PrimerI think it's fine if you want to bridge several private networks that all have static IPs
gholmsACTION nods
gholmsNot so great for road warriors
PrimerSo yeah, creating the Cloudformer stack in a different region just fails over and over. It seems this expects stuff to pre-exist, and in this region, I have nothing setup.
PrimerThis stuff's been around since 2011, and it's still beta...?
Primertrying a different region
PrimerOk, finally got one up in a different region
ChipzzPrimer: yeah, Cloud Former is a *starting point*
Chipzzyou'll have to do some search and replace
ChipzzPrimer: regardless on whether you're using CloudFormer or writing your own template from scratch, it's probably a good idea to split the thing up in smaller chunks
hydrajumpin the docs why are all s3 bucket endpoint urls using HTTP and not HTTPS, eg
gholmsIt's probably just a mistake.
gholms...though if you use vhost-style URLs using HTTPS can present a bit of a challenge at times.
Bejgliin the past s3 was http only and it probably hasn't been updated
gholmsThat wouldn't be the case for a URL that contains a region name.
tech2Does cloudfront pay any attention to the origin's content-length header? My first guess would be no (because it ended up caching some partial results), is there any mechanism to prevent it from doing so?
theShirbinydoesn't look like it does
tech2That's... unfortunate :(
ayogihi guys, i am trying to create a new launch configuration and attach it to scaling group
ayogibut when i try to scale the instances in elastic beanstalk it's giving following error: Updating Auto Scaling group named: awseb-e-r3fap6d8dd-stack-AWSEBAutoScalingGroup-16OW112RSXU0Y failed Reason: AutoScalingGroup's LaunchConfiguration awseb-e-r3fap6d8dd-stack-AWSEBAutoScalingLaunchConfiguration-1ADEQI5A5944O not found
ayogidoes anyone know what could be wrong?
Kim^Jayogi: The launch configuration is missing.
ayogibut the launch configuration is there
ayogiKim^J, i don't know why elasticbeanstalk is not deteching
ayogii created a new launch configuration and attached it to auto scaling group
ayogiand deleted the old launch configuration
ayogibut why it would not detect the new one?
Kim^JBecause that
Kim^Js not how it works.
ayogiKim^J, then, what's the issue here?
Kim^JThe beanstalk tries to set the launch configuration.
Kim^JWhy are you trying to scale via beanstalk? Scale the group directly.
ayogiyou mean to say increase the minimum and desired count?
ayogiin autoscaling group
ayogiso what's the difference between desired and minimum
Kim^JIf you want to do changes, then do those changes via the thing taht created the asg.
ayogibeanstalk created that asg
Kim^Jayogi: If you fall below minimum, it will start new instances right away.
Kim^JIf you fall below desired, it will start on the next iteration according to your scaling rules.
Kim^JIf you go above desired, it will terminate on the next iteration according to your scaling rules.
JohnPreston72Morning folks :)
ayogiso should i increase desired or minimum?
Kim^Jayogi: Desired.
ayogii want it to scale it to 2 instances right away, right now it's 1 only
Kim^JJust set desired to 2.
JohnPreston72Quick question : I have an S3 bucket for which I have a policy to allow getobject to an object only via referer. I have followed the AWS doc and that works fine for the s3 hosted site. However, when I set a CF distribution in front of the hosted site (the site, not the bucket), I keep getting access denied. What is the CF referer like ?
Kim^JAnd then it takes a minute or so, then a new instance pops up.
Kim^Jupscaling is usually faster than downscaling.
ayogiKim^J, but will beanstalk be able to detect this
ayogiand that the autoscaling configuration has changed, and now there will be 2 instances.
Kim^Jayogi: Beanstalk doesn't care.
JohnPreston72 is this still valid ? -> CF doesnt send the referrer HTTP to S3 ?
ayogiKim^J, i deployed the application in beanstalk and now it's giving the error as: Update environment operation is complete, but with errors. For more information, see troubleshooting documentation.
ayogiwhat does that mean?
Kim^JIt means you changed the stuff beanstalk manages outside of beanstalk.
ayogii changed the asg and reverted back
ayogiand then i deployed the existing version of application again
ayogieverything was working fine before i changed the asg
ayogiKim^J, now even i am deploying new application it's not wokring
ayogiKim^J, the more detailed message is: Incorrect application version "40a0908ac5fe3d85ef6d98775e1be65e134b22e3-app-34" (deployment 25). Expected version "40a0908ac5fe3d85ef6d98775e1be65e134b22e3-app-35" (deployment 30).
pluszakCan I display cloudfront on cloudwatch graph?
pluszakI want to compare my s3 with it's cloudfront but cloudfront is just not there
ayogiKim^J, is there a solution for this?
ayogidoes anyone know solution for: Incorrect application version "40a0908ac5fe3d85ef6d98775e1be65e134b22e3-app-34" (deployment 25). Expected version "40a0908ac5fe3d85ef6d98775e1be65e134b22e3-app-35" (deployment 30)
ayogiin beanstalk
Azarilive put a lambda function in a vpc and it cant ping any of the servers in the vpc
Azaril(ive opened up the security groups for icmp)
Azarildoes anyone know of any additional configuration you need to do to get this to work?
pluszakAzaril: but it resolves the correct ip?
Azarilthe dns lookup works to the internal ip
Azarilother servers in the vpc can ping the same addresses fine
pluszakso the security group is probably wrong
chrisM_1Hello, how can get access via ssh to the RDS instane
vlebochrisM_1: ypu cannot
chrisM_1Well then how can I fix the too many open files error
chrisM_1When my server is connecting to the RDS instance it error with to many open files and that limit is set in the linux instance
chrisM_1I was doing a load test and that is when the limit happened
Kim^JReboot the RDS instance.
chrisM_1Yes, and then it will happen again?
AzarilMy lambda function in my vpc is not getting an address in the vpc according to os.networkinterfaces()
chrisM_1I modified the connection limit
ayogiEnvironment health has transitioned from Severe to Degraded. Incorrect application version found on all instances. Expected version ..
AzarilOK, apparently pings dont work from lambda for some reason
pluszakchrisM_1: why do you assume it's rds error?
socket-Hey all, I have several workspaces registrations, and I am looking for a way to create shortcut icons. Is there a way via command line that I can tell workspaces.exe to launch a specicific registration instead of having to manualy click manage registrations, and choosing one?
new_studentHi! Due to some mishap, while updating an environment on elastic beanstalk, a cloud formation stack got created and it got stuck at UPDATE_ROLLBACK_FAILED. After realizing the goof up, I continued the roll back and now it is in the state: UPDATE_ROLLBACK_COMPLETE
new_studentBut now whenever I try to update the environment, I keep getting the error: Environment named xxxx is in an invalid state for this operation. Must be Ready.
zylentgive it a bit to chill
new_studentCould someone please help me understand how can I get out of this weird state?
zylenthas it been there long? If you have a bunch of nested changes going on it takes a while for things to settle down
new_studentzylent, was your reply directed towards me?
new_studentThe cloudformation state was in UPDATE_ROLLBACK_FAILED since 18/04/2017
new_studentand I fixed the issue and resumed it about 30 mins ago
zylenthow long has it been in rollback complete?
new_studentIt completed at 17:33 and now the time is 18:45
zylenthmm... did you have a bunch of disk operations?
new_studentNone, AFAIK
new_studentas I said, the stack has completed.
new_studentIt's state is now UPDATE_ROLLBACK_COMPLETE
new_studentThe goof up was related to LoadBalancer config
zylentyeah sounds like something nesting related, I'd contact support if you can
new_studentI added a listener for tcp, 443 , removed listener for tcp, 80 and configured cert on the load balancer and didn't do all of this via the environment config. which I realized later, but was too late. Then I reverted those manual changes but not it is not giving the option to make any changes to the deployment
new_studentWhat do you mean by nesting?
zylentare you trying to modify a resource that doesn't exist?
new_studentNo, nothing like that
zylentyour cloudformation stacks can nest
zylenteg toplevel stack>shared attributes stack>service stack
new_studentThe cloudformation stack was created by aws itself. It wasn't created manually,
new_studentRight now, all stacks are in a *_COMPLETE state
new_studentMy AWS account doesn't have technical support :(
new_studentHow long should I wait for the elastic beanstalk environment thingy to understand that the thing which was blocking it from being 'ready' is not fixed?
new_studentThe funny thing is, the status is green the entire time :-/
new_studentThere were the exact errors:
hydrajumphow do you stop a lambda function that seems to have gone bat shit crazy?
General_Harambehydrajump: ditch the trigger, wait for timeout
hydrajumpGeneral_Harambe: thank you. No idea what's happening
hydrajumpit thas used up my ses sandbox quota like a raging lunatic :P
General_Harambeoh dear. Amazon a incredibly short fused when it comes to SES. be careful.
es3l3kGeneral_Harambe: I second that!
General_Harambethe obnoxious thing is that the means to calculate SES thresholds is opaque at best.
General_Harambeit's a percentage, over time, based on a rolling window, with some magic numbers.
hydrajumpI'm still trying to understand what has happened
jonjits[m]With a cloudformation nested stack template, how do I prevent the whole thing from deleting itself if one nested stack fails and also be able to update-stack on the master template?
General_Harambenot nesting! Don't do it!
jonjits[m]General_Harambe: why?
mjleeI'm going to set up RDS as an external slave for some production databases running on prem, unfortunately setting up VPN/Direct Connect is not currently an option. How do I establish the external IPs for RDS to define my firewall rules?
dtypeAnyone aware of an Amazon Echo/Alexa IRC dev channel? (kind of overlaps with aws in that it is generally handled in lambda functions, but seems more specific a topic)
General_Harambejonjits[m]: the scope of a piece of state in SF is the stack. And that any nested pieces fall into that scope. If you only want to move one turtle and not every turtle between here and the world turtle, make a new, separate stack
Mooniacwhat's the maximum password length I can use for the Console log-in through a browser?
f0steris there something like azure blobstore for aws? I want to stream application data for storage from my distributed app to somewhere in aws
f0sterbut i dont want tons of small files (want to consume data with spark later)
hydrajumpif the resource in a policy is `arn:aws:s3:::mybucket` is it correct that you can't put an object?
hydrajumpthe resource has to be `arn:aws:s3:::mybucket/*`
sathedAm I missing something here? Can you really not change the root volume size via CloudFormation for an Opsworks instance?
mjleef0ster: S3?
f0stermjlee: i dont think that works well if i understand s3 correctly.. i cant "append" to an s3 object, so i would have to write lots of little files (which i dont want to do)
mjleeAh, I see
mjlee discusses it
f0stergoing to look at kinesis, i havent used it so i dont know much aobut it, i figured maybe it was worth asking here
gabbottCan you attach an EIP to a secondary private IP using the ec2_eip module?
toastedpenguinany recommendations for instance types to support windows file server?
nutzzI have a problem with RDS. After 4-5 days after I create a RDS instance (oracle EE) when I try to connect from sql developer I get this error An error was encountered performing the requested operation:
nutzzIO Error: The Network Adapter could not establish the connection
nutzzVendor code 17002
nutzzbut the database instance appears to be running
nutzzI am using an aws educate account
raspadoanyone familiar with aws SES?
raspadoWe received an error ".mail.MailSendException: Failed messages: com.sun.mail.smtp.SMTPSendFailedException: 454 Throttling failure: Daily message quota exceeded." Does anyone know if SES has some sort of queue mechanism ?
raspadoif so, we need to account for two queues, 1 queue from within SES and another queue from within our app
en0xof course they have quota on how many u can send a day, usually telling them to increase it is not an issue
kgirthoferomg kms key permissions just killed 3 days of troubleshooting
kgirthoferI always forget about those
Masterphihow do I create a read-replica postgres instance on AWS of my master DB on Google Cloud SQL (also pg)?
f0stermjlee: I think I am going to use kinesis and spark .. stream shit there and periodically batch it out for backup
khronosAny windows experts in here?
chainzjust ask
khronosCan an amazon active directory setup do multiple domain logins like virtual hosting in the Linux environment?
chainznot sure, haven't used directory services yet
khronosI have a lot of 5 to 10 user shops that would like full domain control of their machines, but I don't think each of them need duel domain controler setups to satisfy their needs.
chainzwhy do you need dual domain controllers?
khronosMulti az seporation.
khronosIF thry are not going to have a physical box at their location I need to do everything I can to have them always on if I can.
chainzso you create one and replicate to the other
khronosads looks like it will do what I want, just am looking for a bit of direction of what the do's / don'ts are.
malprxcticeHey folks! Can we have both Internet Gateway and NAT Gateway attached to a single VPC?
Tantagelsure why not
yiatiIs there a difference between, an integration request with a AWS Lambda Function in AWS API Gateway, versus a AWS API Gateway Trigger in a AWS Lambda Function
Tantagelyes they are different things
Tantagelyiati , they might have overlapping features or function but it's not the exact same
yiatiTantagel: If I want to make a simple REST API which should I go with? Seems like I'd want an API Gateway Integration Request
TantagelI would use nginx + cherrypy
TantagelAPI Gateway is a travesty
yiatiTantagel: I would like to be serverless, if you have any other serverless suggestions
Masterphican i create a read replica with external master on RDS?
gholmsDMS can do that to an extent.
jcrawfordif anyone has any ideas on what could cause this issue and can kindly post a reply I would appreciate it.
jcrawfordI am getting redirect loop on a dev beanstalk environment but it is setup exactly the same as the production environment which is working just fine
PrimerYes, what is this DMS
PrimerThis is one reason I'm not pursuing RDS for postgres. I require off-site replicas.
nutzzare there any limitations to the aws educate account. Like if I create an aws rds instance, will the up time of the instance be restricted in any way?
ChipzzI'm having a problem with my CloudFormation template. . When I delete line 163 (the SecurityGroups), it works, but with that line, I'm getting the following error: "Value () for parameter groupId is invalid. The value cannot be empty"
Chipzzany idea what I'm doing wrong?
catucaIf I reboot RDS with FailOver, will I experience any interruptions? Will the app not have DB access for some time?
en0xit usually takes a minute for the failover
en0xaccording to our tests so you will have an interruption for a minute
catucaIs there any way to reboot it and not have any DB interruption? We run it with Multi-AZ
cloudbudI m trying to describe the volumes in AWS but getting the following error in that Could not connect to the endpoint URL: ""
djmarlandHello. Can anyone help explain why this Cloudformation ( fails to deploy with the error "Value of property ResponseParameters must be an object with String (or simple type) properties"
lambais it possible to connect two vpc vpn's (different regions) to the same customer wan ip ? I'm having trouble doing so and i seem to remember there was some limit perhaps.
DeviaVirdjmarland: I think you're using that wrong
DeviaVir String: String
djmarlandDeviaVir: sorry I've changed it a few times since I first posted the question (trying to make it work)
DeviaVirdjmarland: so you tried "method.response.header.Content-Type": "integration.response.header.Content-Type" already?
djmarlandI've think I've discovered the problem. serverless framework seems to turn the valid yaml into JSON like this
djmarlandso it's breaking the period separated key down into a nested object. so it looks like a problem with serverless rather than cloudformation. but how to stop it from doing that...
djmarlandI guess this might not be the right channel for that query then
PrimerHas anyone here used any professional AWS consulting service? If so, care to recommend one?
PrimerI have a million questions, and I'm willing to pay someone for their undivided attention, as long as they're experienced in the field.
PrimerThis Cloudformation stuff seems rather...broken
finchdPrimer: you looking for one in your locale so they can visit in-person, or just want opinions on the APN partners?
gholmsIt certainly isn't approachable.
PrimerI've experienced many more failures than I have successes. Even the Cloudformer failed, and this is one of Amazon's things.
Primerfinchd: someone I can reach over the phone would suffice.
finchda buddy of mine runs his own, and he's looking for clients
Primerfinchd: I presume he has a web site? I'm willing to take a look.
doyleAm I doing something terrible by creating a subnet with cidr ? Range ??
finchdclassless cidrs aren't terrible, they just aren't very future-safe
doyleah, the future...
jonjits[m]is it possible to peer vpc1( with vpc2(
finchdjonjits[m]: well, is inside ?
doylejonjits[m], step one in peering is to assure your cidr's don't overlap...
finchdACTION forgets if 16 is or
doyleah, yes, /8 is 10.x.x.x, so /16 will be fine
jonjits[m]those two cidrs overlap?
finchdjonjits[m]: doyle just pointed out that they don't
gholmsACTION recommends getting used to CIDR notation, as you're only going to see more of them
jonjits[m]gholms: I thought I was
gholmsYou are. ;)
finchdyeah, but I don't normally need more than /24 of anything, and so many customers are just using defaults
jonjits[m]I thought those two networks would be peerable, but I can't seem to get them talking. I peered the default vpc successfully tho
jonjits[m]people use /24 for vpcs or subnets?
gholmsYeah, they should be peerable.
jonjits[m]so I guess I have a routing issue since I opened up the SGs/NACLs
finchddid the peering create on aws-side? next thing is route tables
gholmsIf I know everything can fit in them I usually go with /20s or /24s, yeah.
finchdsg/nacl doesn't matter until the routes exist
gholmsOnce you have the peering connections set up you have to update routing tables.
gholmsACTION <-- too slow
PrimerACTION sighs...
doyleJust commit to ipv6 and go
doyleabandon all tech that doesn't yet support it.
gholmsdoyle: VPC does not support going without IPv4.
doyleaw... abandon aws
gholmsIf it did I would have already done so to the greatest extent I could. :(
gholmsEliminating NAT is the best thing that has ever happened to my VPCs.
jonjits[m]gholms: why?
gholmsI don't have to pay attention to the divide between "public" and "private" addresses when I ignore ipv4.
gholmsThere are just addresses.
gholmsOh, and not caring about subnet sizes would sure be nice.
doyleThe subnet sizes are my battle right now
doylealways a pain
hydrajumpPrimer: are you looking for someone to help you create the cloudformation templates?
PrimerWell, I'm trying to get a cloudformation template to work. I started with the cloudformer app, had it make a template from my running VPC.
PrimerI've trimmed some stuff out of it, just keeps failing.
PrimerLots of trial and error
PrimerSo far the failures have been because of the fact that I'm running it in a different AZ
Primerso having to do stuff like s/us-east-1e/us-west-2c/g
JSeligsteinhey all. trying to run a local gamelift, but i am getting AmazonUnmarshallingException from a player session create event. am i doing something wrong here?
jscatalahello guys! ... i have a question about elbĀ“s healthchecks. If i setup my elb with 10 Unhealthy threshold, 90 s interval and 60s timeout, that means that in 25 min my instance should be tagged as unhealthy? i get that by 10*(90+60)/60 = 25... but seems that only takes less than 10 minutes based on the healthinstance counter... why? where i can find that explanation? thanks in advance
finchdI don't think the 60 is included
finchdso 10*90
finchdeach check waits 60, but checks aren't blocking
JSeligsteinhas anyone tried gamelift local?
finchddon't think so. that is pretty rare what with lumberyard and all
|aarontrying to push a cloudwatch event from an ec2 instance using the cli and im getting "<role'is not authorized to perform: events:PutEvents"
|aaronyet the role has a custom policy attached with PutEvents permission? im lost anyone know what could be wrong there