Unanswered Questions
2,654 questions with no upvoted or accepted answers
11
votes
0
answers
6k
views
How can a Cognito user initialize TOTP on first login when MFA is required?
I am setting up Amazon Cognito for authentication to use a Kibana instance. I only permit administrators to create users, and I permit only the Cognito User Pool identity provider. When creating the ...
- 1
7
votes
1
answer
2k
views
How can one configure an AWS ElasticSearch access policy using CloudFormation?
The AWS documentation on ElasticSearch access control talks about how to grant access to the ES domains subresources while preventing changes to the domain's configuration by creating an ES domain ...
CommunityBot
- 1
7
votes
1
answer
2k
views
Joining a server to AD via AWS cloudformation
I want to use cloudformation to automatically join new instances to AD.
When I googled this it looks like many people just use scripts in there cloudformation templates and pass in credentials- I don'...
CommunityBot
- 1
6
votes
1
answer
5k
views
AWS ECS: Unable to place task
I am trying to set up an AWS service with autoscaling. I have created a cluster with an application loadbalancer and created a task using a docker image that should be open on port 8080 for use. I ...
CommunityBot
- 1
6
votes
0
answers
2k
views
TCP congestion collapse
I am experiencing suboptimal performance on an EC2 instance connecting to an RDS instance. This particular instance was built before VPC's existed, so all the traffic is flowing through a single ...
- 3,614
5
votes
3
answers
4k
views
Best way to log to two different CloudWatch log streams from an ECS container?
We are running our services on AWS's ECS platform, and we send our logs to AWS CloudWatch.
We have two types of logs, any container can produce either type:
the usual application logs (access, error,...
CommunityBot
- 1
5
votes
1
answer
2k
views
EC2 VPC Intermittent outbound connection timeouts
My production web service consists of:
Auto-scaling group
Network loadbalancer (ELB)
2x EC2 instances as web servers
This configuration was running fine until yesterday when one of the EC2 instances ...
CommunityBot
- 1
5
votes
2
answers
4k
views
AWS "No credentials specified" even when EC2 IAM policy applied
This is an odd issue which we can't find a solution for.
On AWS, we are running Microsoft Remote Desktop Services on Windows Server 2019. All servers are joined to an AWS AD Directory Services ...
CommunityBot
- 1
5
votes
0
answers
5k
views
How to handle trailing slash in a redirect rule for an AWS S3 website?
I'm trying to build up some landing pages in my s3 hosted web site.
For example: http://www.example.com/products
That should redirect to http://www.example.com/products.html
To accomplish this, I ...
- 1
5
votes
0
answers
513
views
Updating to latest Docker images in Elastic Beanstalk Multicontainer
I'm running a site on Elastic Beanstalk using a multi container set up. I'm wondering what is the preferred strategy to pull in the latest images.
On the CI server, after successful commits to master,...
- 151
5
votes
0
answers
1k
views
CloudFormation fails deleting a stack if a hostedzone contains non-required records, how can it be avoided?
I wrote a CloudFormation template which creates a whole environment which includes the creation of VPC, HostedZone, Subnets, Autoscaling Groups, etc...
The servers which are created and are members ...
5
votes
0
answers
3k
views
Newly installed programs in Server 2016 can't be clicked from the start menu
I created a new instance of Windows Server Datacenter 2016 on AWS (Version: 1607 OS Build 14393.321). When I install a new application and try to click on it from the start menu it does not work.
...
5
votes
2
answers
697
views
Automate war deployment in VPC's private subnet on tomcat7
I have a VPC with public and private subnets.
Public subnet contains my Nating and Bastion instances
Private subnet contains my application servers (3 ec2 instances running tomcat7 with my project ...
- 264
5
votes
1
answer
793
views
ECS Stopped Task not Releasing Port
I have an ECS cluster with ELB. Last night I saw that a task was stuck in restarting loop. From the service Events log, it said:
"service xxxxx was unable to place a task because no container
...
- 1
5
votes
2
answers
2k
views
If you can't change the RDS endpoint of an AWS Beanstalk instance, how do you do a blue/green deployment?
From what I can tell, one can't change the Amazon RDS (RDS) endpoint of an existing Elastic Beanstalk (EB) instance?
If that is the case, than you can't have your code deployed to a stage server, ...
CommunityBot
- 1
5
votes
2
answers
2k
views
AWS connection error: Permission denied (publickey)
Sorry if this sounds redundant to you but trust me its not. I have tried almost majority of the links related to this problem but nothing is working for me so far. I even tried this article two. Below ...
CommunityBot
- 1
4
votes
1
answer
768
views
Will critical security updates get applied even with "auto minor version upgrade" disabled?
RDS offers an "auto minor version upgrade" setting, described in the docs, which causes AWS to automatically upgrade your database engine from time to time:
If you want Amazon RDS to ...
- 11
4
votes
0
answers
7k
views
Enabling HSTS header on AWS Application Load Balancer
We have a Spring Boot application behind an AWS Application Load Balancer. The load balancer terminates SSL before forwarding coming requests to our application and also redirects 80 port to 443 port.
...
- 179
4
votes
0
answers
590
views
Getting error “PHP Fatal error: Uncaught Zend\Uri\Exception\InvalidUriPartException” on AWS server
I am getting following error in error_log after moving the site (developed in Magento ver. 2.3.2) on new server (AWS Server):
PHP Fatal error: Uncaught Zend\Uri\Exception\InvalidUriPartException:
...
- 2,009
4
votes
0
answers
1k
views
Understand S3 cost at folder level
I am planning for a use case wherein which my S3 bucket is used by 10 different users. All these users has separate folders within this bucket, to where they'll store their files. Now I want to know ...
- 764
4
votes
1
answer
7k
views
What options do I have if I need a firewall behind AWS network load balancer?
Today we're using WAF for Application Load Balancer and it's great, but WAF not support Network Load balancer.
So we need a solution that will protect us behind or after the NLB. For example:
1. ...
CommunityBot
- 1
4
votes
1
answer
2k
views
AWS console - This site cannot be reached - Only on my PC
I have an AWS insatance and whenever I go to the console page, ie: https://us-west-2.console.aws.amazon.com on a browser I get the message:
This site can’t be reached
us-west-2.console.aws.amazon....
CommunityBot
- 1
4
votes
0
answers
1k
views
Autoscaling AWS ECS services with soft limits
As per the service utilization documentation it is possible to have a Memory utilizations over 100% when using soft limits in the ECS tasks (because you don't want to kill your app with hard limits). ...
- 281
4
votes
0
answers
4k
views
AWS: ssh_exchange_identification: read: Connection reset by peer
I am facing "ssh_exchange_identification: read: Connection reset by peer" error.
I am not able to ssh my instance.
Any help is highly appreciated. Thank you.
Below is the debug information
ssh -i ~/....
- 341
4
votes
0
answers
684
views
AWS ElastiCache Redis - Why has SwapUsage slowly climbed just over 100MB dispite having FreeableMemory available?
Starting around 7/28/2017 the SwapUsage started to climb for reasons I cannot figure out. I have spent many hours Googling and reading AWS documentation. At no point do we run out of FreeableMemory.
...
- 41
4
votes
0
answers
331
views
EC2 CPU Credit Balance: Why are there gaps in my credit balance graph?
I use CloudWatch to monitor dozens of aspects of our platform's ecosystem, and occasionally we'll have a machine that does this:
Why are there gaps in this green line? The other instances being ...
4
votes
2
answers
203
views
SSL on both ELB and server
I configured my ELB to be able to serve ssl pages by putting my certs in the ELB itself. Say the ELB serve requests from www.example.com.
At the same time i need to use ssl outside the ELB and serve ...
- 244
4
votes
3
answers
5k
views
How to enable HTTPS for the public DNS route of an Ec2 instance instance?
I am working on a Facebook bot app and one of their requirements is to setup a webbook on my webserver that is returning a token, to validate my account. I quickly spin up a micro instance (Ubuntu) ...
CommunityBot
- 1
4
votes
1
answer
3k
views
Configure SFTP with OpenSSH and an AWS S3 Bucket mounted via S3FS on Amazon EC2
How do I allow multiple SFTP Users with S3FS and OpenSSH?
Everything works, except SFTP Users don't have permission to write to their Chrooted Home Directory: remote open("/some_file"): Permission ...
CommunityBot
- 1
4
votes
1
answer
3k
views
Does CloudFront support S3 signature version 4 for KMS encrypted objects?
I'm using Cloudfront with an S3 origin that is using KMS to encrypt objects. I'm getting the following error when sending a GET request for an object in the S3 bucket.
Requests specifying Server ...
CommunityBot
- 1
4
votes
0
answers
1k
views
S3 restoration using s3api get-object is not working in aws china region
I have set up a daily backup script in my aws china instance which uploads my required files to be backed-up to s3 bucket. I have a restoration script which uses s3api to restore the objects to the ...
- 173
4
votes
1
answer
628
views
AWS ELB: cloudwatch metric for open connections?
I'm setting up ELB, and I'm having trouble finding a suitable metric to use to adjust the size of the pool.
RequestCount doesn't work because some requests are much cheaper than others.
Latency ...
4
votes
0
answers
990
views
AWS ElasticBeanstalk: container keeps restarting
I'm trying to deploy a multi-container docker Elastic Beanstalk cluster on AWS and my situation is;
I have 7 docker containers, six of which are Scala applications each
listening on port 9000 for ...
- 233
4
votes
0
answers
255
views
What does Process/CPU metric in atop really mean?
I've been using the excellent atop for reviewing load test impact in detail, and the distinction between the SystemLevel/CPU metric in the top (system-wide) section and the ProcessLevel/CPU metric in ...
- 143
4
votes
0
answers
327
views
Nginx setup on aws - redirecting to port 81, cannot reverse
I've tried to setup nginx on my free AWS instance so that it can host multiple domains on single ip address (not sure if it can be managed, but I'm trying to dig in). In that process I created ...
- 141
4
votes
0
answers
1k
views
Coreos auto scaling with docker and fleetctl on AWS
I spent a lot of time evaluating different ways to deploy an application to the cloud (let's assume AWS for this question) in the last few weeks but couldn't really find a satisfying solution.
We ...
- 141
4
votes
1
answer
1k
views
Dockerun.aws.json referring to bucket of another account
I have the following Dockerrun.aws.json:
{
"AWSEBDockerrunVersion": "1",
"Authentication": {
"Bucket": "bucket-of-another-aws-account",
"Key": "docker/.dockercfg"
},
"Image":...
CommunityBot
- 1
4
votes
0
answers
599
views
Does AWS Elastic Beanstalk Swap Environment Url swaps environments for git push?
I have read the docs for zero downtime on aws but cant seem to understand what happens in this scenario?
I have a environment running in production called 'red'
I duplicate the environment as 'blue'
...
- 151
4
votes
2
answers
2k
views
Shared files folder in Amazon Elastic Beanstalk environment
I'm working on a Drupal application, which is planned to be hosted in Amazon Elastic Beanstalk environment. Basically, Elastic Beanstalk enables the application to scale automatically by starting ...
CommunityBot
- 1
3
votes
0
answers
3k
views
AWS OpenVpn "Connection failed. Try again" - Exception (0x80004005)
I have been unable to connect through the AWS OpenVPN client for quite some time. When I click connect, the message "Connection failed. Please try again." I found a similar case on other ...
- 31
3
votes
1
answer
2k
views
Deploying an AWS Load Balancer Controller for EKS Fargate API service
Context
I'm trying to deploy a containerised API service to an EKS Fargate cluster and have it service requests from external internet addresses as an over-engineered POC/learning experience. I'm ...
3
votes
0
answers
4k
views
Can't open port 443 on AWS EC2 fresh instance
I created a fresh EC2 instance, this is the setup:
Security Group
Inbound rules
IP version
Type
Protocol
Port Range
Source
IPv4
HTTP
TCP
80
0.0.0.0/0
IPv6
HTTPS
TCP
443
::/0
IPv6
HTTP
TCP
80
::/0
...
- 131
3
votes
0
answers
816
views
EKS - Use IAM roles for service accounts on multiple clusters
I am trying to use IAM roles for service accounts in EKS.
https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
When it comes to create the IAM role to be assigned to a ...
- 31
3
votes
1
answer
1k
views
Configure AWS CloudFront to send custom query params to origin
Is it possible to configure my AWS CloudFront distribution to append to the request a custom query param (e.g a private key) before sending it to the origin?
For example, the front end is calling *....
- 4,514
3
votes
1
answer
2k
views
How do I resolve a private DNS address from within an AWS Fargate task
I'm trying to setup a connection to a MongoDB Atlas database from an AWS Fargate container. The VPC peering is setup and works and I can successfully connect to the MongoDB Atlas cluster from a ...
- 25.1k
3
votes
1
answer
1k
views
Can't deploy same lambda in multiple regions from s3 bucket
We are deploying a lambda using CloudFormation SAM templates.
We would like to package the lambda into an S3 bucket, then deploy the AWS::Serverless::Function in multiple regions.
However, lambda code ...
- 147
3
votes
0
answers
3k
views
Why AWS Cognito client secret is not "secret"
We are setting up SaaS server-to-server auth solution using AWS Cognito + API Gateway using oAuth2 Client credentials flow.
And one thing is totally bugging me - I can access App client secret in ...
- 31
3
votes
0
answers
2k
views
How to show instance names in CloudWatch graph labels?
We have a couple of machines in AWS EC2 and are running the Amazon CloudWatch Agent on them to collect metrics. Instead of the default ImageId, InstanceId, InstanceType triplet, the agent is ...
3
votes
1
answer
3k
views
Update Amazon RDS Certificate SSL Issue with MySQL Lambda
Like many people I have updated my Amazon RDS Certificate to CA_2019 from CA_2015.
At first everything seemed fine but later on checking I noticed the mysql lambda function which i wrote to query the ...
CommunityBot
- 1
3
votes
1
answer
2k
views
Possible the connect OpenVPN and AWS Transit Gateway
I have setup a Transit Gateway and a Site-to-Site VPN connection from our on-prem to our AWS accounts. It is working like a charm.
We have remote users working at home who need remote connection to ...
CommunityBot
- 1