#aws (2024-08)
Discussion related to Amazon Web Services (AWS)
Discussion related to Amazon Web Services (AWS)
Archive: https://archive.sweetops.com/aws/
2024-08-01
2024-08-02
Hey, I’ve written a blog post on the stuff I’m currently working on at work: creating AWS infrastructure with something called Pulumi. Pulumi is another IAC tech. It sits in the same area as Terraform, but it is nothing like Terraform as you, as a developer, can bring your own language to it like, say, Python, Go, and C# and make cloud infrastructure as well as build your app. So essentially, it will remove the DevOps part from the picture eventually. As you will know how to build this stuff with Pulumi.
Well, if this sounds interesting, please read my post, and if you really like it, could you share it?
Link to post: https://theclouddude.co.uk/two-alb-target-groups-one-ecs-with-pulumi-python
I don’t work for Pulumi, and I don’t make any money out of my blog.
2024-08-05
There seems to be a scarcity of documentation and explainers for ECS Service Connect automatic encryption. At least I would have wanted more when implemented it for the first time. Thus, a video explainer recorded together with Vladimir Samoylov https://www.youtube.com/watch?v=z1WQ-YSAsVY and a supporting blog post https://fivexl.io/blog/ecs-service-connect-encryption/ Hope it will be helpful for some of you out there to make your organizations more secure
I seem to be hitting this common problem when using the aws components of need the account_map component. I was just trying to deploy a simple s3 bucket and I got this error:-
module.iam_roles.module.account_map.data.utils_component_config.config[0]: Reading...
Planning failed. Terraform encountered an error while generating this plan.
╷
│ Error: failed to find a match for the import '/Users/gwestwood/work/orcid-terraform-xxxx/components/terraform/s3-bucket/stacks/orgs/**/*.yaml' ('/Users/gwestwood/work/orcid-terraform-xxx/components/terraform/s3-bucket/stacks/orgs' + '**/*.yaml')
@Giles Westwood best to use refarch or https://github.com/orgs/cloudposse/discussions for reference architecture questions. #aws is for more general AWS questions.
i think it’s also hitting https://atmos.tools/quick-start/advanced/configure-repository/#atmosyaml-cli-config-file-location
yea i got the atmos path thing to work so now it’s just failing because of the missing stack
has anyone been able to workaround the limitation with NOT being able to tag permission sets that get created as roles in target accounts? it’s pretty wild that this limitation is in place
@Andriy Knysh (Cloud Posse)
@Zing please provide more details about the question. Is it about AWS SSO permissions?
so when I create a permission set and specify target accounts, iam identity center will create the permission sets as roles in those target accounts. there does not to be a way to add tags to those created roles from the centralized identity account
@Andriy Knysh (Cloud Posse)
2024-08-06
2024-08-07
Does anyone have experience with moving existing MySQL RDS databases to graviton and sequencing around the upgrade to MySQL 8.0?
I plan on leveraging the built-in blue-green deployment which makes me think I should switch to graviton after because of the replication time between clusters and having downtime closer together. But still wanted to hear from others experience
I can’t speak to this exactly, but I’d keep them separate. Makes RCA “easier” if something does go bump.
I feel that and that was my initial approach, but there’s mgmt pressure to only have one maintenance window because of the downtime and ppl required to validate
Luckily, I’ve heard from others in other slack groups that they’ve successfully upgraded to MySQL 8 then switched to graviton
Yup, I voiced my concern, it’s all I can do
2024-08-08
Hello! Is there any option to use the AWS Loadbalancer Controller in defaultTargetType: instance mode, but only add the instances to the target group where pod runs? And the conroller automaticaly updates the target group if the pod moved to an another instance? The service uses nodeport.
@Yonatan Koren
2024-08-09
I’m getting random 503’s on a setup I’m doing jenkins.example.com –> NLB 443 –> ALB HTTPS –> EC2 instance with Jenkins (8080)
I cannot find the cause of it
found the cause of it; because the EC2 instance is in one AZ, we had to switch the client routing policy of the NLB to “Availability Zone affinity”, and turn off “Cross-zone load balancing”
Glad you figured it out. One question I had this why the need for the NLB in front of the ALB? I know in the past there was a need for this type of set up for certain routing, just wondering why you need it in this case for a Jenkins server.
they want to SSH to Jenkins using the same domain name
also, WAF should be enabled
being able to use ACM is an added bonus though
Cool. I was thinking that another approach might be pointing the NLB at the instance’s port 22. That way the NLB only has to serve the SSH traffic and not any web traffic. the domain might change slightly, (ie, [jenkins-ssh.example.com](http://jenkins-ssh.example.com) for SSH vs [jenkins-web.example.com](http://jenkins-web.example.com) for web) but the separation might keep things simpler.
yeah, but the client wanted the same domain name for web and ssh
yep i totally get where you’re coming from and why!
2024-08-12
2024-08-13
2024-08-19
Hey everyone, I’m excited to share an article we just developed at Appvia on building a well-architected landing zone on AWS. It’s packed with insights for anyone in DevOps, platform engineering, or cloud architecture, focusing on how to set up a secure and scalable AWS foundation.
Would love to hear your thoughts on it: https://www.appvia.io/blog/building-a-well-architected-landing-zone-on-aws
2024-08-21
I use Cloudposse EKS node group module. Initially I created the node group with desired_instance=1 for testing when trying to increase the desired it’s ignored. Just wanted to understand the rational behind that behaviour.
There is some info here, but I think the general idea is that desired size should be managed by your autoscaler, not terraform. It may change very frequently in response to load or other metrics / desired behavior. Your terraform configuration should be more static - so it should be managing min and max, not desired.
2024-08-29
Hi, Anyone using latest ‘cloudposse/terraform-aws-eks-node-group’ for windows nodes plz? I am having issue when node tries to connect to EKS cluster.
This is more of a #terraform question