it now
nezZarioSorry
hspencernp