pointIs there a way to ignore error codes on an elastic beanstalk ebextension? I'm trying to kill and restart a collectd process through 'killall collectd; collectdmon -c collectd' like in this tutorial http://engineering.thinknear.com/blog/2014/10/21/monitoring-beanstalk-with-collectd/
pointHowever, this fails if collectd is not running already like in a newly spawned server, killall returns a nonzero exit code since no processes matched 'collectd'
JSeligsteinhey all. has anyone in here successfully built a unity project with any aws sdk (maybe specifically gamelift) ?
chatter29hey guys
chatter29allah is doing
chatter29sun is not doing allah is doing
chatter29to accept Islam say that i bear witness that there is no deity worthy of worship except Allah and Muhammad peace be upon him is his slave and messenger
ayogiHi Guys, does anyone know here how cloudfront works internally and what is the tech behind it, how it has been build and what are main challenges of cloudfronts?
Wulfayogi: are you asking which software they're using?
ayogiWulf, yeah how does that work, what are the main challenges for providing cloudfront service?
OrbixxI
OrbixxI'm trying to use DynamoDB with Python as a means of storing dict objects
OrbixxWhenever I try to store an object, it throws an unhashable type 'dict' exception
ayogiWulf, the DNS does the logic, of providing the IP to client which is nearest to him, and to minimize the latency?
ayogiso the main component is the DNS, which identifies the nearest edge location based on the source IP of the request?
ayogiWulf, wha
ayogiWulf, you there?
Wulfayogi: yes, they use DNS and/or anycast routing to select nearest cache
ayogiWulf, how does DNS compute the nearest edge location is it hard coded, or computed dynamically when the request arrives?
Wulfayogi: Don't know what they do, but both would be possible
ayogiWulf, what's the logic to compute nearest edge, in general
ayogiand how does anycast routing help here?
cochithere's geolocation databases or latency databases. even some free ones (i guess they built their own though)
bhughesroute53 has both
bhugheshttp://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html
cochisure, was talking about the "how" :)
ayogiand how does anycast routing help in serving the content from nearest edge location
ayogicochi, is the DNS the main piece of the puzzle that does the magic, and also the regional caches
poppahorseanyone have any issues with an application load balancer and port 3306?
poppahorsemy database instance is fine if I connect to it with its actual IP, but if I connect via the load balancer dns I get connection refused
poppahorseI have a listener setup, pointing it to a target group
poppahorsei have the ALB working on port 80 with other services
ayogipoppahorse, i think you can not login inside the instance using the ALB end point
poppahorseoh, any idea why?
pluszakpoppahorse: ALB only supports HTTP and HTTPS
pluszakhow did you set up a listener for MySQL then?
poppahorsewell, I setup on that port, i did wonder about only http / https
ayogidon't know much, but ALB could resolve to any ip, and i am not sure if it maintains the state that could enable connection to a particular instance
ayogipluszak, am i right on this ^^
ayogilike connecting over ssh'
pluszakayogi: classic LB does maintain the connection, I wouldn't recommend using it when you need 100% uptime but I do route ssh over LB and it works
poppahorsei just really wanted to setup a hostname for the database container (that could be on potentially multiple instances)
pluszakpoppahorse: why not use RDS?
poppahorseI had a quick look and they didnt seem to have mariadb
poppahorsealthough looking now maybe I was wrong
pluszakthere is mariadb
pluszakand aurora that's based on mysql
ayogipluszak, then how do we know inside which instance we logged in, and suppose i logout and login again, then whatever i did before may not be there, as i could land into some other instance
poppahorsethx pluszak, i will check it out :)
pluszakayogi: oh, that's what you meant, I thought you meant persistent connection
pluszakWell, I think if you want to connect to certain instance you'd rather connect thru public ip or bastion
ayogipluszak, what is persistent connection?
pluszaka connection you keep open when you're not currently using it
ayogipluszak, but what a load balancer has to do with it?
pluszakayogi: well, LBs are mainly used to route http, so it's interesting if it can route a connection for several hours or days
pluszakEither way, it's getting confusing
pluszakI have a question regarding CloudFront. I have CF that's set to use cache-controls from origin but origin doesn't set cache-controls. How long will CF cache objects for?
ayogipluszak, okay so is it like with persistent connection, a load balancer will route the request to a particular instance, until the timeout?
pluszakayogi: what timeout?
ayogipluszak, persistent timeout
ayogitimeout for how long it will keep open
pluszakThat's probably will be infinity. But you must configure keep-alive correctly cause ELB drops connections that are inactive for...umm..a minute I think
poppahorsepluszak: ok yeah rds is much better, feel like an idiot for not using this sooner xD
ayogipluszak, is this to maintain session across instances ?
ayogipersistent connections are required to maintain the sessions?
pluszakayogi: no, for that you'd want to turn on stickiness on ELB, ELB can route the client to the same instance each time
pluszakBesides, you should keep your sessions in memcached or db
ayogithen what do you mean by, 'if it can route a connection for several hours or days'
pluszakWell, like, can I put an irc server behind LB and connect to it without connection being dropped every few seconds
ayogipluszak, okay but it has nothing to do with request being forwarded to the same ip? LB could forward request to any instance, with persistent connection ?
pluszakno it doesn't
ayogithe end hosts will also have to maintain the connection, so it will forward it to the same instance?
cloudbudMy script is failing
cloudbudhttps://pastebin.com/1qXveJa0
cloudbudTraceback (most recent call last): File "./monitor_vpn.py", line 23, in <module> vpns = vpcconn.get_all_vpn_connections() AttributeError: 'NoneType' object has no attribute 'get_all_vpn_connections'
cloudbudI m referring to this blog
cloudbudhttps://s3.amazonaws.com/reinvent-arc401/scripts/monitor_vpn_instructions.txt
pluszakcloudbud: have you checked the docs for that function?
pluszakthe one that returns vpcconn?
cloudbudpluszak: No need to make this happen can you help
pluszakcloudbud: I just did
cloudbudpluszak : can you tell me where I am wrong
cloudbudneed tto monitor the vpn tunnels
cloudbudpluszak : i takes all vpns in list
cloudbudbut what i have to change in script
pluszakcloudbud: and you have checked the docs for boto?
cloudbudpluszak : no im not a developer
cloudbudso hardly understand this
pluszakwhat are you then? I'd expect this level of debugging from an admin
pluszakin short, typo in AWS_REGION/AWS_REGIONS
cloudbudpluszak : no
cloudbudhttps://pastebin.com/U0gYTiVK
cloudbudsee my script still getting error
pluszakOkay, and what do the docs says about none?
cloudbudI executed this script exactly
cloudbudit workd fine
cloudbudhttps://s3.amazonaws.com/reinvent-arc401/scripts/monitor_vpn_instructions.txt
cloudbudbut whyy should i use all regions in aws_regions
massover2I am using amazon ses to trigger a lambda function after the email is stored to s3. It looks like the lambda function gets triggered 3 times per s3 put event. is there a way to fix this?
pluszakcloudbud: You have to check when boto returns none and then print out the value of that variable to debug it
codecyo, is there any data on rough availability for RDS (aurora, mysql, postgres)?
codeccurrently evaluating which service we want to use. aurora is a big plus regards availability and IAM, but its not available in eu-central :(
General_Harambeuhh, GA for a service in a new region is generally announced in a real quiet manner.
hydrajumpI want to give a 3rd-party service access to an AWS account with very limited permissions to put objects in an S3 bucket
hydrajumpInstead of creating an IAM role with limited permissions and providing an AWS access key and secret IIRC there's a better way using temp creds
hydrajumpbut I can't recall is it STS?
General_Harambecorrect.
General_Harambebut in order to get creds from STS you have to auth as another IAM user/role. So if they don't have their own account or another means of doing federated auth, uhhh, you'll need an IAM user.
General_Harambeyou can set policies on users to enforce 2FA and the likes.
hydrajumpok it seems the only option they provide is long lived access creds :(
hydrajumpI'll just create a dedicated iam user for this
General_Harambejust mandate 2FA and a password policy.
tech2Is there any plan to have S3 http-style access support the Accept or ETag header?
devnull84hey chaps!
flyinghi when I change a parameter in the db parameter group in a RDS instance , will it take the change automatically?
flyingor do I need to restart the instance?
General_Harambeit won't take it automatically, sadly
devnull84flying: not entirely sure but when ever we do make a param change we schedule it for reboot
devnull84hey General_Harambe :)
flyinghow can I restart a RDS instance?
General_Harambedevnull84: sup
devnull84select it - > actions
devnull84maybe some one can help me understand something regarding a webapp.jar
devnull84im fronting it with ELB with an ACM assinged cert
devnull84but when i make the call to ELB , i get weird behavoiur does redirect go to HTTPS
devnull84even if i can it https://myapp.com
devnull84call*
devnull84now the webapp runs in tomcat servlet in the jar
devnull84do i need to tell the tomcat servlet to do anything
General_Harambedevnull84: nope, what's your ELB listener in? HTTPS:HTTP?
devnull84or perhaps im having browser issues
devnull84https > http (80)
devnull84so when i make the https request
General_Harambeopenssl s_client time!
devnull84it sometimes redirects to non-http
devnull84://
devnull84im wondering if the cookie has anything to do with it
General_Harambeyou have an ELB sticky cookie?
devnull84no stickiness is off on the elb
devnull84externalised our sessions
devnull84have you seen this cookie fields: Path=/; Secure; HttpOnly
devnull84the service im working with only has: Path=/; HttpOnly
devnull84im wondering if the tomcat serverlet class needs to be specific
devnull84and yes my own lead developer couldnt answer my question
devnull84sigh !
devnull84its just random behaviour , as it works now and then when serving https
devnull84"trying to"
devnull84if this makes sense :) hehehe
tuxlofWhat's a good version control strategy for docker-compose files to run the application in ECS and local development. The application runs in multiple environments as well.
tuxlofthe one in here: https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Development_Pipeline_Best_Practices_Using_Docker_EE#Environment_Topologies I'm not really digging
bpr_adminI'm trying to sysprep an Win2012R2 (Server core) for Elastic Beanstalk use, and I used the command "ec2config.exe -sysprep" however, that does not seem to work for server core windows. Wht are my alternatives?
tuxlofI'm thinking of creating one infrastructure repository containing all the docker compose files for every application and environment, but without the source code. Then include a build and run dev environment compose file with the source code
flyingis it possible to login in the RDS instance using SSH?
General_Harambehell no
General_Harambeif you manage to pull that off, Amazon's SOC would like to hear from you
bpr_admineven if someone could point me towards the documentation about server core and elastic beanstalk cutoms images and doing sysprep, that would be helpful too
fission6is aws down or experiencing issues?
fission6i can't ssh into my ec2?
General_Harambefission6: uhh, what region? what does twitter say?
fission6in the last 20 min we got a notification from our load balancer that things appear down and can't get a response
fission6we only have 1 instance under it
fission6its us-west-2c
General_Harambehint: AZs are misleading. they randomise the AZs across customers to stop DC thundering herds
fission6does it help to reboot instances on the LB
General_Harambe... you can't reboot load balancers, you mean, reboot your EC2 instances? might wnat to find out why they went missing?
fission6i got this UnHealthyHostCount
fission6from my LB cloud watch
fission6in a tiny panic mode as this is a live production site so thanks for your help General_Harambe
bpr_adminIs packer required to create a custom Elastic Beanstalk platform?
fission6this is bad, can anyone help?
devnull84fission6: i had the same issue today in eu-west-1
fission6really!?
fission6devnull84 what happened, what did you do?
devnull84https://status.aws.amazon.com/
devnull84got a single instance behind elb like you and got unhealthy host warning
devnull84cleared itself
devnull84underlying issue i would assume
devnull84unfortunately nothing showing on the status pages
devnull84i would check-in with their twitter page
Raptureanybody know how to get more info from runtask? Just says Run tasks failed Reasons: Attribute
fission6devnull84 so your issue just went away
devnull84false alarm on my side
fission6what do you mean? you didn't experience a similar issue?
devnull84turns out one of my engineers are really stupid at times
devnull84the alarm was a false positive
devnull84sorry fission6
devnull84:/
devnull84i was just double checking before i send you on a goose chase
fission6ok
nacellepanic cripples the smartest of minds
devnull84OMG screen is really irratating to use
devnull84grrr
General_Harambetmux!
tech2devnull84: use tmux, then it's ctrl-b ;)
devnull84ye going to
devnull84screen wont even let me know that i have permissions issues
devnull84lol
devnull84>.<
General_Harambeunbind C-b \n set -g prefix C-a
General_Harambein ~/.tmux.conf ... you're welcome.
tech2General_Harambe: sure, because ctrl-b is such a useful combo otherwise... no, wait, that's ctrl-a for beginning-of-line.
General_Harambetech2: I know someone that rebinds tmux to C-z.
nacelledevnull84: fwiw, after two decades of using screen, I find tmux hard to use
nacelletmux doesnt quite do everything screen does, and screen doesnt do everything tmux does
nacelle(hard is relative, I can drive it... its just never doing what I want in the end in stock form and I have to twiddle, because I basically want it to act like screen in teh end)
bpr_adminI'm trying to sysprep an Win2012R2 (Server core) for acustom Elastic Beanstalk platform, and I used the command "ec2config.exe -sysprep" however, that does not seem to work for server core windows. What are my alternatives?
andrewSChi all
andrewSCJust so I have this straight in my head, when I create a route table and the destination is the subnet for the vpc (172.16.0.0/16) and target is local. If I have an ec2 instance on 172.16.1.100 (subnet 172.16.1.0/24) and create another instance (172.16.55.3) on say 172.16.55.0/24, the route table, when assigned to those two subnets would allow communication between them?
General_HarambeandrewSC: sounds... about right.. for as long as you don't have any other crazy rules
andrewSCright right
andrewSCthe real problem I'm trying to solve is how to expose one subnet to n number of other subnets (all within the 172.16.0.0/16 space) but only a couple of IPs/instances from the one subnet I'm exposing?
andrewSConly a couple of instances from that one subnet I'm exposing should be accessible to all other subnets
andrewSCand subnets should not be implicitly be able to speak with each other
andrewSCor is this where ACLs would come into play?
General_HarambeNACLs are for in/out of the VPC as a whole.
bpr_adminhow is there 550+ attendees to this channel, yet none can answer Elastic Beanstalk questions?
hydrajumpbpr_admin: you can always file a support ticket with AWS
bpr_adminSupport ticks go from none(free) to Basic ($10,000+) in one step, there's no way our org can afford that support agreement.
hydrajumpWhen an object is created in an S3 bucket am I right that SNS can only be used to send an email notification that a new object is created, but it can't send a link or the object itself as an email attachment?
hydrajumpbpr_admin: What? Unless something has changed that's not what I've experienced
bpr_adminah, it looks like it is different from the last time I checked... I should look into this now.
bpr_adminbut seriously, the answer to this question, should be easily found in documentation, it's pretty core to ec2 functionality
Time-WarpAMAZON POPUP LOFT SAN FRANCISCO A/I SESSIONS
Time-Warp1446 mission st
tech2Is there a way to do a cache flush from CloudFront based on time, rather than URL, that is, cull all entries added since time X?
bpr_adminIs packer required to create a custom Elastic Beanstalk platform?
andrewSCIf I have a VPC with the subnet 172.16.0.0/16 then I start creating subnets like 172.16.{1...20}.0/24, how do I keep them from talking to each other? Because that route table associated with each one will always have the 172.16.0.0/16|local entry..
questionnaierCould I have only internal load balancer, having a domain in Route53 that routes to the internal ELB?
questionnaieris more secure?
questionnaierI don't want to expose the elb dns
doyleDoes anyone know of a recent article that outlines best practices for environment setups in AWS? With aws organizations and role switching being introduced, I'm hoping there's one that clearly says 'separate aws account per environment'.
Time-Warpmy amazing floating power adapter at AWS
Time-Warphttp://imgur.com/a/GJHDx
Time-Warphttp://imgur.com/a/8dy8Y
gabbottIs there a way to allocate a new elastic ip and associate it with a specific private IP in an ENI preferably using ansible.
gabbottI've tried the following: https://pastebin.com/Au0Dbje3
gabbottIt just returns the EIP of the main private IP.
borodinanybody know how to get a TargetGroupArn if you know the load balancer name or arn? using Ruby SDKV2 ...
hydrajumpis looking at an aws account's billing section the quickest and most reliable way to determine if any services are used in that account?
Time-Warphttp://bit.ly/2qOxFCj
andrewSChow do i make creating and configuring ec2 instances stupid simple?
andrewSCi know I'm painting with some broad strokes here but any direction is better than none at this point...
andrewSCIs there self-service tooling I can enable/use? I was looking at opsworks yesterday and it seemed pretty promising
kgirthofer@andrewSC what are you trying to accomplish?
kgirthoferyou could look into configuration management, docker, lightsail, ami's, etc
andrewSCI want to be able to have people that aren't me go and start their own instances without having to worry about networking, storage and processing requirements
andrewSClightsail is almost what I'm thinking
AvivHey - Let's say I have a domain called example.com that resolves to 8.8.8.8 I want example.com to resolve to Elastic IP in AWS, and the Elastic IP in AWS will forward all traffic coming into it, to 8.8.8.8. Some kind of hidding my IP address. Is there a way to do it with a build-in service in AWS? Couldn't find it in Route53
andrewSCkgirthofer: is there a way to monitor AWS lightsail instances from the console?
kgirthoferit has a different console
andrewSCguh
andrewSCkk
kgirthoferbut do you mean for you as an admin on the back end
andrewSCyes
kgirthoferwhat are you trying to monitor
andrewSClike resource monitoring, usage stuff etc
kgirthofer@Aviv you're looking for a loadbalancer
kgirthoferELB
kgirthoferyou'll point your A record to the ELB alias
kgirthoferand then point the ELB to your servers
andrewSCbasically I want to see all lightsail instances, who owns them, and if they should be pruned/removd
kgirthoferhmm I'm not sure if that is possible or not
kgirthoferI haven't played much in there
andrewSCgotcha gotcha, kk np
andrewSCbasically I'm just trying to setup something so simple a kid could use it.
Avivkgirthofer, sweet, thanks!
cochikgirthofer, sorry - nope. cannot point A to an ELB, just a CName
cochi(which usually is not an issue, except for the domain apex)
kgirthofer"point your A record to the ELB alias"
cochihm, k. bit ambiguous, but you're right.
cochii'll just drink some tea before the next comment, k ;)
kgirthoferhttp://i.imgur.com/VM1YgzZ.png
kgirthofernot ambiguous! lol very direct.
cochiyeah i just read the "ELB alias" as in "the hostname", that's where i took the wrong turn :)
kgirthoferit's improper to point your route53 cnames at a elb - that's a bad habit
cochiif you use route53. sadly a lot of our customers.. don't :(
hydrajumpandrewSC: if it's for a kid then lightsail definitely sounds like the right choice over EC2
andrewSCyeah
kgirthoferyuck bummer
hydrajumplimited config options, way easier console
andrewSCI'm trying to figure out how to expose some technologies to a lightsail instance i.e. vpc peering
kgirthoferyou can't do that
andrewSC:(
kgirthoferlightsail - while technically is running in your AWS account - is hidden and I don't think there are easy ways to bridge them
kgirthoferif you need control like that you'll wanna find anotherw ay
kgirthoferjust make a jenkins job
andrewSClol
kgirthoferthat only allows users to select a small subset of options
hydrajumpbut I believe you can use vpc peering with lightsail
kgirthoferand pushes out a new build
kgirthofer@hydrajump could be right - I'm just assuming they won't let you do that - I could be wrong
cochiwell. you can actually peer the lightsail vpc with the default vpc ;)
hydrajumphttps://lightsail.aws.amazon.com/ls/docs/how-to/article/lightsail-how-to-set-up-vpc-peering-with-aws-resources
hydrajumphttps://lightsail.aws.amazon.com/ls/docs/overview/article/using-lightsail-with-other-aws-services
kgirthofernice!
hydrajumpis there some clever way I can determine any services etc that have been enabled/used in an aws account?
andrewSCnice indeed
hydrajumpI've been given a very messy aws account to figure out
hydrajumpCurrently I'm going through each region in the console and looking at each service etc making a list. Very tedious
hydrajumpI'm using the billing report to help where to look
andrewSCthis is all pretty interesting stuff
hydrajumpNo docs nothing on how this account was setup. All point and click in console rather than infra as code
andrewSCso now that I have a peering connection, I can actually use the technologies i have in my vpc on my lightsail instance without exposing those technologies to the public internet
Time-Warphttps://s3.amazonaws.com/sfloftrekognitionmay09/ImageScanner.py
hydrajumpas far as I can see AWS doesn't provide a tool or overview in the console what has been created in an account since it was created
jscatalahello guys! i´m trying to set up a failover with health check on route53. the problem is that my healthcheck is hitting the domain name. Sooooo, route53 does not allow me to use that healthcheck for the same route53 domain...
joostherecluseHopefully there's some aws network savvy folks here. I was just asked a question i wasnt expecting. Does AWS VPN gateway honors class of service markings (DiffServ/TOS) in the packets. Will the VPN "affect" those markings in the packet in any way as it passes through the VPN?
ericzhillAre docs broken below the CloudFront service for anyone else? http://docs.aws.amazon.com/sdk-for-go/api/
hydrajumpyep
cochibroken starting at cloudsearch apparently
cochimaybe they're rerendering right now?
ericzhillI'll give it a bit and try it again.
jwitkoHi can someone please help me with a S3 bucket policy issue? The simulator says it should be working fine but I'm getting permission denied. User policy and error can be found here: https://pastebin.com/raw/RefXKzJc
ericzhilljwitko: that policy looks good. There's a forum post regarding a buggy client. Maybe that's your problem? https://forums.aws.amazon.com/thread.jspa?threadID=173124
jwitkohm... ericzhill that thread doesn't include the "bad" version
jwitkoI'm using the latest provided by pip
jwitkoaws-cli/1.11.63 Python/2.7.5 Linux/3.10.0-514.10.2.el7.x86_64 botocore/1.5.26
ericzhilljwitko, not saying the client is your problem though. Those policies are very finnicky beasts. But on glance yours looks really good.
jwitkothe Simulator says it should run just fine
jwitkothis is so aggravating
ericzhillPull the Sids one at a time (starting with AllowUserToSeeOwnBucketListInTheConsole) and see how the behavior changes.
ericzhillConversely, add access sid by sid until it works, then revoke.
ericzhillI've fought that myself quite a lot.
cochiwhy dont you limit the permissions via arn but via prefix? wouldnt arn:aws:s3:::throte-data/FourSquare/* work?
cochiah you're following that aws blogpost :)
jwitkolol just following what I thought was best recommended practices
jwitkohappy to change it to anything that will work
cochiwell as ericzhill said. tricky stuff. i always feel like blindly poking around myself
ericzhillI'm going to try and target a session or two at this years re:invent discussing this very thing. Policies are a black art, and not documented very well.
cochiWell there's that Policy Ninja talk every year. But it also a bit incomplete.
cochiAnd i honestly believe, that you cannot master policies in their entirety, even if you do nothing else
ericzhillMust have missed that one last year. I'll check it out.
hydrajumpso it seems that the only way to send an email nofitication with an S3 object that's created is S3+lambda+ses
jwitkoholy shit
jwitkothis makes no sense at all
jwitkoi've never been so frustrated
jwitkoericzhill, cochi , not sure if you're up for taking another look but I got the policy to list bucket contents but its still failing on PutObject. Here is a new pastebin showing the working ls, the error cp, and the policy. https://pastebin.com/raw/BDnT92jB
ericzhilljwitke: Why do you have the s3:delimiter stanza in the ACE? I don't know that I've ever used it. Does removing it change anything?
jwitkoericzhill, i got it from some examples online. it changes nothing
cochibecause / is the default anyway
ericzhilljwitke: Random thoughts: the Resource would be the bucket, and the condition would have the prefix. I wouldn't mix a resource with a /* at the end AND conditions, just to keep things clear.
cochitbh it looks like it could work (but does not clearly). I don't really know wha the s3:prefix stuff would be necessary anyway, as it's easily replacable by including it in the Resource ARN. Would have to poke around, I am afraid. Nothing jumps out
ericzhilljwitke: I would simplify the policy down to a single ACE (AllowAllS3AllActionsInUserFolder) for testing, to make sure another ACE isn't denying the request.
jwitkolol this is hilarious, now I can't 'ls' the bucket anymore and I havent changed anything in the policy that would touch that
ericzhilljwitke: Lastly, I would locate a rubber chicken and sacrifice it to the AWS gods. Hallowed be thy name.
hydrajumplol only works with peruvian chickens
Time-Warpdo you really want random chickens lost in the cloud
jwitkoericzhill, cochi , rebuilt the policy from scratch. got it working now.
cochihey, nice one :)
cochicare to share how it's looking now?
jwitkomuch simpler now.
jwitkosure
ericzhill👍
jwitkohttps://pastebin.com/raw/5AA9DtMx
jwitkoignore the bad spacing on two of the lines with "", "/",
ericzhillThat is significantly simpler! :)
jwitkothe prefix usage is actually pretty cool as opposed to specifying the path in the ARN because I can lock them out of other dirs inside those prefixes
jwitkowhile still allowing them to navigate the bucket lists
jwitkoanyway, thanks for all the attempts at help
jwitkoand the suggestions
whitenoisequestion: has anyone in here ever used opsworks for on-prem (vcenter) hosts?
whitenoisei'm wondering if the cloudwatch metrics pick up for on-prem instances as well, and if so how that information travels
cochijwitko: I see. Much better :)
cochiwhitenoise: we have a project with a standalone on-prem host. I don't think it'll submit many metrics though, I believe my colleage faked some webserver on 169.254.169.254 to get it to connect. I would ask, but he's offline
JordiGHI tried doing a CloudFormation deploy and I made some kind of mistake and now it's been spending over an hour rolling back and failing in a bunch of ways as it rolls back.
JordiGHDo I have to wait until it finishes before I try again?
albertojimenezstart another stack with a new name
cochiand generally: yes. working with cloudformation is tedious if you hit a snag and wait for stuff
keltimyeah I hate it
JordiGHalbertojimenez: But I kind of like this name.
JordiGHI wonder why it's taking so long to delete.
JordiGHOh, finally, ROLLBACK_FAILED
JordiGHOkay?
cochidepends on the stack. some resources really take a long time. particularly nasty is stuff like custom lambda resources with some syntax error :|
JordiGHNow let's delete the stack and start over again.
cochiit should ask you if to skip certain resources which failed
JordiGHI got "Requested storage size (100) cannot be less then the current storage size (200)"
JordiGHHuh? Why is there a current storage size if I'm *creating* a stack?
albertojimenezthe ami instance disk size (sounds like)
cochiFor an update that would make sense. But for a new one?
cochiAh, that makes sense. thanks
JordiGHalbertojimenez: Aha, I see.
bpr_adminIs packer required to create a custom Elastic Beanstalk platform?
keenno, any AMI creation process can be used if you want
notdanielthough packer is a great tool that's easy to use, and all the documentation and examples seem to assume packer
notdaniel(i too am attempting to get a proper custom EB platform working)
cochiWell, the new custom platform feature of EB uses packer as well.
cochioh. concerning the "only way to send mails about new s3 events" statement from before - now you have a different way :P CloudTrail with S3 data events -> CloudWatch Logs -> SNS alert
cochi@hydrajump and -2.5 hours
cochihttps://aws.amazon.com/about-aws/whats-new/2017/05/aws-cloudtrail-adds-data-event-delivery-to-amazon-cloudwatch-logs/
notdanielcochi is packer the only way you can build one though? that's what bpr_admin was asking. i use packer anyway and want to use it for this since it's how they recommend
notdanielthere's already very little resources on custom eb platforms as it is
randomguyIm doing a 301 redirect to a new domainname from an app i had previously on heroku. Can i handle it just pointing old domainname to a s3 bucket and redirect that one to my new domainname? Or do i need to have the actual content i had on my previous app available online for the 301?
Tantagel301 = webserver return
Tantagelyou can do it without any hosting at all
Tantageljust need nginx or similar control
Tantagelof course if you're asking this question in ##aws it's clear you can't process that response or figure it out who who knows
TantagelACTION shrugs
randomguyIm a beginner :D
Tantagelgoogle 301 redirect then
Tantagelor 301 redirect heroku
randomguyCan i 301 redirect something that has already been redirected from elsewhere?
TantagelI'm done helping you
randomguyThanks for the help, have a nice day
GazoooTantagel: you should be able to redirect on your DNS if you need an easy solution
Tantagelperhaps
Tantagel301 redirect != DNS
Tantagelthat's the query posed
Tantagelyou can't read either
Tantageljesus
Gazooooops, meant to mention it to him anyway
Tantagelwhat youre referring to is a CNAME alias and it's the better way to do it, IMO
Tantagelbut that still requires webserver coordination on the alias destination
Tantagelfor a host header entry or similar
Gazooowell I just kinda decrypted what he needs, he wants to go from olddomain.com to newdomain.com
Gazoooif it's not as simple as that, then he'll need other solutions
Gazooobut, yeh, if you want a true 301 you're going to need some kind of web server running as it's an HTTP status code
randomguyCan i handle it in Rack and just point both domainnames to the same server? And then do the 301 in the applicationlayer/rack?
Gazooodepends on the setup but sure
randomguyIt's a rails app and im using elasticbeanstalk
Gazooobut, again, if I understand your requirement your domain name service may be able to take care of this pretty easy for you
randomguyDon't seem like it, i use route 53
randomguyBut that sounds great then, i thought i needed to have two different endpoints, one for old and one for new
randomguyThanks for the help!
GazoooI'm like 99% sure it can be done in amazon
Gazooohttps://aws.amazon.com/premiumsupport/knowledge-center/redirect-domain-route-53/
Gazooogood luck
randomguyYeah, using s3 was one of the alternatives i was thinking of. But i was not sure if i had to have my old page still up to be able to get the SEO transfered
randomguyThanks man, appreciate the help
randomguyhave a nice day
hydrajumpcochi: hehe thanks :P