Questions tagged as ['amazon-web-services']

Amazon Web Services (AWS) delivers a set of services that together form a reliable, scalable, and inexpensive computing platform "in the cloud". If you have a question about a specific web service, consider asking on its tag, e.g., amazon-ec2.
Score: 1
mon avatar
SageMaker Studio domain creation fails due to KMS permissions
ng flag
mon

Question

Please help understand the cause and solution for the problem.

Problem

SageMaker Studio domain creation fails due to KMS permissions. The IAM Role specified to the SageMaker arn:aws:iam::316725000538:role/SageMaker has the permissions for KMS required as specified in https://docs.aws.amazon.com/sagemaker/latest/dg/api-permissions-reference.html.

Domain creation failed
Unable to create Amazo ...

Score: 0
CADENTIC avatar
inter cloud based heterogenous cluster aws and oci
ng flag

is it possible to configure apache2 in a heterogeneous cluster across 4 nodes while 2 nodes are in OCI and 2 nodes are within AWS ?

node 1 os : ubuntu 20.04 running wordpress node 2 os : ubunto 20.04 running magento node 3 os : ubuntu 20.4 running laravel application node 4 os : oracle autonomous linux zimbra

I am familiar with pacemakers but I am not sure about the inter-cloud and oracle autonomous L ...

Score: 0
mon avatar
AWS Network Firewall - How to log the blocked connections
ng flag
mon

Question

Is there a way to log the connections blocked by the AWS Network Firewall, or filter the logs of blocked connections?

Background

Currently having setup the rules, and would like to know which IP or domains have been blocked.

enter image description here

Looking at Logging network traffic from AWS Network Firewall but not clear if it is possible.

You can record flow logs and alert logs from your Network Firewall st ...

Score: 0
Old Geezer avatar
AWS Ubuntu instance keeps dropping ssh connections
us flag

My AWS LightSail Ubuntu instances used to allow my ssh clients to stay connected forever. However, a newly created Ubuntu 20.04 instance now keeps dropping the ssh connection, even though connections on the same PC to other cloud Ubuntu instances remain uninterrupted. I am unable to tell whether it is due to inactivity.

I check /etc/ssh/sshd_config and the following are all unset:

#TCPKeepAlive yes ...
Score: 0
Anuj Gakhar avatar
AWS, nginx and LetsEncrypt
br flag

I have multiple websites, running on Nginx, and I am trying to set up a load balancer, with 3-5 instances sitting under it. All these websites will need an SSL cert. I am trying to think of the best way possible.

  1. Use nginx instance as a load balancer, attach an EBS to the instance, install certbot and store the certificates on the EBS. certbot will renew and update the certs on EBS. The web server in ...
Score: 0
How do I set up Fail2Ban on an Amazon Lightsail Debian instance, when it has its own firewall?
it flag

This is a very basic question, but all the answers I can find either relate to WordPress installs or Bitnami installs. I have a plain Debian instance running Nginx.

I would like to set up Fail2Ban. The problem is that Lightsail seems to have its own firewall, configurable via the console. It isn't clear to me how Fail2Ban would work with such a firewall, and I don't want to potentially screw up  ...

Score: 0
YusufD avatar
Is it possible to alias a non aws service with AWS Route 53
cn flag

We have a domain wich is managed on AWS 53. Is it possible to create an alias record in AWS route 53 to refer to a public IP address (for instance AZURE VM public IP). So that I could use this example "azvm.domain.com" to reference to the Azure VM .

Score: 4
In AWS, can an EC2 instance be in more than one VPC at the same time?
lk flag

I think the answer is no, but I want to make sure that I'm not missing anything. Is it possible for an EC2 instance to have IP addresses in more than one VPC at the same time?

I tried creating 2 VPCs, and then two network interfaces, one in each VPC, but it seems it's not possible to attach them to the same EC2 instance because it's not possible to attach them to an instance that's not on that VP ...

Score: 1
Mike Ashelby avatar
How can I search across CloudWatch log groups on AWS?
za flag

I have a number of lambda functions which run my serverless backend. Something somewhere is misbehaving, and I need to bring up/search all the logs from a particular time — from all log groups, not just a single one, or a single stream.

Is there a good way to search across all log groups and all streams?

I have tried the console, but this insists on driving down from log groups (for lambda, these eq ...

Score: 4
ssc avatar
AWS: How to redirect many domains to a page on another domain?
us flag
ssc

My objective

I have a number of domains (e.g. 10 or 20) and I would like to redirect any visitors to anywhere on those pages to one page on another domain (for example my stackoverflow.com profile page).

This includes

  1. apex domain using http (e.g. http://mydomain01.com)
  2. apex domain using https (e.g. https://mydomain01.com)
  3. sub domains using http (e.g. http://www.mydomain01.com or http://blog.mydomain01.co ...
Score: 2
Can't open port 443 on AWS EC2 fresh instance
fr flag

I created a fresh EC2 instance, this is the setup:

Security Group

Inbound Rules

Inbound rules

IP version Type Protocol Port Range Source
IPv4 HTTP TCP 80 0.0.0.0/0
IPv6 HTTPS TCP 443 ::/0
IPv6 HTTP TCP 80 ::/0
IPv4 SSH TCP 22 0.0.0.0/0
IPv4 HTTPS TCP 443 0.0.0.0/0

Oubound rules

IP version Type Protocol Port Range Source
IPv4 All traffic All All 0.0.0.0/0

Network ACL

Inbound rules

Score: 0
potato avatar
How to do SSL termination on load balancer for HiveServer2?
us flag

I've currently set up a classic AWS loadbalancer with an SSL listener and a public certificate issued through AWS certificate manager, e.g. query.mydomain. This redirects to a HiveServer2/Thrift instance.

I'm connecting to the public endpoint using beeline like this:

beeline -u "jdbc:hive2://query.mydomain:10100/default;ssl=true" -n <username> -p <password> --verbose=true -d org.apache. ...
Score: 0
I cannot start an AWS task: CannotPullContainerError
in flag

My own image public.ecr.aws/f6q1r4v8/amazonlinuxwithshell:latest fails to start on AWS (FARGATE) in a very weird way:

Last status Stopped

Stopped reason CannotPullContainerError: inspect image has been retried 5 time(s): failed to resolve ref "public.ecr.aws/f6q1r4v8/amazonlinuxwithshell:latest": failed to do request: Head https://public.ecr.aws/v2/f6q1r4v8/amazonlinuxwithshell/manifests/latest: dial ...

Score: 0
How do I create DNS entries for private addresses on AWS?
ng flag

To do any ops work on our servers, we first need to ssh into a DMZ server with a public IP, before ssh-ing on to the app servers, with ips such as 172.16.3.239. I would rather have memorable hostnames, to do something like ssh app.staging, but I am unsure how this works on AWS. I have only setup DNS for globally accessible ips with my registrar, and since the AWS private subnet is for a private range ...

Score: 0
How can I let apache server work always on my ec2 instance?
lu flag

I am learning aws's EC2 server. I configured apache and php. I started the apache server with the command

Sudo service httpd start

But every time I stop my pc, or the next day, when I want to continue the course. I have to start again the apache server. I mean it is not on started status always.

Imagine if I have a website running on that instance, it means that users won't be able to go on to my websi ...

Score: 0
Darragh avatar
Why is AWS Route 53 / Application Load balancer resolving a multilevel subdomain
ru flag

Within AWS I terminate TLS at an Application Load Balancer. I have configured a wildcard TLS certificate with AWS' Certificate Manager (ACM), e.g. *.example.com. I have AWS Route 53 resolving *.example.com, but I have nothing for *.*.example.com as I have no need for this.

I know you can't configure wildcard certificates for multi-level domains such as *.*.example.com.

https://x.example.com is all good a ...

Score: 0
QuickBooks on Amazon Workspaces?
ph flag

I'm trying to get QuickBooks Desktop 2021 working on multiple instances of Amazon Workspaces. My end goal is for each Windows 10 Workspace to access our QuickBooks company file via a mapped drive from an Amazon EC2 instance running Windows Server 2019. I can log in to the company file if I run QuickBooks on the server, but when I log in to it on a Workspace, QuickBooks crashes with no error code. The sa ...

Score: 1
Joe B avatar
AWS pcluster fails with MasterServerWaitCondition Received FAILURE signal, iptables and chef version error
my flag

I'm trying to create an AMI for parallelcluster. I used amazon's stock AMI (ami-0436692c7b452bae4 for us-west-2, the region I am in, and alinux) and modified it slightly by adding a few packages.

However, when I run pcluster create foo --norollback I get the error:

Beginning cluster creation for cluster: stockAWS
Creating stack named: parallelcluster-stockAWS
Status: parallelcluster-stockAWS - ROLL ...
Score: 1
Sven Eppler avatar
Can an AWS Application Load Balancer mark a service as unhealthy "early"
mx flag

I try to find out, if it is possible to configure an AWS Application Load Balancer in a way, that if the backend service responds with an error status code (e.G. 503 Service Unavailable) to a regular incoming http request, that the Application Load Balancer then marks the requested backend service as "unhealthy"? Maybe even tries a different one?

I am aware of the typical health checks that AWS Applicat ...

Score: 0
On AWS, how do you set a billing alarm if you pay with credits?
it flag

Our company has a large amount of credits with which we pay our AWS bills, but I would still like to monitor the costs.

If I try to setup a billing alarm, it shows that our estimated charges are $ 0.00. How do I base the alarm on the costs, even if we pay with credits?

Score: 0
ECS Deployment Synchronisation
in flag

We have an issue where we have two separate task definitions which need to be deployed together. We need to split the task definitions since the number of containers for this service is more than 10. If one of the deployments fail we will need to roll-back the other deployment to keep the revisions in sync. Is there any best practice about this deployment method? We are using both CodeDeploy and ECS dep ...

Score: 0
Kohini avatar
How to disable partition wise disk metric in cloudwatch agent
ua flag

I have instances configured with cloudwatch agent which daily pull the config from AWS SSM parameter store. From https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/create-cloudwatch-agent-configuration-file-wizard.html

Disk metric

The default setting sends disk metric for all partitions all partitions

which aren't much of use since I'm only ever interested in disk usage/inode usage for the root(/) parition. How ca ...

Score: 0
Bo-Chang Hsu avatar
Task schedule on AWS EC2 is not working
ar flag

I setting a mission on schedule, and I choose administrator to run and setting "when loggin EC2" or "when ec2 start up", but they are doesn't work in every morning, it will close at midnight and start at 9:00 am, when I connect to EC2 in the morning, I see they are not working.

How to make it auto run?

enter image description here enter image description here

Score: 2
Adrian avatar
Initial connection (TCP handshake) takes 150 seconds first time with https only, but normal from then onwards - Apache - AWS EC2 - Route 53
in flag

I'm new to web deployment. I have this at this stack at the moment:

  1. Django
  2. Apache
  3. EC2
  4. Route 53
  5. Namecheap

When I access the website through the public IPv4, it is instantaneous.

However, when I access the web page through the domain, it takes 2 minutes and 30 seconds exactly.

This picture shows the waterfall graph

In more detail

I see that there's no problem with the DNS lookup, nor the SSL, so the  ...

Score: 0
Dylan Nicholson avatar
How to recover deregistered AMI and keep ID?
tw flag

I had deregistered some AMIs in a region I believed was not being used anywhere in the current account, and indeed AWS gave me no warning that the AMI IDs were referred to anywhere.

Unfortunately I didn't realize they'd actually been shared into another AWS User Id/account where they were being used. I found out the hard way when the auto-scaler failed to start a new instance.

I've worked out how t ...

Score: 0
Odasaku avatar
Cloudfront 502 error with ALB origin in different region
cn flag

I have a CloudFront which has one of its origins as an application load balancer, this load balancer is available in a different region from the CloudFront which is only available in N.Virginia and is using a different SSL certificate, as its domain name is different. I need to have this alb in its region and can't move it to N.Virginia as well. I am not sure why I am getting the 502 error on the CloudF ...

Score: 0
What was the reason for dns validation?
cn flag

I got a certificate from AWS and did dns validation in the process of https communication. But I'm not sure why you are doing that verification. To use the domain, I got a domain from a hosting company and registered it on route53. Isn't this process itself dns validation? I want to know the effect of dns validation, and I want to know what happens when dns validation is not done.

thank you.

Score: 3
daylyroppo3 avatar
SSL converted page is not reachable on the internet
id flag

My web page is hosted on AWS.and it was SSL converted.

I can see the page from my own computer and smartphone in my home Network and Wifi area. But from the outside (ex: access website from a smartphone outside) the page is not reachable.

So I checked the Security group and port NO.

Inbound rules are below.

Inbound rules

According a manual I reffered it seems OK, but if there is something wrong please let me know.

Score: -2
Bibek Sharma avatar
Which AWS EC2 region is the best for hosting a global site?
th flag

I'm looking for a suggestion to choose a region for a global site(Not targetted for any specific country/region). At the moment I'm looking for a simpler solution without having multiple replicas in different regions. So I'm wondering if anybody knows which AWS region is best in terms of latency all across the world? I'm also open to suggestions for tools like cloudping.info.

Thank you

Score: 0
daylyroppo3 avatar
SSL converted web system can not work with third pirty Payment service
id flag

My Web app works with a Payment service called Stripe. Stripe proceeds the payment by webhook.

I do have a Stripe webhook that is successfully caught and processed in Stripe's TEST MODE, on http local host server. http://3.129.28.206/subscriptions/webhook/

When switching to Stripe's LIVE MODE DATA, I need to SSL converted "http" to "https" So I set a Load Balancer and exposed the server over HTTPS by AWS. ...