dtypepbeamer: I want to see the version of the above request that devolves into actually testing AWS capacity. ;)
dtypelet's see how many objects I can put in an s3 bucket...
mehworkI downloaded the Redshift JDBC driver, but it's a .jar. How do I install it on a mac?
kaos01curious how aws goes agianst DDOS ?
cochisuccessfully. *micdrop*
cochimaybe look into AWS Shield, they got perimeter ddos defenses which are standard for managed services. there's even shield advanced (at a hefty price tag)
kaos01thanks, woder if cloud provides benefit from a ddos :)
kaos01ie. people scale up their apps to handle it
tr5adkaos01, https://www.youtube.com/watch?v=w9fSW6qMktA
kaos01nice
ayogiguys, if i increase the space of a RDS instance, will there be any downtime
ayogiwill the endpoint change, or reboot or something?
sisveThere will be reboots involved, and some downtime when the failover activates.
sisveI may be using the wrong words to describe it, but it basically takes down a machine, increases disk space, and boots up a machine again.
sisveI described a multi-az btw. It's a short downtime until all your application servers goes towards the new larger machine.
sisveA single-az would probably have a longer downtime while the data is being moved to the new larger disk.
ayogisisve: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html
sisveayogi, you will get accurate answers if you restore a backup from your running instance into something new, and do the changes to the new instance first.
ayogisays there will be no downtime if i change allocated storage parameter
puddingflapsayogi: just fyi that could take some time ;)
sisveayogi, true, you found the single action you could do to a rds without causing a downtime. ;)
kaos01once one say deletes an elastic ip, can one get back same ip ?
automaticalkaos01: very unlikely i would imagine
automaticalmight be worth opening a support case and if it's not been re-allocated already, you might be lucky - but I would work on the assumption that it's lost :(
kaos01ok, so aleays randomly generated
kaos01cool
automaticalnot sure what the algorithm is, it might just be a simple first in last out pool of addresses
kaos01just making sure, not to make the mistake :P
automatical:)
automaticalyour first one is free in any case, if you're worried about incurring additional cost
geocaris there a way to get the ELB to listen on IPv6?
geocaror is there a way to get back to ec2 classic (i don't think i'm using vpc for anything)
finchdELBs listen on IPv6 on VPCs with IPv6, I think
finchdplease don't go back to EC2 Classic, its old and terrible
geocari see it has an ipv6 address, but no ports are open
geocari don't need ipv6 on the inside of a vpc... am happy using PROXY
geocarhttp://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html
geocarand it _says_ it supports ipv6 there...
geocarbut obviously only on "ec2-classic"
Armaysshello is it possible two different gitlab registrys in dockerrun.aws.json ?
kaushalHi
kaushalI have a specific question regarding AWS RedShift Cluster. Is there a way to have restrictions for user@ipaddress at the RDS Schema Layer?
kaushalI know AWS RDS provides at the cluster layer.
kaushalAny help will be highly appreciable?
pluszakHow does EFS look in terms of latency? I'm in need of nfs to share some data with webservers. Currently I have m1.medium with standard EBS acting as a NFS server and I'm wondering should I upgrade it to modern instances or use EFS? I'm aiming for low-latency not for high through output so I'm a bit afraid of that bursting
kaushalAny clue?
Lornzerpluszak: have no numbers for you, but it feels fast
Lornzeralso its super easy to setup. you can have a new EFS share mounted in 2 min and benchmark
pluszakLornzer: Well, yes. However it's not so easy for me to test it on LIVE servers so I'm looking for general feedback
pluszakBecause I tested with fio and the results don't tell me much
ktechmidasis this the right place to ask a quick question about cloud-config? I've got a config here, but it's failing because it wants a : on line 8
ktechmidashttp://pastebin.com/q03JSvYr
ktechmidasbut line 8 is what it should be writing to a file
ktechmidasunless I've misunderstood write_files
kaushalChecking in again for my query?
kaushalHi again
kaushalreposting my question
kaushalIs there a way to have restrictions for user@ipaddress at the RDS Schema Layer? I know AWS RDS provides at the RDS Cluster layer.?
Ove_With aws s3 replication, if let's say s3 drops again in us-east-1 can we still upload/down files from the replicated bucket without intervention?
b00b00hello
b00b00little polixy question: while allow all actions to s3 buckets (action="s3:*", resource="arn:aws:s3:::*"), how can explicitely deny access to buckets, i know you may point me do the opposite(which is logical), but that case i need like allow(any) and explicitely deny some buckets from access, thanks
b00b00polixy=policy
theShirbinyb00b00: s3 policy or iam?
b00b00theShirbiny: That case i wrote policy
b00b00or if you can suggest me another way?...
b00b00To implement that task
theShirbinyyou want to enable a user or a group to access all buckets except for specific ones?
b00b00yes
theShirbinyattach another policy to the user/group saying that, and any explicit deny will override and explicit allow
b00b00allow s3:*, explicitly deny like (bucket1,bucket2,bucket3)
b00b00interesting...
b00b00i tried on same policy
b00b00so you mean like... "security layres" that aws sees it like?
theShirbinyb00b00: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
theShirbinyit'll be something like http://pastebin.com/48bSrYNS you have to change it to your case of course
urbanmonkI i have a beanstalk app and I’ve recently noiced an increase in activity .. the monitoring only allows me to select a period of 2 weeks max but I want the last few months .. is there any way to access this?
urbanmonkI want to see the rate of increase in activity
kaushalHi
kaushalIs there a way to have restrictions for user@ipaddress at the RDS Schema Layer? I know AWS RDS provides at the RDS Cluster layer.?
theShirbinykaushal: i think you can do this from the database level not aws
RobGordijnI have a RDS questions; does enabling the enhanced monitoring interrupt the sql service itself?
theShirbinyRobGordijn: interrupt as in it'll require a reboot?
RobGordijnyes, or loses/blocks connections for a short period
RobGordijnthe docs won't tell me
theShirbinyreboot no, but i don't know about the loses current connections
theShirbinyRobGordijn: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html
b00b00theShirbiny: tried now, works, thanks
theShirbinynp :)
RobGordijnthanks theShirbiny
kaushaltheShirbiny: Hi
kaushalsorry got disconnected
kaushaltheShirbiny: < theShirbiny> kaushal: i think you can do this from the database level not aws
kaushalI am using AWS RDS
kaushaland i do not have ssh access to the database
kaushaltheShirbiny: please suggest
theShirbinykaushal: normal grant privileges to user@ip on database.*
kaushalyeah i understand it
kaushali am using the AWS redshift managed services
theShirbinyAWS will only help you lock down the access to rds, not a single schema
kaushaltheShirbiny: ok
kaushaltheShirbiny: is there a way to access the database behind the AWS RDS cluster?
theShirbinydon't really know
pluszakkaushal: you don't ssh into a database, you use a db client
pluszakredshift is basically postgres so any client that supports postgres 8 supports redshift
pluszakmore or less
kaushalpluszak: ok
kaushalpluszak: please share me the docs
pluszakhttps://docs.aws.amazon.com/redshift/latest/mgmt/connecting-to-cluster.html
kaushalpluszak: so i have to refer to Connecting to Clusters From Client Tools and Code?
pluszakYep
kaushalok
kaushalpluszak: so you say connect to redshift cluster using psql command line client
pluszakthat will be fastest solution, yes
kaushaland then run grant privileges to user@ip on database.*?
pluszakNot sure about that part but probably
kaushalpluszak: is there a way to show schemas inside a postgresql database?
kaushalpsql -h examplecluster.<XXXXXXXXXXXX>.us-west-2.redshift.amazonaws.com -U masteruser -d dev -p 5439
chainzi believe it's \list ?
pluszakkaushal: information_schema.schemata
kaushalpluszak: ok
kaushalchainz: ok
chainzor something like that heh
kaushalchainz: sure
chainz\list or \l
kaushalunderstood
chainz\dt will list all tables in the current db
pluszakhttps://dba.stackexchange.com/questions/40045/how-do-i-list-all-schemas-in-postgresql
pluszakThat should close teh topic
kaushalok
chainzi like mine better :) http://dba.stackexchange.com/questions/1285/how-do-i-list-all-databases-and-tables-using-psql
cnnxis it possible to assign a reverse dns to a vpc ip address?
cnnxin ec2?
cnnxi mean my public external ip
cnnxwhere would I set that?
ayogiguys, is it possible to know what was the IP assigned to a instance in the running state, that is not being stopped
ayogiguys, is it possible to know what was the IP assigned to an instance in the running state, that is now being stopped
kaushalThanks a lot chainz and pluszak
kaushalI really appreciate your help
pluszakkaushal: so, did it work?
kaushalpluszak: i am working on it
kaushalit should work for sure
kaushalpluszak: i will ping you once i get it done or i get into issues
ayogiis it possible to get the IP history of a stopped instance?
cnnxis ticket technical support included on aws?
cnnxor do you pay for that too?
ayogicnnx: it's Unavailable under the Basic Support Plan
cnnxhow would i get it?
cnnxupgrade and pay?
ayogichange the plan, yeah
cnnxokay
cnnxis it reasonable?
ayogii don't know
richidayogi: AWS Config should have that
richidhttps://console.aws.amazon.com/config/home?region=us-east-1#/timeline/AWS::EC2::Instance/<INSTANCE_ID_HERE>
ayogirichid: so i would have to enable this ? and will this give show past config changes as well, or from now onwards?
richidGood question, and frankly I'm not sure. I've used it for a while now and don't remember if I had to explicitly enable it
richidIf it does need to be enabled I would highly suggest it for anything but trivial environments. That and CloudTrail
kcarpenterWhat's considered a high miss rate in CloudFront?
kcarpenterOne of my caches is at like 80% miss rate
kcarpenterHas been that way forever.
diarpiUsually I have 90%+ HIT rate, so I would say your MISS rate is alarming.
kcarpenterThe nature of the images in that S3 bucket - 95% of them are probably never accessed. Mostly historical. But the 5% - stuff being worked today...I would think it should hit a lot higher.
kcarpenterI just enabled logging on that distribution, maybe it'll give me some in sight
kcarpenterHell the popular objects are like 58 requests, 0 hits, 58 misses.
kcarpenterThat's weird to me.
nokiomanzHi all, I am using the waf and I have a ip block rule. I wanted to remove one of the ip from the condition and i get an error that says "Rate exceeded". So I can't remove it. Why would that be?
tgmkackea question about CloudSearch
tgmkackeI made a Api Gateway endpoint to support CORS, i try to search with the aws sdk CloudSearch client and i get the search result (I looked it up in the response body), but i get the CORS error from the aws sdk (NetwotkError) and my Webapp crashes (Angular 2)
jake__Hello all. If I have an API Gateway endpoint set up, is there a way to say to Amazon "I know the name of my resource if "Event", given that, could you please provide me the full arn"?
jake__Or will I have to hard code in the arn to my application?
cloudyMoonjake__: you could use ssm parameter store, i dont know if api gateway understands the '{{ ssm:paramiterName }}' notation but it might be somethign to check out
jake__Great, I'll take a look thanks. The 2 options I had in mine were a) hardcode it, b) put the arn in Dynamo
cloudyMooni dont know if api gateway has a thing like cloudforamtions "Ref:"
cloudyMooni keep meening to mess around with apigateway tbh
cloudyMoonit looks super cool
jake__Yeah I don't think Cloud Formation will hold the answer here. That would be great if it was all within AWS - but if a mobile application wants to call the API Gateway endpoint, it would never be updated with new roll outs of the app stack.
csmuleis there a way to add a ipv6 address to an existing ec2 instance created originally with ipv4
csmuleNM, found it under the ipv6 migration page.
sorresseanI'm using this command to publish to sns and it's not working. just wanted to try it before I went farther. anyone able to offer some advice?
sorresseanaws sns publish --phone-number "+12222222222" --message "this is a test."
sorresseanI get +12222222222 is not valid to publish to.
sorresseanbut I'm using my actual number.
Armaysshello shoud i create my elastic beanstalk environment in a vpc ?
gholmsYes.
sorresseanany tips? why wouldn't sns be able to publish to my phone number?
gholmsWhat region did you use?
Armayssgholms, could you tell me why ?
gholmsArmayss: That gives you access to all instance types.
sorresseangholms: us-east-2 (ohio). I wanted to use that for s3 and have the same user using s3 and sns.
Armayssgholms, to ec2 basic and ec2 vpc ? i dont know if i need ec2 vpc instances ?
kgirthoferArmayss: unless you specifically do NOT need a vpc instance - launch in VPC
gholmsArmayss: How old is your account?
Armaysssince auguts
Armaysskgirthofer, ok but why ?
Armayssaugust*
gholmsThen you can only use VPC. Don't worry about it. ;)
gholmssorressean: That region doesnt support SMS, at least according to the docs.
sorresseangholms: bah. didn't know that, thanks
Armaysswhat should i pu in the url of verification of the state of the application ?
sorresseanworks fine when I specify us-east-1...
Armayssput*
cnnxi added a host in route 53
cnnxthen a record
cnnxfor PTR reverse mail.mydomain.tld
cnnxbut its been hours and its still not work with TTL of 1 min
cnnxdo i need to contact support?
cnnxor did i miss something
roberthlYou are trying to set up a PTR for an EC2 IP address?
chainzshoudn't it be an MX record for a mail server?
cnnxthats defined on my registrar
cnnxim trying to setup a reverse dns
roberthlYou need to contact support https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request (not sure if that URL still works)
roberthlYou can't just create a PTR record for an AWS IP
cnnxi read the docs
cnnxsaid you can
roberthlLink?
cnnxhang on
cnnxcant find it now it was inthe context help
cnnxof route 53
roberthlWell of course you can create a PTR record in Route 53, but not for an AWS in-addr.arpa zone
cnnxok ty
cnnxroberthl: i sent the request, whats the eta on those?
gholmsThey usually get back to me within a day.
cnnxnice
kcarpenterDo S3 CORS rules have any impact on CloudFront cacheing?
csmuleAnyone migrate to ipv6? I completed all the steps, enabled on the OS but can't ping. :-/
gholmsDid you set the address on the instance itself?
csmulegholms: Yep, using action->networking?
gholmsNo, like with ifconfig.
csmuleEdited VPC ACL, security group, enabled on ubuntu. ifconfig shows the ipv6...
csmuleYeah, ifconfig shows the inet6 addr.
gholmsWhere does your default route point?
csmuleLooks like the local ip4 address
gholmsThe default v6 route...
csmulegholms: How do I list that?
gholmsip -6 route
csmulegholms: Oh there we go. Umm has a default ipv6 looking address
gholmsfe80:: followed by some hex garbage?
gholmsI guess I should've asked: does outbound traffic work? :)
csmuleYeah. :-/
gholmsOh, then it isn't a routing thing.
csmuleI created the egress only gateway and attached it to my route table. Maybe I messed that up
csmulegholms: Do you know if it's ok to have the old ipv4 igw AND the new route table rule for ipv6 to the new eigw?
gholmsI don't see why not.
gholmsHaven't tried it myself, though
gholmsOh. Derp.
gholmsYou used an egress-only gateway. Of course you won't be able to ping anything.
theShirbinyQ: is the traffic in direct connect link encrypted
roberthltheShirbiny: No
theShirbinyroberthl: even the part between the direct link facility and aws data center?
roberthlCan't say for sure what AWS do on their internal network, but I highly doubt it.
roberthlIt would be rather expensive indeed
malikeyeany way to lock rds:AddTagsToResource down to a specific VPC or subnet group?
malikeyeI can lock resource creation to the subnet group, but I have no way of knowing the ARN of the db until after it's created /shrug
cnnxhow do i fix errors like this on aws rhel ec2?
cnnxError: Package: iproute-4.4.0-3.23.amzn1.x86_64 (installed)
cnnx Requires: libdb-4.7.so()(64bit)
cnnx Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
cnnx libdb-4.7.so()(64bit)
cnnx Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
cnnx ~libdb-4.8.so()(64bit)
cnnxi get this when i type yum update
Tantahow did u get that error
Tantathe solution depends on the root cause
cnnxi cant ssh to my aws anymore
cnnxPermission denied (publickey).
cnnxwhats that mean?
roberthlWrong username or wrong private key file.
cnnxnothing changed
cnnxi had put it in a script
cnnxand i didnt touch the .pem file
Tantayou did something wrong
Tantahow can we tell you what it is when you don't know yourself
Tantahttp://linuxtoolkit.blogspot.com/2012/02/how-to-fix-broken-yum-for-centos.html
Tantayou can try these steps
csmuleSo just realized there is no way to get a public ipv6 endpoint on aws. Right?
csmulefor EC2
kgirthofer@csmule "One of the interesting things about IPv6 is that every address is internet-routable and can talk to the Internet by default. In an IPv4-only VPC, assigning a public IP address to an EC2 instance sets up 1:1 NAT (Network Address Translation) to a private address that is associated with the instance. In a VPC where IPv6 is enabled, the address associated with the instance is public. This direct association removes a ho
kgirthoferst of networking challenges, but it also means that you need another mechanism to create private subnets."
kgirthoferhttps://aws.amazon.com/blogs/aws/new-ipv6-support-for-ec2-instances-in-virtual-private-clouds/
ChadOThat's really no different than IPv4 EC2 where you have public IPs on everything. You end up having to use Security Groups to filter traffic in/out. NAT was never a security mechanism :-\
gholmscsmule: Oh, you missed my earlier answer, didn't you?
gholmsYou're using an egress-only gateway. You can't get inbound traffic through that.
csmulegholms: Yes I did.
csmuleCan I use an ingress one to get access from the internet?
gholmsSure. That'd just be a regular internet gateway.
gholmsYou probably already have one.
csmuleA support rep told me it is not possible to have a public ipv6 address accessible from the internet. Which confused me.
csmuleOh let me try then.
gholmsUh, yeah, that's completely wrong. I'm logged into one that way now.
gholmsThere is no such thing as a non-public IPv6 address in EC2. (Thank goodness.)
csmuleYeah, that's what I'm gathering, so was bewildered as to why the rep told me no go when I was trying to debug.
cochijust unreachable ones due to an EIGW ;)
csmuleYes, of course. Makes sense. Ok, trying now.
cochioh, already said. need sleep :)
csmuleSo I added a ::/0 rule pointing to my igw. Is that right? Doesn't eem to have made a difference.
ingodiddo some regions just not have a m4.large?
ingodidnot seeing it as an option in us-east-1
gholmsAre you launching into a VPC?
gholmscsmule: Yeah, that sounds right.
csmuleYes. Well, I modified an existing vpc and applied the ipv6 address, etc..
csmuledouble checking things
csmulegholms: Still getting no route to host. Could my SG be wrong? I'm just trying ssh -6 <blah>
gholmsIt's hard to say without knowing what your rules are.
gholmsIf you're allowing TCP/22 from ::/0 then that *should* be enough to cover that.
csmuleIt just wasn't working from my macbook for some reason. I tried a centos7 in the data center and it worked! Jeesh, and I just told the devs that amazon said they don't support this. Guess I got a dud rep.
ingodidsry, wrong virtualization settings, found it
csmuleThanks for all the help!
Santiago_Hi. I'm trying to understand how deletes work in Redshift. Blocks are immutable, so does marking a row for deletion mean the entire block has to be rewritten?
gholmscsmule: Nice!
gholmsSantiago_: Given that the docs talk about marking rows for deletion, I'd guess that it rewrites the block when you vacuum the table.
celyrHi
celyrhas someone used Workspaces ?
mazulaHi ! what is the best database to do that ? http://datachart.info/photo/chartjs.png
gholmscelyr: I suggest just asking your real question.
gholmsmazula: To do what?
mazulaAnalytics by week or month
mazulagholms I want to create a dashbord where I can find the number of item sold, revenue by week or month
TantaI would use SQLite
rhqq1hi. any way to make RDS notice changes in parameters_group ?
rhqq1because i made changes once, "maintenance" status changed to available, i pushed it through. but then i made more changes and that "maintenance" status no longer appears
rhqq1anyone?
cloudyMoonsorry rhqq1
cloudyMooni have no answer for you :(
rhqq1ok, i just noticed weird thing, params were applied with no restart
doyleHey. Is lambda suitable for processing kinesis streams for sub 100ms real time apps?
doyleI know there's a 5 reads per second limitation per stream. I'm wondering if there's a way around that...
roberthlLambda polls Kinesis Streams once per second once it has reached the last record in the stream, so that would put a lower bound on peak performance
roberthli.e. You could be waiting up to 1000ms for a record to be seen.
lambacan cloudtrial or similar show me permission denied reasons for users ?
lambathe number of times i run into a credential not working with a generic 'youre missing some permission' and then not telling me which is crazy