Primer | I think it's fine if you want to bridge several private networks that all have static IPs |
gholms | ACTION nods |
gholms | Not so great for road warriors |
Primer | So yeah, creating the Cloudformer stack in a different region just fails over and over. It seems this expects stuff to pre-exist, and in this region, I have nothing setup. |
gholms | :-\ |
Primer | This stuff's been around since 2011, and it's still beta...? |
Primer | trying a different region |
Primer | Ok, finally got one up in a different region |
Chipzz | Primer: yeah, Cloud Former is a *starting point* |
Chipzz | you'll have to do some search and replace |
Chipzz | Primer: regardless on whether you're using CloudFormer or writing your own template from scratch, it's probably a good idea to split the thing up in smaller chunks |
hydrajump | in the docs why are all s3 bucket endpoint urls using HTTP and not HTTPS, eg http://s3-sa-east-1.amazonaws.com/bucket |
gholms | It's probably just a mistake. |
gholms | ...though if you use vhost-style URLs using HTTPS can present a bit of a challenge at times. |
Bejgli | in the past s3 was http only and it probably hasn't been updated |
gholms | That wouldn't be the case for a URL that contains a region name. |
tech2 | Does cloudfront pay any attention to the origin's content-length header? My first guess would be no (because it ended up caching some partial results), is there any mechanism to prevent it from doing so? |
theShirbiny | tech2: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html |
theShirbiny | doesn't look like it does |
tech2 | That's... unfortunate :( |
tech2 | Thanks |
ayogi | hi guys, i am trying to create a new launch configuration and attach it to scaling group |
ayogi | but when i try to scale the instances in elastic beanstalk it's giving following error: Updating Auto Scaling group named: awseb-e-r3fap6d8dd-stack-AWSEBAutoScalingGroup-16OW112RSXU0Y failed Reason: AutoScalingGroup's LaunchConfiguration awseb-e-r3fap6d8dd-stack-AWSEBAutoScalingLaunchConfiguration-1ADEQI5A5944O not found |
ayogi | does anyone know what could be wrong? |
Kim^J | ayogi: The launch configuration is missing. |
ayogi | but the launch configuration is there |
ayogi | Kim^J, i don't know why elasticbeanstalk is not deteching |
ayogi | i created a new launch configuration and attached it to auto scaling group |
ayogi | and deleted the old launch configuration |
ayogi | but why it would not detect the new one? |
Kim^J | Because that |
Kim^J | s not how it works. |
ayogi | Kim^J, then, what's the issue here? |
Kim^J | The beanstalk tries to set the launch configuration. |
Kim^J | Why are you trying to scale via beanstalk? Scale the group directly. |
ayogi | you mean to say increase the minimum and desired count? |
ayogi | in autoscaling group |
Kim^J | Yes |
ayogi | so what's the difference between desired and minimum |
Kim^J | If you want to do changes, then do those changes via the thing taht created the asg. |
ayogi | beanstalk created that asg |
Kim^J | ayogi: If you fall below minimum, it will start new instances right away. |
Kim^J | If you fall below desired, it will start on the next iteration according to your scaling rules. |
Kim^J | If you go above desired, it will terminate on the next iteration according to your scaling rules. |
JohnPreston72 | Morning folks :) |
ayogi | so should i increase desired or minimum? |
Kim^J | ayogi: Desired. |
ayogi | i want it to scale it to 2 instances right away, right now it's 1 only |
Kim^J | Just set desired to 2. |
JohnPreston72 | Quick question : I have an S3 bucket for which I have a policy to allow getobject to an object only via referer. I have followed the AWS doc and that works fine for the s3 hosted site. However, when I set a CF distribution in front of the hosted site (the site, not the bucket), I keep getting access denied. What is the CF referer like ? |
Kim^J | And then it takes a minute or so, then a new instance pops up. |
Kim^J | upscaling is usually faster than downscaling. |
ayogi | Kim^J, but will beanstalk be able to detect this |
ayogi | and that the autoscaling configuration has changed, and now there will be 2 instances. |
Kim^J | ayogi: Beanstalk doesn't care. |
JohnPreston72 | https://forums.aws.amazon.com/thread.jspa?threadID=86187 is this still valid ? -> CF doesnt send the referrer HTTP to S3 ? |
ayogi | Kim^J, i deployed the application in beanstalk and now it's giving the error as: Update environment operation is complete, but with errors. For more information, see troubleshooting documentation. |
ayogi | what does that mean? |
Kim^J | It means you changed the stuff beanstalk manages outside of beanstalk. |
ayogi | i changed the asg and reverted back |
ayogi | and then i deployed the existing version of application again |
ayogi | everything was working fine before i changed the asg |
ayogi | Kim^J, now even i am deploying new application it's not wokring |
ayogi | Kim^J, the more detailed message is: Incorrect application version "40a0908ac5fe3d85ef6d98775e1be65e134b22e3-app-34" (deployment 25). Expected version "40a0908ac5fe3d85ef6d98775e1be65e134b22e3-app-35" (deployment 30). |
pluszak | Can I display cloudfront on cloudwatch graph? |
pluszak | I want to compare my s3 with it's cloudfront but cloudfront is just not there |
ayogi | Kim^J, is there a solution for this? |
ayogi | does anyone know solution for: Incorrect application version "40a0908ac5fe3d85ef6d98775e1be65e134b22e3-app-34" (deployment 25). Expected version "40a0908ac5fe3d85ef6d98775e1be65e134b22e3-app-35" (deployment 30) |
ayogi | in beanstalk |
Azaril | hey |
Azaril | ive put a lambda function in a vpc and it cant ping any of the servers in the vpc |
Azaril | (ive opened up the security groups for icmp) |
Azaril | does anyone know of any additional configuration you need to do to get this to work? |
pluszak | Azaril: but it resolves the correct ip? |
Azaril | the dns lookup works to the internal ip |
Azaril | other servers in the vpc can ping the same addresses fine |
pluszak | so the security group is probably wrong |
chrisM_1 | Hello, how can get access via ssh to the RDS instane |
vlebo | chrisM_1: ypu cannot |
chrisM_1 | Well then how can I fix the too many open files error |
chrisM_1 | When my server is connecting to the RDS instance it error with to many open files and that limit is set in the linux instance |
chrisM_1 | I was doing a load test and that is when the limit happened |
Kim^J | Reboot the RDS instance. |
chrisM_1 | Yes, and then it will happen again? |
Azaril | Hmmm |
Azaril | My lambda function in my vpc is not getting an address in the vpc according to os.networkinterfaces() |
chrisM_1 | I modified the connection limit |
ayogi | Environment health has transitioned from Severe to Degraded. Incorrect application version found on all instances. Expected version .. |
Azaril | OK, apparently pings dont work from lambda for some reason |
pluszak | chrisM_1: why do you assume it's rds error? |
socket- | Hey all, I have several workspaces registrations, and I am looking for a way to create shortcut icons. Is there a way via command line that I can tell workspaces.exe to launch a specicific registration instead of having to manualy click manage registrations, and choosing one? |
new_student | Hi! Due to some mishap, while updating an environment on elastic beanstalk, a cloud formation stack got created and it got stuck at UPDATE_ROLLBACK_FAILED. After realizing the goof up, I continued the roll back and now it is in the state: UPDATE_ROLLBACK_COMPLETE |
new_student | But now whenever I try to update the environment, I keep getting the error: Environment named xxxx is in an invalid state for this operation. Must be Ready. |
zylent | give it a bit to chill |
new_student | Could someone please help me understand how can I get out of this weird state? |
zylent | has it been there long? If you have a bunch of nested changes going on it takes a while for things to settle down |
new_student | zylent, was your reply directed towards me? |
zylent | yes |
new_student | The cloudformation state was in UPDATE_ROLLBACK_FAILED since 18/04/2017 |
new_student | and I fixed the issue and resumed it about 30 mins ago |
zylent | how long has it been in rollback complete? |
new_student | It completed at 17:33 and now the time is 18:45 |
zylent | hmm... did you have a bunch of disk operations? |
new_student | None, AFAIK |
new_student | as I said, the stack has completed. |
new_student | It's state is now UPDATE_ROLLBACK_COMPLETE |
new_student | The goof up was related to LoadBalancer config |
zylent | yeah sounds like something nesting related, I'd contact support if you can |
new_student | I added a listener for tcp, 443 , removed listener for tcp, 80 and configured cert on the load balancer and didn't do all of this via the environment config. which I realized later, but was too late. Then I reverted those manual changes but not it is not giving the option to make any changes to the deployment |
new_student | What do you mean by nesting? |
zylent | are you trying to modify a resource that doesn't exist? |
new_student | No, nothing like that |
zylent | your cloudformation stacks can nest |
zylent | eg toplevel stack>shared attributes stack>service stack |
new_student | The cloudformation stack was created by aws itself. It wasn't created manually, |
new_student | Right now, all stacks are in a *_COMPLETE state |
new_student | My AWS account doesn't have technical support :( |
new_student | How long should I wait for the elastic beanstalk environment thingy to understand that the thing which was blocking it from being 'ready' is not fixed? |
new_student | s/not/now |
new_student | The funny thing is, the status is green the entire time :-/ |
new_student | There were the exact errors: https://paste.fedoraproject.org/paste/kN-RrsOQHc6mYxU1azLCAl5M1UNdIGYhyRLivL9gydE=/raw |
hydrajump | how do you stop a lambda function that seems to have gone bat shit crazy? |
General_Harambe | hydrajump: ditch the trigger, wait for timeout |
hydrajump | General_Harambe: thank you. No idea what's happening |
hydrajump | it thas used up my ses sandbox quota like a raging lunatic :P |
General_Harambe | oh dear. Amazon a incredibly short fused when it comes to SES. be careful. |
es3l3k | General_Harambe: I second that! |
General_Harambe | the obnoxious thing is that the means to calculate SES thresholds is opaque at best. |
General_Harambe | it's a percentage, over time, based on a rolling window, with some magic numbers. |
hydrajump | I'm still trying to understand what has happened |
jonjits[m] | With a cloudformation nested stack template, how do I prevent the whole thing from deleting itself if one nested stack fails and also be able to update-stack on the master template? |
General_Harambe | not nesting! Don't do it! |
jonjits[m] | General_Harambe: why? |
mjlee | I'm going to set up RDS as an external slave for some production databases running on prem, unfortunately setting up VPN/Direct Connect is not currently an option. How do I establish the external IPs for RDS to define my firewall rules? |
dtype | Anyone aware of an Amazon Echo/Alexa IRC dev channel? (kind of overlaps with aws in that it is generally handled in lambda functions, but seems more specific a topic) |
General_Harambe | jonjits[m]: the scope of a piece of state in SF is the stack. And that any nested pieces fall into that scope. If you only want to move one turtle and not every turtle between here and the world turtle, make a new, separate stack |
Mooniac | what's the maximum password length I can use for the Console log-in through a browser? |
f0ster | is there something like azure blobstore for aws? I want to stream application data for storage from my distributed app to somewhere in aws |
f0ster | but i dont want tons of small files (want to consume data with spark later) |
hydrajump | if the resource in a policy is `arn:aws:s3:::mybucket` is it correct that you can't put an object? |
hydrajump | the resource has to be `arn:aws:s3:::mybucket/*` |
sathed | Am I missing something here? Can you really not change the root volume size via CloudFormation for an Opsworks instance? |
mjlee | f0ster: S3? |
f0ster | mjlee: i dont think that works well if i understand s3 correctly.. i cant "append" to an s3 object, so i would have to write lots of little files (which i dont want to do) |
mjlee | Ah, I see |
mjlee | https://news.ycombinator.com/item?id=10746969 discusses it |
f0ster | going to look at kinesis, i havent used it so i dont know much aobut it, i figured maybe it was worth asking here |
gabbott | Can you attach an EIP to a secondary private IP using the ec2_eip module? |
toastedpenguin | any recommendations for instance types to support windows file server? |
nutzz | I have a problem with RDS. After 4-5 days after I create a RDS instance (oracle EE) when I try to connect from sql developer I get this error An error was encountered performing the requested operation: |
nutzz | IO Error: The Network Adapter could not establish the connection |
nutzz | Vendor code 17002 |
nutzz | but the database instance appears to be running |
nutzz | I am using an aws educate account |
raspado | anyone familiar with aws SES? |
raspado | We received an error ".mail.MailSendException: Failed messages: com.sun.mail.smtp.SMTPSendFailedException: 454 Throttling failure: Daily message quota exceeded." Does anyone know if SES has some sort of queue mechanism ? |
raspado | if so, we need to account for two queues, 1 queue from within SES and another queue from within our app |
en0x | of course they have quota on how many u can send a day, usually telling them to increase it is not an issue |
kgirthofer | omg kms key permissions just killed 3 days of troubleshooting |
kgirthofer | I always forget about those |
Masterphi | how do I create a read-replica postgres instance on AWS of my master DB on Google Cloud SQL (also pg)? |
f0ster | mjlee: I think I am going to use kinesis and spark .. stream shit there and periodically batch it out for backup |
khronos | Any windows experts in here? |
chainz | just ask |
khronos | Can an amazon active directory setup do multiple domain logins like virtual hosting in the Linux environment? |
chainz | not sure, haven't used directory services yet |
khronos | I have a lot of 5 to 10 user shops that would like full domain control of their machines, but I don't think each of them need duel domain controler setups to satisfy their needs. |
chainz | why do you need dual domain controllers? |
khronos | Multi az seporation. |
khronos | IF thry are not going to have a physical box at their location I need to do everything I can to have them always on if I can. |
chainz | so you create one and replicate to the other |
khronos | ads looks like it will do what I want, just am looking for a bit of direction of what the do's / don'ts are. |
malprxctice | Hey folks! Can we have both Internet Gateway and NAT Gateway attached to a single VPC? |
Tantagel | sure why not |
yiati | Is there a difference between, an integration request with a AWS Lambda Function in AWS API Gateway, versus a AWS API Gateway Trigger in a AWS Lambda Function |
Tantagel | yes they are different things |
Tantagel | yiati , they might have overlapping features or function but it's not the exact same |
yiati | Tantagel: If I want to make a simple REST API which should I go with? Seems like I'd want an API Gateway Integration Request |
Tantagel | I would use nginx + cherrypy |
Tantagel | personally |
Tantagel | API Gateway is a travesty |
yiati | Tantagel: I would like to be serverless, if you have any other serverless suggestions |
Masterphi | can i create a read replica with external master on RDS? |
gholms | DMS can do that to an extent. |
Masterphi | DMS? |
jcrawford | if anyone has any ideas on what could cause this issue and can kindly post a reply I would appreciate it. https://forums.aws.amazon.com/thread.jspa?threadID=255521&tstart=0 |
jcrawford | I am getting redirect loop on a dev beanstalk environment but it is setup exactly the same as the production environment which is working just fine |
Primer | Yes, what is this DMS |
Primer | This is one reason I'm not pursuing RDS for postgres. I require off-site replicas. |
nutzz | are there any limitations to the aws educate account. Like if I create an aws rds instance, will the up time of the instance be restricted in any way? |
Chipzz | I'm having a problem with my CloudFormation template. https://pastebin.com/HuT2B1NB . When I delete line 163 (the SecurityGroups), it works, but with that line, I'm getting the following error: "Value () for parameter groupId is invalid. The value cannot be empty" |
Chipzz | any idea what I'm doing wrong? |
catuca | If I reboot RDS with FailOver, will I experience any interruptions? Will the app not have DB access for some time? |
en0x | it usually takes a minute for the failover |
en0x | according to our tests so you will have an interruption for a minute |
catuca | ok |
catuca | Is there any way to reboot it and not have any DB interruption? We run it with Multi-AZ |
cloudbud | I m trying to describe the volumes in AWS but getting the following error in that Could not connect to the endpoint URL: "https://ec2.ap-southeast-1a.amazonaws.com/" |
djmarland | Hello. Can anyone help explain why this Cloudformation (https://github.com/hammerspacecouk/tubealert.co.uk/blob/serverless/serverless.yml#L273-L275) fails to deploy with the error "Value of property ResponseParameters must be an object with String (or simple type) properties" |
lamba | is it possible to connect two vpc vpn's (different regions) to the same customer wan ip ? I'm having trouble doing so and i seem to remember there was some limit perhaps. |
DeviaVir | djmarland: I think you're using that wrong |
DeviaVir | djmarland: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apitgateway-method-integration-integrationresponse.html |
DeviaVir | ResponseParameters: |
DeviaVir | String: String |
djmarland | DeviaVir: sorry I've changed it a few times since I first posted the question (trying to make it work) |
DeviaVir | djmarland: so you tried "method.response.header.Content-Type": "integration.response.header.Content-Type" already? |
djmarland | yep |
djmarland | I've think I've discovered the problem. serverless framework seems to turn the valid yaml into JSON like this |
djmarland | https://gist.github.com/djmarland/6cf3d44e4904eb255e1c7f8f4244ca55 |
djmarland | so it's breaking the period separated key down into a nested object. so it looks like a problem with serverless rather than cloudformation. but how to stop it from doing that... |
djmarland | I guess this might not be the right channel for that query then |
Primer | Has anyone here used any professional AWS consulting service? If so, care to recommend one? |
Primer | I have a million questions, and I'm willing to pay someone for their undivided attention, as long as they're experienced in the field. |
Primer | This Cloudformation stuff seems rather...broken |
finchd | Primer: you looking for one in your locale so they can visit in-person, or just want opinions on the APN partners? |
gholms | It certainly isn't approachable. |
Primer | I've experienced many more failures than I have successes. Even the Cloudformer failed, and this is one of Amazon's things. |
Primer | finchd: someone I can reach over the phone would suffice. |
finchd | a buddy of mine runs his own, and he's looking for clients |
Primer | finchd: I presume he has a web site? I'm willing to take a look. |
doyle | Am I doing something terrible by creating a subnet with cidr 10.10.16.64/26 ? Range 10.10.16.64-127 ?? |
finchd | classless cidrs aren't terrible, they just aren't very future-safe |
doyle | ah, the future... |
jonjits[m] | is it possible to peer vpc1(10.100.0.0/16) with vpc2(10.0.0.0/16)? |
finchd | jonjits[m]: well, is 10.100.0.1 inside 10.0.0.0/16 ? |
doyle | jonjits[m], step one in peering is to assure your cidr's don't overlap... |
finchd | ACTION forgets if 16 is 255.0.0.0 or 255.255.0.0 |
doyle | ah, yes, /8 is 10.x.x.x, so /16 will be fine |
jonjits[m] | those two cidrs overlap? |
finchd | jonjits[m]: doyle just pointed out that they don't |
gholms | ACTION recommends getting used to CIDR notation, as you're only going to see more of them |
jonjits[m] | gholms: I thought I was |
gholms | You are. ;) |
finchd | yeah, but I don't normally need more than /24 of anything, and so many customers are just using defaults |
jonjits[m] | I thought those two networks would be peerable, but I can't seem to get them talking. I peered the default vpc successfully tho |
jonjits[m] | people use /24 for vpcs or subnets? |
gholms | Yeah, they should be peerable. |
jonjits[m] | so I guess I have a routing issue since I opened up the SGs/NACLs |
finchd | did the peering create on aws-side? next thing is route tables |
gholms | If I know everything can fit in them I usually go with /20s or /24s, yeah. |
finchd | sg/nacl doesn't matter until the routes exist |
gholms | Once you have the peering connections set up you have to update routing tables. |
gholms | ACTION <-- too slow |
Primer | ROLLBACK_COMPLETE |
Primer | ACTION sighs... |
doyle | Just commit to ipv6 and go |
doyle | abandon all tech that doesn't yet support it. |
gholms | doyle: VPC does not support going without IPv4. |
doyle | aw... abandon aws |
gholms | If it did I would have already done so to the greatest extent I could. :( |
gholms | Eliminating NAT is the best thing that has ever happened to my VPCs. |
jonjits[m] | gholms: why? |
gholms | I don't have to pay attention to the divide between "public" and "private" addresses when I ignore ipv4. |
gholms | There are just addresses. |
doyle | Nice |
gholms | Oh, and not caring about subnet sizes would sure be nice. |
doyle | The subnet sizes are my battle right now |
doyle | always a pain |
hydrajump | Primer: are you looking for someone to help you create the cloudformation templates? |
Primer | Well, I'm trying to get a cloudformation template to work. I started with the cloudformer app, had it make a template from my running VPC. |
Primer | I've trimmed some stuff out of it, but...it just keeps failing. |
Primer | Lots of trial and error |
Primer | So far the failures have been because of the fact that I'm running it in a different AZ |
Primer | so having to do stuff like s/us-east-1e/us-west-2c/g |
JSeligstein | hey all. trying to run a local gamelift, but i am getting AmazonUnmarshallingException from a player session create event. am i doing something wrong here? |
jscatala | hello guys! ... i have a question about elb“s healthchecks. If i setup my elb with 10 Unhealthy threshold, 90 s interval and 60s timeout, that means that in 25 min my instance should be tagged as unhealthy? i get that by 10*(90+60)/60 = 25... but seems that only takes less than 10 minutes based on the healthinstance counter... why? where i can find that explanation? thanks in advance |
finchd | I don't think the 60 is included |
finchd | so 10*90 |
finchd | each check waits 60, but checks aren't blocking |
JSeligstein | has anyone tried gamelift local? |
finchd | don't think so. that is pretty rare what with lumberyard and all |
|aaron | trying to push a cloudwatch event from an ec2 instance using the cli and im getting "<role'is not authorized to perform: events:PutEvents" |
|aaron | <role> |
|aaron | yet the role has a custom policy attached with PutEvents permission? im lost anyone know what could be wrong there |