VPC | Vue Permission Control | State Container library

I am trying to connect an aws api gateway to a lambda function residing in a VPC then retrieve the secret manager to access a database using python code with boto3. The database and vpc endpoint were created in a private subnet.

I was trying to run a code and i had this error but cant identify the problem. i got the error message The CIDR '10.0.1.0/24' conflicts with another subnet (Service: AmazonEC2; Status Code: 400; Error Code: InvalidSubnet.Conflict; Request ID: e0de23a8-d921-475f-aadd-84dac3109664; Proxy: null)

I used the vpc module to create my VPC via the following code:

Recently got an email titled, "Important News from AWS About Amazon EC2-Classic" describing some changes that need to occur. These emails from AWS usually reference the effected resources though and this one did not. I am having a hard time identifying what resources in our account are effected by this. All our EC2 instances are in a VPC and I am not even sure if anything needs to change or not.

Is there a way to identify that an EC2 instance is classic?

I have looked through their linked documentation and gone through the instances we have but I cannot tell if they are "classic" of not.

I would like to connect to a Cloud SQL instance from Cloud Run, using a service account. The connection used to be created within the VPC and we would just provide a connection string with a user and a password to our PostgreSQL client. But now we want the authentication to be managed by Google Cloud IAM, with the service account associated with the Cloud Run service.

On my machine, I can use the enable_iam_login argument to use my own service account. The command to run the Cloud SQL proxy would look like this:

I am trying to access the content(json data) of a file which is passed as input artifacts to a script template. It is failing with the following error NameError: name 'inputs' is not defined. Did you mean: 'input'?

My artifacts are being stored in aws s3 bucket. I've also tried using environment variables instead of directly referring the artifacts directly in script template, but it is also not working.

Here is my workflow

I have an application running on my local machine that uses React -> gRPC-Web -> Envoy -> Go app and everything runs with no problems. I'm trying to deploy this using GKE Autopilot and I just haven't been able to get the configuration right. I'm new to all of GCP/GKE, so I'm looking for help to figure out where I'm going wrong.

I was following this doc initially, even though I only have one gRPC service: https://cloud.google.com/architecture/exposing-grpc-services-on-gke-using-envoy-proxy

From what I've read, GKE Autopilot mode requires using External HTTP(s) load balancing instead of Network Load Balancing as described in the above solution, so I've been trying to get that to work. After a variety of attempts, my current strategy has an Ingress, BackendConfig, Service, and Deployment. The deployment has three containers: my app, an Envoy sidecar to transform the gRPC-Web requests and responses, and a cloud SQL proxy sidecar. I eventually want to be using TLS, but for now, I left that out so it wouldn't complicate things even more.

When I apply all of the configs, the backend service shows one backend in one zone and the health check fails. The health check is set for port 8080 and path /healthz which is what I think I've specified in the deployment config, but I'm suspicious because when I look at the details for the envoy-sidecar container, it shows the Readiness probe as: http-get HTTP://:0/healthz headers=x-envoy-livenessprobe:healthz. Does ":0" just mean it's using the default address and port for the container, or does indicate a config problem?

I've been reading various docs and just haven't been able to piece it all together. Is there an example somewhere that shows how this can be done? I've been searching and haven't found one.

My current configs are:

I'm new to AWS and it's services. What I want to achieve is a multi-tenancy SaaS application. What my concept looks like: I use Cognito for user authentication. There all users no matter what tenant they belong to should use one frontend to login. For the tenant-recognition I use a custom attribute "custom:tenant" which I get from the JWT when the login is successful. For the applicantion itself I want to use VPCs and to ensure encapsulation each tenant should have their own VPC.

Example:

• User A of Tenant 1 login and gets back JWT with claim "custom:tenant":"1" should be routed to VPC 1
• User B of Tenant 2 login and gets back JWT with claim "custom:tenant":"2" should be routed to VPC 2

Now my question is: how do I achieve this routing from the success of the login to the appropriate VPC? Do I need further Services for that or where do I find these settings?

I have been hanging around with this problem for some time now and I can't solve it.

I'm launching an EC2 instance that runs a bash script and installs a few things. At the same time, I am also launching an RDS instance, but I need to be able to pass the value from the RDS endpoint to the EC2 instance to configure the connection.

I'm trying to do this using templatefile, like this