amazon-ec2 | WARNING : You probably do n't want this code | AWS library
kandi X-RAY | amazon-ec2 Summary
kandi X-RAY | amazon-ec2 Summary
WARNING : You probably don't want this code. Its archived and ancient and probably doesn't work. Try the official AWS Ruby SDK instead.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Determine if the request is valid
- Make HTTP request
- Creates an array of keys for an array of keys .
- Convert an array of hashes to an array of hashes .
- Appends a path to an array key path
- Initialize the response
- Extract user input data .
- Get the params for the given parameter .
amazon-ec2 Key Features
amazon-ec2 Examples and Code Snippets
Community Discussions
Trending Discussions on amazon-ec2
QUESTION
I have a Go service that needs to connect Keyspaces on AWS. My pod has a role and AWS_SECRET_ACCESS_KEY
, AWS_ACCESS_KEY_ID
and AWS_SESSION_TOKEN
env vars.
I want to use aws SDK v2. What credential provider should I use? ec2rolecreds
or other one (maybe stscreds
)?
I tried to implement example from here. But I get an error
...ANSWER
Answered 2022-Feb-08 at 00:26no EC2 IMDS role found, operation error ec2imds: GetMetadata, exceeded maximum number of attempts, 3, request send failed, Get \"http://169.254.169.254/latest/meta-data/iam/security-credentials/\": dial tcp 169.254.169.254:80: connect: host is down
Your snippet of code is attempting to use the EC2 instance meta-data service to read an IAM role to use. For that to work, you need to be able to communicate with it, and the role must be attached to the instance.
Is your Go service running on an EC2 instance? If not, that would explain your error. If it is, make sure the process or container has appropriate network access (eg: network namespace) to communicate with 169.254.169.254.
QUESTION
I'm trying to do CI/CD with aws CodeDeployand and GitHub Actions from , following this tutorial.
but the following error appears when trying to create the deploy:
...ANSWER
Answered 2022-Jan-23 at 10:44You have to add codedeploy:CreateDeployment
permissions for church-managment-bff-s3
user. You can do this as an inline policy for the user in aws console:
QUESTION
I'm having s3 endpoint grief. When my instances initialize they can not install docker. Details:
I have ASG instances sitting in a VPC with pub and private subnets. Appropriate routing and EIP/NAT is all stitched up.Instances in private subnets have outbouond 0.0.0.0/0 routed to NAT in respective public subnets. NACLs for public subnet allow internet traffic in and out, the NACLs around private subnets allow traffic from public subnets in and out, traffic out to the internet (and traffic from s3 cidrs in and out). I want it pretty locked down.
- I have DNS and hostnames enabled in my VPC
- I understand NACLs are stateless and have enabled IN and OUTBOUND rules for s3 amazon IP cidr blocks on ephemeral port ranges (yes I have also enabled traffic between pub and private subnets)
- yes I have checked a route was provisioned for my s3 endpoint in my private route tables
- yes I know for sure it is the s3 endpoint causing me grief and not another blunder -> when I delete it and open up my NACLs I can yum update and install docker (as expected) I am not looking for suggestions that require opening up my NACLs, I'm using a VPC gateway endpiont because I want to keep things locked down in the private subnets. I mention this because similar discussions seem to say 'I opened 0.0.0.0/0 on all ports and now x works'
- Should I just bake an AMI with docker installed? That's what I'll do if I can't resolve this. I really wanted to set up my networking so everything is nicely locked down and feel like it should be pretty straight forward utilizing endpoints. Largely this is a networking exercise so I would rather not do this because it avoids solving and understanding the problem.
- I know my other VPC endpoints work perfectly -> Auto-scaling service interface endpoint is performing (I can see it scaling down instances as per the policy), SSM interface endpoint allowing me to use session manager, and ECR endpoint(s) are working in conjunction with s3 gateway endpoint (s3 gateway endpoint is required because image layers are in s3) -> I know this works because if I open up NACLS and delete my s3 endpoint and install docker, then lock everything down again, bring back my s3 gatewayendpoint I can successfully pull my ECR images. SO the s3 gateway endpoint is fine for accessing ecr image layers, but not amazon-linux-extra repos.
- SGs attached to instances are not the problem (instances have default outbound rule)
- I have tried adding increasingly generous policies to my s3 endpoint as I have seen in this 7 year old thread and thought this had to do the trick (yes I subbed my region correctly)
- I strongly feel the solution lies with the s3 gateway policy as discussed in this thread, however have had little luck with my increasingly desperate policies.
Amazon EC2 instance can't update or use yum
another s3 struggle with resolution:
I have tried:
...ANSWER
Answered 2021-Sep-21 at 08:22By the looks of it, you are well aware of what you are trying to achieve. Even though you are saying that it is not the NACLs, I would check them one more time, as sometimes one can easily overlook something minor. Take into account the snippet below taken from this AWS troubleshooting article and make sure that you have the right S3 CIDRs in your rules for the respective region:
Make sure that the network ACLs associated with your EC2 instance's subnet allow the following: Egress on port 80 (HTTP) and 443 (HTTPS) to the Regional S3 service. Ingress on ephemeral TCP ports from the Regional S3 service. Ephemeral ports are 1024-65535. The Regional S3 service is the CIDR for the subnet containing your S3 interface endpoint. Or, if you're using an S3 gateway, the Regional S3 service is the public IP CIDR for the S3 service. Network ACLs don't support prefix lists. To add the S3 CIDR to your network ACL, use 0.0.0.0/0 as the S3 CIDR. You can also add the actual S3 CIDRs into the ACL. However, keep in mind that the S3 CIDRs can change at any time.
Your S3 endpoint policy looks good to me on first look, but you are right that it is very likely that the policy or the endpoint configuration in general could be the cause, so I would re-check it one more time too.
One additional thing that I have observed before is that depending on the AMI you use and your VPC settings (DHCP options set, DNS, etc) sometimes the EC2 instance cannot properly set it's default region in the yum config. Please check whether the files awsregion
and awsdomain
exist within the /etc/yum/vars
directory and what's their content. In your use case, the awsregion should have:
QUESTION
Could anyone advise on how I can auto-mount an EBS volume created using terraform and make it available on /custom
...ANSWER
Answered 2021-May-27 at 13:55As you can to see, your SO reads "nvme1n1" as name of device (not "/dev/sdd").
So, you could apply an user_data with the cloud-init instructions for your EC2 instance:
QUESTION
I am pretty new to AWS, so please bear with me. I would like to deploy this application into AWS. I had no problems running locally, but now I am little bit overwhelmed with the offered services. I dont need large storage, I dont use database, I simply need just a server. Is there any reason for me to consider Beanstalk or is it okay to use simple EC2? From what I have read in this answer, it looks like Beanstalk adds a lot of useless stuff I would not ever use. Thanks for all your inputs.
...ANSWER
Answered 2021-Apr-28 at 07:14Personally, I would recommend using AWS EC2 to deploy your app because of the flexibility offered by EC2. They offered the free tier, so you can try and play around with the environment. The EC2 instance is a remote Linux machine, so you can configure it as much as you like and very flexible.
If you have dockerize your app, you just simply need to copy the docker instance to your EC2 instance and simply host your server there. If you don't dockerize your app, you can just fetch from your repository and download all the dependencies first and your app should work just fine.
QUESTION
I'm aware that the spot service will manage a spot instance and stop or start it based on whether the price matches or capacity is available as per https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html#specifying-spot-interruption-behavior
And https://aws.amazon.com/about-aws/whats-new/2020/01/amazon-ec2-spot-instances-stopped-started-similar-to-on-demand-instances/
mentions now it's possible to manually stop or start a spot instance.
I'm confused if I stop a spot instance manually, will the spot service start it again whenever the price/capacity requirements are met?
Or would it stop monitoring the instance till I manually start the spot instance again?
ANSWER
Answered 2021-Apr-19 at 01:36To answer your question, there are 2 kinds of request. 1) one time request 2) persistent request.
one-time-request:- manually you can only terminate instance
, you cannot stop it.Once you terminate instance the request goes away.
persistent-request:- In case of persistent request, it will automatically launch an instance when you manually terminate the instance
, but if you stop it manually then you need to manually start it again. spot instance will not start for you automatically.docs
If the request is persistent, the request is opened again after your Spot Instance is interrupted( interruption by aws). If the request is persistent and you stop your Spot Instance, the request only opens after you start your Spot Instance.
Please NOTE
You can only stop/ start instance which is launched from persistent request and which not a part of fleet or launch group, Availability Zone group, or Spot block. docs when you stop the instance the request goes into disabled state.
QUESTION
today I start to play around with ansible, amazon-ec2 and ebs. After the automation for the provisioning of a new ec2-instance with ubuntu works I try attach an additional volume to an instance by extend my command as follow:
...ANSWER
Answered 2021-Mar-15 at 01:08It depends on the underlying virtualization, and almost all the modern ones use HVM
; on those virtual machines, the devices are renamed by the kernel as described in the fine manual
One will want to similarly exercise caution about using NVMe devices, as they also get their own device nomenclature.
Thankfully, the ansible setup:
module (or gather_facts: yes
) will enumerate all available disks on the machine and make them available along with helpful metadata in the ansible_devices
facts dict
, which usually includes the AWS EBS volume-id in the symlinks
QUESTION
I have an EC2 linux2 instance containing dokcer compose. I want the instance to start the docker service, navigate to the correct folder, and then run docker-compose up -d, three simple lines, every time the instance start:
...ANSWER
Answered 2020-Jul-29 at 12:55entering this to the user data when the instance is stopped should work
The first attempt will sadly not work. This is because UserData
executes only when a new instance is launched.
When I paste my three lines instead of the hello world line, only the first one
The second attempt fails because this script runs as root
in /
folder (root of the filesystem). So unless your APP is in /APP
, this will not work.
QUESTION
I'm trying to make HTTP requests from an EC2 instance running Node.js inside elastic beanstalk to AWS Elastic Search (for insertions/index deletions/queries etc.). My issue is with the way AWS handles authentication.
There is no SDK for querying/updating etc. the documents inside elastic search indices. (There is one for managing the domain). Their recommended way to sign the requests is given here. In short, they use the AWS.Signers.V4 class to add the credentials to the HTTP headers, and they require the access key, secret key and session token.
The EC2 instance I'm working with does not store credentials in the environment (decision not in my hands) or in the file, which is how I was getting the credentials on my machine. It already has the correct role to access the elastic search node, I need the best way to extract the three credentials (access key, secret key and session token) since they are passed as an argument to the addAuthorization method. I tried logging the CredentialProviderChain but none of the providers had any stored credentials. Logging this locally shows both the environment variable and shared credentials file with the correct credentials as expected. I was told I should not use the assume role API (which does return the credentials), and it didn't make sense to me either since I was assuming a role the EC2 already had lol
I came across this method for retrieving instance metadata, including the security credentials. Is this my best option? Or is there an alternative I haven't considered? I'm not too thrilled about this since I'd have to add some logic to check if the process is running in the EC2 instance (so I can test locally when it's not) so it's not as clean a solution as I was expecting and I want to make sure I've explored all possibilities.
P.S. How do AWS SDKs handle authentication? I think I'd have the best chance of getting my changes approved if I use the same approach AWS uses, since elastic search is the only service we have to manually sign requests for. All the others get handled by the SDK.
...ANSWER
Answered 2020-Jul-14 at 05:23The easiest and a very good practice is to use SSM. System Manager has a Parameter Store and it lets you save encrypted credentials. Then all you need to do is assign an IAM Role to the EC2 with a Policy to access SSM or just edit the existing Role and give Full-SSM access to get it going then lock it down to Least Privilege.
but wouldn't that be an issue when our credentials change often? Wouldn't we have to update those every time our credentials expired?
IAM users have rotating passwords, you need a service account password.
By default the EC2 has access to somethings because when you spin one up you have to assign the EC2 with an IAM role. Also, most EC2 AMI's come with the AWS CLI & SDK installed, so you can straight away fetch SSM Parameter store values. Here is some Python to demo:
QUESTION
I have currently deployed the React and Node.js on nginx which sits on AWS . I have no issues in deployment and no errors.
The current environment is: PRODUCTION.
But I have a doubt whether the method I follow is right or wrong. This is the method I followed, https://jasonwatmore.com/post/2019/11/18/react-nodejs-on-aws-how-to-deploy-a-mern-stack-app-to-amazon-ec2
The following is my nginx configuration
...ANSWER
Answered 2020-Jul-08 at 15:50Just like everything else, there are multiple ways to go about this. Depending on the way you have ended the question looks like you are open to exploring them.
Here are my preferences depending on the increasing order of responsibilities on my side vs what AWS handles for me:
Given that you are already using React and Node, this will be a relatively easy switch. Amplify is a not only a set of very useful frontend framework by makeing it easy to add functionalities like Authentication, Social Logins, Rotating API keys (via Cognito and API Gateway) etc but also backend logic that can be eventually deployed on AWS ApiGateway and AWS Lambda. Not only this but AMplify also provides a CICD pipeline and connects with Gothub.
In minutes, you can have a scalable service, with opetion to host frontend via AWS CloudFront, a global CDN service or via S3 hosting, deploy the API via ApiGateway and Lambda, have a CICD pipeline setup via AWS CodeDeploy and Code Build and also have user management via AWS Cognito. You can have multiple enviornments dev, test, beta etc and have it setup such that any push to the master branch is automatically deployed on the infra, and so on and so forth other branches being mapeed to specific enviornment. To top it all off, the same stack can be used to test and develop locally.
If you are rather tied down to use a specific service or function in a specific way, you can build up any of the combination of the above services. API Gateway for managing API, Cognito for user management, Lambda for compute capacity etc. Rememebr, these are managed services so you offload a lot of engineering hours to AWS and being serverles means you are paying for what you use.
Comming to the example you have shared, you don't want your node process to be responsible of serving static assets - its a waste of the compute power as there is no intelligence attached to serving JS, CSS or images and also because in that case you introduce a new process in the loop. Instead have NGINX serve static assets itself. Refer this official guide or this StackOverflow answer.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install amazon-ec2
On a UNIX-like operating system, using your system’s package manager is easiest. However, the packaged Ruby version may not be the newest one. There is also an installer for Windows. Managers help you to switch between multiple Ruby versions on your system. Installers can be used to install a specific or multiple Ruby versions. Please refer ruby-lang.org for more information.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page