#aws (2019-03)

aws Discussion related to Amazon Web Services (AWS)

aws Discussion related to Amazon Web Services (AWS) Archive: https://archive.sweetops.com/aws/

2019-03-31

rohit avatar
rohit

Is there any advantage in using S3 transfer acceleration if i am already using cloudfront to serve s3 files ?

Nikola Velkovski avatar
Nikola Velkovski

I don;t think so.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

probably more so if you’re uploading large files from around the world

Nikola Velkovski avatar
Nikola Velkovski

The only improvement I would see in this case would be when there’s a cache miss and CF has to pull in the file from s3 ( the origin )

rohit avatar
rohit

makes sense

2019-03-30

rohit avatar
rohit

I don’t understand the concept behind why we need to enable backups in order to use read replicas for aws rds?

rohit avatar
rohit

can anyone help me with this ?

Tim Malone avatar
Tim Malone

Turn off backups, on the replicas? I think that depends on the engine version you’re using. Not supported on MySQL 5.5 IIRC, but is on MySQL 5.6, for instance. Is that what you meant?

rohit avatar
rohit

@Tim Malone I meant to ask - why do i have to enable backups in order to use read replicas ?

2019-03-28

oscarsullivan_old avatar
oscarsullivan_old

Thanks! I couldn’t sleep last night because all I could think about was K8s vs fargate Vs not using either and instead orchestrating with ansible/ ecs/ lambda

:--1:1
Nikola Velkovski avatar
Nikola Velkovski

If you think this way then, you can also do it with ec2, and docker commands in cloud-init as well, but the increase in complexity and tech debt will outgrow any standardized solution.

oscarsullivan_old avatar
oscarsullivan_old

I think really it’ll just boil down to EKS vs Fargate.

Nikola Velkovski avatar
Nikola Velkovski

Ansible, do you idempotence ?

oscarsullivan_old avatar
oscarsullivan_old

here’s a pic from AWS just the other day

Abel Luck avatar
Abel Luck

i saw in the sweetops docs somewhere that if you create an account when adding to an org (versus creating it independtly then importing it to the org) you can’t ever spin out that account if necessary

Abel Luck avatar
Abel Luck

is that still the case?

Abel Luck avatar
Abel Luck

cause the new reference architecture impl seems to auto provision the sub-accounts rather

Tim Malone avatar
Tim Malone

you can spin it out of the org, but you’ll usually have to do some extra config first

oscarsullivan_old avatar
oscarsullivan_old

Yeh it’s a real pain

oscarsullivan_old avatar
oscarsullivan_old

I created a few too many org accounts

oscarsullivan_old avatar
oscarsullivan_old

And I CBA to log in and configure them to be independent so I can detatch

Tim Malone avatar
Tim Malone


When you create an account in an organization using the AWS Organizations console, API, or AWS CLI commands, all the information that is required of standalone accounts is not automatically collected. For each account that you want to make standalone, you must accept the AWS Customer Agreement, choose a support plan, provide and verify the required contact information, and provide a current payment method.
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html

Abel Luck avatar
Abel Luck

yea i’ve been trying to decide how finely to split stacks among accounts

Abel Luck avatar
Abel Luck

we have multiple deployments of our main stack for different customers, and each deployment needs its own dev/staging/prod

imiltchman avatar
imiltchman
New – Advanced Request Routing for AWS Application Load Balancers | Amazon Web Services attachment image

AWS Application Load Balancers have been around since the summer of 2016! They support content-based routing, work well for serverless & container-based applications, and are highly scalable. Many AWS customers are using the existing host and path-based routing to power their HTTP and HTTPS applications, while also taking advantage of other ALB features such as […]

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Amazon’s AWS Deep Learning Containers simplify AI app development attachment image

Amazon’s Deep Learning Containers support popular deep learning frameworks including Google’s TensorFlow and Apache MXNet.

2019-03-27

chrism avatar
chrism

RKE (ranchers version of KOPS) added a cluster.rkestate file output after its ran… yeeeeey more state to move around.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

It doesn’t support remote state?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Kops has a state bucket

chrism avatar
chrism

no; had to jimmy-rig s3 pull/push in

chrism avatar
chrism

which is shit

chrism avatar
chrism

but functionaly

chrism avatar
chrism

lol I keep getting told off by the anti-swearing bot

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Wow surprised that would be the case. Not very team friendly.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Checkout goofys

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Also we have support for that in geodesic

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Mount s3 as a filesystem

chrism avatar
chrism

currently trying to decide if its best to packer build an nginx ami, then packer the configs in using that as a base, or sync the configs in on userscript certainly know which would be quicker to update

chrism avatar
chrism

goofys looks pretty neat; its always reassuring when somethings written in GO as I dont have to spend 20 minutes looking for the “wont work on x system” crap

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yea it’s a big qualifier for me

chrism avatar
chrism

Never blindly apply CIS benchmark changes Nothing like spending 2 hours wondering why you’re K8 deployment has broken only to discover it disabled ipv4 forwarding … docker kinda needs that

oscarsullivan_old avatar
oscarsullivan_old


its always reassuring when somethings written in GO
Why? Because you know GO or because of a special trait of GO?

chrism avatar
chrism

Because the code compiles into a single binary per OS / tends to be agnostic

:--1:1
chrism avatar
chrism

whereas try faffing with Python + Matlab on windows Or anything node on windows

chrism avatar
chrism

its nice to be able to drop a binary and run

chrism avatar
chrism

without having to install a crap load of dependencies

:100:1
chrism avatar
chrism

When C# can do the same I may change my mind due to familiarity alone

chrism avatar
chrism

loyalties are fleeting

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

fargate made easy

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@oscarsullivan_old you might dig this

2019-03-26

oscarsullivan_old avatar
oscarsullivan_old

Anyone attend AWSome day today? Ric Harvey was really good

Alex Siegman avatar
Alex Siegman

What is this AWSome you speak of?

1

2019-03-25

imiltchman avatar
imiltchman

Is there a way to use a custom certificate with ElastiCache Redis for in-transit encryption? I can’t seem to find a way.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hrmmm good question

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

is there no way to specify the specific ACM cert to use?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(haven’t looked)

imiltchman avatar
imiltchman

Doesn’t seem to be. “You don’t have to manage the lifecycle of your certificates because ElastiCache for Redis automatically manages the issuance, renewal, and expiration of your certificates.” Sounds like I’m being ungrateful.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Lol

imiltchman avatar
imiltchman

Unfortunately, this means I can’t create a standardized hostname for the Redis cluster

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Crap, you’re right. That sucks!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Guess we have been using the canonical cname

imiltchman avatar
imiltchman

I tried using a CNAME, but it doesn’t seem to work with Tls enabled

imiltchman avatar
imiltchman

Which makes sense given that the certificate subject doesn’t match

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

It’s gotta be the hostname returned by redis

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Nothing you generate

1
imiltchman avatar
imiltchman

Yeah, exactly

2019-03-22

antonbabenko avatar
antonbabenko

Guys, question about EC2 ENI limits which is related to ECS clusters. I have 2 EC2 instances, where each has 2 ENIs on it, which means I can launch just 2 containers there (right?). My tasks are rather lightweight, so I have a lot of unused resources but need to scale-out EC2 instances in the cluster because I need more tasks/containers running. I want to be able to run 10 small tasks on a single EC2 instance t3.large (for eg).

Are there better ways to utilise resources and have more ENIs available? I have been evaluating bigger instances also, but there are not so many ENIs comparing to amount of resources.

Can Fargate be a better option in term of price to utilise just what I need and get ENIs allocated as requested?

/cc @maarten

maarten avatar
maarten

ENI limit is only applicable when you are using ECS tasks in awsvpc mode, normally you would use bridged mode with dynamic port allocation.

:100:1
antonbabenko avatar
antonbabenko

ok, let me read more about that one. Thanks!

chrism avatar
chrism

If you create a module with a script in it how do you load the module script in the module? template = "${file("./scripts/userscript.sh")}" Loads based on the working path rather than the module.

chrism avatar
chrism

${path.module}

:--1:1
chrism avatar
chrism

one of those rtfm moments (aka rtfm find m useless go to github find other peoples shit)

1

2019-03-21

roco avatar

Has anyone experienced a delay between when you have an issued certificate in ACM (passed DNS validation and in us-east-1), and when it becomes available for use within CloudFront via the console?

roco avatar
roco
08:17:05 PM

I’m creating a new CF distro, and have 2 available, issued certs in ACM in us-east-1. In CloudFront, the option to choose “Custom SSL Certificate” is not available

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

is that CF distro in us-east-1 as well?

roco avatar

CF Distro is global, not associated to a specific region

roco avatar

ooh nvm – i see them now. Looks like there’s a bit of a lag between when the certificate is validated/issued within ACM and when its available for use with other AWS resources (at least CloudFront distros)

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

it used to be at least that ACM certs were required to exist in us-east-1

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

though I think they recently lightened that restriction

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(for CF distros)

roco avatar

yeah i made sure the ACM certs were in that region… i didn’t change anything, just reopened the new Distro console and finally the Custom SSL Certificate radio button became available. but there was at least a 20m lag between when ACM showed it issused and when i could associate to CF Distro

roco avatar

anyway, thanks for the attention haha

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

cool, thanks for the update

Tim Malone avatar
Tim Malone

that lag seems unusual - but might’ve been a temporary/isolated thing

roco avatar

i do hope so! i’m curious to see if anyone else had experienced this…

2019-03-20

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
3
Pablo Costa avatar
Pablo Costa

Would be nice if they allowed me to insert a custom URL for 509 certificate, then I could choose my own cluster URL for endpoint

Pablo Costa avatar
Pablo Costa

PS. I’m using kubectl through vpn to access the eks endpoint, but I configured my dns to only query vpc resolver for my internal domain, which makes difficult to resolve the cluster endpoint.

2019-03-19

2019-03-18

oscarsullivan_old avatar
oscarsullivan_old

Any thoughts on why after having setup an openvpn instance (that does change my IP, confirmed), I still can’t use private IPs from my local to ssh into other machines?

mmuehlberger avatar
mmuehlberger

Can you reach the machines in any way, like pinging them?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

security groups?

oscarsullivan_old avatar
oscarsullivan_old


aknysh [4:28 PM]
security groups?

Bingo

oscarsullivan_old avatar
oscarsullivan_old

yep that’s got to be it

oscarsullivan_old avatar
oscarsullivan_old

or not

oscarsullivan_old avatar
oscarsullivan_old

ingress 22 for my public IP

mmuehlberger avatar
mmuehlberger

If you VPN you should have a private IP that needs access.

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

open the SG for all traffic and test if you can access it

oscarsullivan_old avatar
oscarsullivan_old

ooo what the heck

oscarsullivan_old avatar
oscarsullivan_old

that worked @Andriy Knysh (Cloud Posse)

mmuehlberger avatar
mmuehlberger

Usually OpenVPN will put you in a subnet and you can give the all subnet IPs SSH access for your machines.

oscarsullivan_old avatar
oscarsullivan_old

I did ALL UDP and ALL TCP from anywhere

oscarsullivan_old avatar
oscarsullivan_old

ah

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

yea, then @mmuehlberger is correct, VPN uses you private local IP, open the SG for it

oscarsullivan_old avatar
oscarsullivan_old

Why would it use my local private IP to ssh

oscarsullivan_old avatar
oscarsullivan_old

surely that will change all the time and I can’t possibly open a SG rule for it?

mmuehlberger avatar
mmuehlberger

It uses your private IP in the VPC, that you get after connecting via VPN.

oscarsullivan_old avatar
oscarsullivan_old

Let me try putting the machine in a public VPC

oscarsullivan_old avatar
oscarsullivan_old

Ah it already is

oscarsullivan_old avatar
oscarsullivan_old

Oh wait not what you’re saying

oscarsullivan_old avatar
oscarsullivan_old

Ah so If I allow the CIDR for the private IP of the subnet which I’m tunnelling into…..

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

does your VPN have its own SG?

oscarsullivan_old avatar
oscarsullivan_old

Yes

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

then add it to the other SG

oscarsullivan_old avatar
oscarsullivan_old

I’m unsure that would work across accounts

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

across accounts you have just a few choices I guess: in the bastion SG, open a hardcoded IP or CIDR from the VPC (not good), or do VPC peering; maybe there are other solutions?

oscarsullivan_old avatar
oscarsullivan_old

I have got VPC peering active weirdly

oscarsullivan_old avatar
oscarsullivan_old

I have:

MGMT: VPC 1 containing VPN

Sandbox: VPC 2 peered t oVPC 1 containing anything

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

oh, then adding the VPC SG to ingress for the bastion SG should work?

oscarsullivan_old avatar
oscarsullivan_old

Oh right, didn’t realise I could reference a SG from another account - hadn’t tried

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

or, you know the CIDR of VPC 1, add it to ingress of VPC 2

oscarsullivan_old avatar
oscarsullivan_old

Hmmm easier for me to do the CIDR I suppose

oscarsullivan_old avatar
oscarsullivan_old

because I manually set them with terraform

oscarsullivan_old avatar
oscarsullivan_old

so I know what they’ll be

oscarsullivan_old avatar
oscarsullivan_old

(to avoid overlapping when peering)

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

(don’t remember if SGs accross accounts work with VPC peering)

oscarsullivan_old avatar
oscarsullivan_old

(and make it easier to tell things based on IP CIDR)

oscarsullivan_old avatar
oscarsullivan_old

ok cool so sounds like CIDR is aactually the best route

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

if you know them and have peering, then yes

oscarsullivan_old avatar
oscarsullivan_old

ooooh yeh nice.

Removed the wildcard ingress rules and allowed the CIDR of my VPC

oscarsullivan_old avatar
oscarsullivan_old

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

Nice :–1:

oscarsullivan_old avatar
oscarsullivan_old

And cross account works!

oscarsullivan_old avatar
oscarsullivan_old

amazing

mmuehlberger avatar
mmuehlberger

Great!

chrism avatar
chrism

anyone know of any magic ways to get Ubuntu 18lts to fuck off caching DNS

chrism avatar
chrism

or more concisely stopping it from seemingly caching things with short ttls for all of existence

chrism avatar
chrism

nvm only on one box… at least its 5pm

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

is it running nscd?

chrism avatar
chrism

sysd resolver; the aws dns in the 3rd zone was caching, I cheated then checked this morning and it resolved. Sodding TTLs

rohit avatar
rohit

Is there a way to log complete request body at loadbalancer level or VPC (AWS ELB/VPC) ?

imiltchman avatar
imiltchman

@rohit Why do you need to log it at the loadbalancer, and not at the server/lambda? Do you suspect the LB modifies the request somehow?

rohit avatar
rohit

nope, i don’t see the request body when it reaches nginx

rohit avatar
rohit

so was wondering if there is a way to log the complete request body at loadbalancer

imiltchman avatar
imiltchman

I don’t think so. I am surprised you don’t have that capability within nginx

rohit avatar
rohit

I mean there is a way to do it in nginx but i want to log the entire request at the loadbalancer before it reaches my app

imiltchman avatar
imiltchman

I guess you could put something in front of the LB like a WAF or CloudFlare workers

imiltchman avatar
imiltchman

I am sure there is a way to do it, but I don’t think AWS ELB has this logging ability

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Or use an NLB

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

then you’ll see the full unadulterated request body at your app

rohit avatar
rohit

thanks @Erik Osterman (Cloud Posse) Will check if i can use NLB

2019-03-15

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
New – Open Distro for Elasticsearch | Amazon Web Services attachment image

Elasticsearch is a distributed, document-oriented search and analytics engine. It supports structured and unstructured queries, and does not require a schema to be defined ahead of time. Elasticsearch can be used as a search engine, and is often used for web-scale log analytics, real-time application monitoring, and clickstream analytics. Originally launched as a true open […]

chrism avatar
chrism

I hope this leads to some nice alternative tooling for handling auth etal from x-pack for those who just want a bloody search engine

chrism avatar
chrism

hope

chrism avatar
chrism

the current stuff aws have thrown up is a bit meh though

chrism avatar
chrism

bad the perf tool

chrism avatar
chrism

i dooooo like that ascii graphing

2019-03-13

Alex Siegman avatar
Alex Siegman

So in testing reference-architectures stuff, I made a few accounts I don’t want anymore. I went in and closed the accounts but they are still in my org as “suspended” I’ve worked on hundreds of AWS accounts, but I realized today I’ve never closed one. Any clue on if those will eventually go away in my AWS Org?

Alex Siegman avatar
Alex Siegman

Turns out, you have to talk to support, reinstate the account, do all the steps to make it a standalone account, remove it from the org, then close it.

2019-03-11

2019-03-09

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

It took us about a week as well

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

If you have business support it can be expedited

2019-03-08

btai avatar

what causes random spikes in read/write ipos on rds databases? where can i look to debug

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I think RDS snapshots will influence that

btai avatar

hmm no snapshot at the time of the spike

btai avatar

has anyone here migrated hosted zones between aws accounts before?

btai avatar

I followed this guide to the tee, and it seems to have worked (running nslookup/dig shows the new nameservers) https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-migrating.html

Migrating a Hosted Zone to a Different AWS Account - Amazon Route 53

Migrate a hosted zone from one AWS account to another using the AWS CLI.

btai avatar

ive left the old hosted zone up while the switchover occurs (its supposed to take up to two days because of dns resolver caching) and its been 7 days now.

btai avatar

but it seems like i am getting err_name_not_resolved browser errors. this is happening extremely (emphasis on extremely) rarely but i was wondering is the hosted zone cutover not a completely clean and error prone process?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

does the NS delegation look good?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

dig +trace will help you follow the query path

btai avatar

Yes @Erik Osterman (Cloud Posse)

btai avatar

dig +trace gives me what I’m expecting

oscarsullivan_old avatar
oscarsullivan_old

Could always open an aws ticket. They take about a week

2019-03-04

maarten avatar
maarten

Anyone who used ACM’s “private certificate authority (CA) ” for having a CA infra out of the box, for use with Kafka for example,

oscarsullivan_old avatar
oscarsullivan_old

I didn’t use it but I saved the terraform for setting up an ACM

oscarsullivan_old avatar
oscarsullivan_old

do you want??

maarten avatar
maarten

Ah that’s cool, yes please.

oscarsullivan_old avatar
oscarsullivan_old
12:41:31 PM
oscarsullivan_old avatar
oscarsullivan_old

It’s been about a month, but I remember thinking “I should save that if I’m not going to use it”.. so I don’t think it’s just the default example lol

maarten avatar
maarten

Yeah it’s quite expensive

oscarsullivan_old avatar
oscarsullivan_old

It had nothing to do with cost for me.. we just manage domains weirdly at my place and have yet to move CA and domain control to AWS

2019-03-01

chrism avatar
chrism

Fricking safety gloves … On a command line Like people will pop it open and accidentally blow windows up

pecigonzalo avatar
pecigonzalo

Are you really doubting that?

pecigonzalo avatar
pecigonzalo

People bypass any warnings you put to them, even when it says “this will delete your system”, and once its deleted, they write on reddit/twitter how bad Windows is, as its so easily deleted

chrism avatar
chrism

They can type sudo rm -Rf /

chrism avatar
chrism

you can’t cure stupid

oscarsullivan_old avatar
oscarsullivan_old


you can’t cure stupid
No but you can safety-net it

chrism avatar
chrism

The darwinian effect of letting the stupid rid the world of themselves is fine with me http://www.weirduniverse.net/blog/comments/tullock_spike

The Tullock Spike

The economic theory of risk compensation suggests that laws intended to increase safety, such as mandating safety belts in cars, can sometimes have

chrism avatar
chrism

Realistically though if you broke your WSL install, you can just remove + reinstall it. It’s supposed to be an app

oscarsullivan_old avatar
oscarsullivan_old

I’ve figured it out… watch this space https://github.com/osulli/aws-multi-account-setup

osulli/aws-multi-account-setup

A guide to getting multiple AWS accounts linked in an orgainsation and sharing relevant resources with the end goal of using Terraform against different accounts for different stages. - osulli/aws-…

oscarsullivan_old avatar
oscarsullivan_old

Ok.. published! Would appreciate someone suggesting a good way around the limitation listed

oscarsullivan_old avatar
oscarsullivan_old

Does anyone know how to use aws-vault login x with SSO / Federation? There’s clearly some sort of support in https://github.com/99designs/aws-vault/blob/master/cli/login.go but I can’t work out what config I’m missing in ~/.aws/config… I think it’s missing session token from the SSO portal?

99designs/aws-vault

A vault for securely storing and accessing AWS credentials in development environments - 99designs/aws-vault

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

aws-vault does not support SSO

:--1:1
pecigonzalo avatar
pecigonzalo

thanks for the answer

pecigonzalo avatar
pecigonzalo

I asked the same thing some days ago, and this confirms my suspicion

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

for that, you need a purpose built tool

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

e.g. aws-okta for okta (by segmentio)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

ther are others for gsuite, etc

oscarsullivan_old avatar
oscarsullivan_old

I’m only using AWS SSO

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hrm…. I haven’t searched for a cognito cli for aws.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Let me know if you come across one.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Ideally, a self contained binary

oscarsullivan_old avatar
oscarsullivan_old

I’m going to create a new root account that my company isn’t currently using and try reference architecture. Feel like all my problems stem from avoiding it!

imiltchman avatar
imiltchman

If I am only using the master node for Redis in my application, is there any advantage to having more than 1 replica in ElastiCache cluster?

    keyboard_arrow_up