#aws (2024-03)
Discussion related to Amazon Web Services (AWS)
Discussion related to Amazon Web Services (AWS)
Archive: https://archive.sweetops.com/aws/
2024-03-01
I was kinda surprised to see that there wasn’t a #mysql channel, so I guess I’ll ask in here. With the upgrade to MySQL 8.0, the float/double syntax Double(M,D) is being replaced just Double. Since it doesn’t allow you to specify precision anymore, we’ve noticed some problems with this change. Does this mean the app code should handle precision now?
@Dan Miller (Cloud Posse)
I’m not the person to ask about this, sorry
All good y’all, thank you for taking a look
We’re trying to support 5.7 and 8.0 at the same time during the transition, but it doesn’t look like that’s possible
2024-03-08
What do you think of AWS/GCP certifications? Is there ANY meaning for experienced staff?
there is no right answer for this. some people find structured learning essential to grow their skillset. in regards to career growth/opportunities; it’s going to come down to the org/hiring manager and their biases. orgs that value them will require them to hold higher level positions.
2024-03-09
2024-03-10
Q regarding shared resources, eg a transit gateway. I see that the shared resources gets listed in the right place, but that names/tags are not available. besides looking at the owner is, is there a way to provide at least a name (may be different from the original) ?
@Dan Miller (Cloud Posse) @Ben Smith (Cloud Posse)
I kept hoping that AWS would fix this, but eventually gave up and ending up writing a small utility service that replicates tags, it’s purpose built so not OSS available but it was only a few days of investment…heck there probably is something out there that does this
I’ve seen this issue too. It’s quite annoying to not have the name and tags associated with the shared TGW attachment
Based on the responses in this issue, we might be able to use aws_ec2_tag
to tag the resource in the second account after-the-fact. I haven’t tried it yet, and this (closed) issue claims it doesnt work. But that’s a few years old. Might be worth trying out
Community Note
• Please vote on this issue by adding a :+1: reaction to the original issue to help the community and maintainers prioritize this request • Please do not leave “+1” or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request • If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Like #9061 but with different resource (aws_ec2_transit_gateway_vpc_attachment
):
I have a TGW in account 1:
resource "aws_ec2_transit_gateway" "the_tgw" {
amazon_side_asn = "65501"
auto_accept_shared_attachments = "enable"
default_route_table_association = "disable"
default_route_table_propagation = "disable"
description = "My TGW in account 1"
dns_support = "enable"
vpn_ecmp_support = "enable"
tags = tomap({
Name = "TGW"
})
}
And share it via RAM with account 2.
Now I create a aws_ec2_transit_gateway_vpc_attachment
in account 2 (different terraform-run) for the shared TGW:
data "aws_ec2_transit_gateway" "the_tgw" {
filter {
name = "options.amazon-side-asn"
values = ["65501"]
}
}
# <snip>create a VPC in account 2 with subnets </snip>
resource "aws_ec2_transit_gateway_vpc_attachment" "vpc_attachment_to_tgw" {
transit_gateway_id = data.aws_ec2_transit_gateway.the_tgw.id
vpc_id = ... # my vpc.ID
subnet_ids = ... # my subnet.IDs
tags =tomap({
"Name" = "TGW attachment for VPC in account 2"
})
}
Terraform CLI and Terraform AWS Provider Version
> terraform -v
Terraform v1.0.3
on windows_amd64
+ provider registry.terraform.io/hashicorp/aws v3.59.0
Affected Resource(s)
• aws_ec2_transit_gateway_vpc_attachment,
Expected Behavior
Within account 1 the TGW attachment’s tags are visible
Actual Behavior
Attachment’s tags not visible in account 1 (empty), only the tgw attachment itself.
References
• #9061
if that does work, I can imagine it wouldn’t be too difficult to pass module.this.tags
to new shared resource in the same transit gateway module (for cloud posse terraform use cases for example)
ohh man if that works I’ll be 80% relieved, 20% angry — going to add that to my TODO list. thanks
np! if it does work lmk too please! That’d be a great QoL addition to our module
I’m not holding my breath though, the issue was closed due to age not explicitly because it was no longer needed.
looks quite interesting!
2024-03-11
I’ve run into an issue creating a autoscaling group with a launch template that has an ami in another account. I’ve setup permission and tried creatigng a grant for the service account, and can create an instance from the launch template but the autoscaler always fails with
Status Reason: Instance became unhealthy while waiting for instance to be in InService state. Termination Reason: Client.InvalidKMSKey.InvalidState: The KMS key provided is in an incorrect state
where is the kms key? the asg account or the ami account? is the kms key active? what is the kms key being used for?
ami account and yes its active to encrypt EBS volumes
ok, have you created a resource policy for the kms key to allow the asg account to use it? I also think you need to create a kms grant for the autoscaling service linnked role to use the kms key
I tried that but still kept getting the same error
Hello im using elastic beanstalk and my loadbalancer is application load balancer, is there a possible way to have a static/elast IP of application balancer?
You can’t assign a static IP address to an Application Load Balancer. If your Application Load Balancer requires a static IP address, then it’s a best practice to register it behind a Network Load Balancer. The static IP address that’s assigned to a Network Load Balancer doesn’t change and provides a fixed entry point for your Application Load Balancer.
another option could be https://docs.aws.amazon.com/global-accelerator/latest/dg/about-accelerators.alb-accelerator.html
When you create an Application Load Balancer or Network Load Balancer in the AWS Management Console, you can optionally add an accelerator at the same time . Elastic Load Balancing and Global Accelerator work together to transparently add the accelerator for you. The accelerator is created in your account, with the load balancer as an endpoint. Using an accelerator provides static IP addresses and improves the availability and performance of your applications. (Learn more about accelerators by reading
2024-03-12
2024-03-14
Hello, we encounter an issue with the CloudPosse AWS backup vault module. During the destruction of a backup vault, the process trying to remove the backup vault before the recovery points, and due to this sequence, the deployment failed. Do we need to update the module to be able to remove the recovery points before the backup vault ? Thanks in advance for your help Rgds
Regarding the Cloudposse aws backup module, could we add a lifecycle in this one ? I would like adding a lifecycle depends_on a null_resource who delete the recovery points before the backup vault