If you created a presigned URL by using a temporary token, then the URL expires when the token expires, even if you created the URL with a later expiration time. For more information about how the credentials you use affect the expiration time, see Who can create a presigned URL.
So you have to use regular IAM user instead of IAM role for service generating presigned urls..? :-/
— Permalink
Finally!
— Permalink
via nedim
— Permalink
draw.io aws shapes
— Permalink
from Rostan
— Permalink
"Create Amazon MemoryDB Cluster Instances#
You can create Amazon MemoryDB Clusters using the Cluster custom resource"
They really name their CRD "Cluster" ?? :facepalm:
]]>Aws documentation index, and for each product doc you can get a RSS feed
— Permalink
Note à moi même : il faut faire attention aux headers qu'on forward à l'origine dans ce cas précis car ça peut poser des problemes d'authent' entre cloudfront et le bucket s3
— Permalink
woot! ça va etre tres utile
— Permalink
Intéressant pour rapatrier plus vite les metrics aws cloudwatch dans datadog
— Permalink
they did it
— Permalink
docker exec into fargate container
— Permalink
To run a CLI command from within an Amazon Elastic Compute Cloud (Amazon EC2) instance or an Amazon Elastic Container Service (Amazon ECS) container, you can use an IAM role attached to the instance profile or the container. If you specify no profile or set no environment variables, that role is used directly. This enables you to avoid storing long-lived access keys on your instances. You can also use those instance or container roles only to get credentials for another role. To do this, you use credential_source (instead of source_profile) to specify how to find the credentials. The credential_source attribute supports the following values:
Environment – Retrieves the source credentials from environment variables.
Ec2InstanceMetadata – Uses the IAM role attached to the Amazon EC2 instance profile.
EcsContainer – Uses the IAM role attached to the Amazon ECS container.
]]>vs https://registry.terraform.io/modules/cloudposse/eks-workers/aws/latest
cluster : https://registry.terraform.io/modules/cloudposse/eks-cluster/aws/latest
— Permalink
Packaging docker pour lambda
— Permalink
Un container pour émuler en local l'api metadata et ainsi endosser un role
https://github.com/awslabs/amazon-ecs-local-container-endpoints
— Permalink
Gérer des resources aws avec un controller kube fourni par aws
— Permalink
Another simple solution would be to write a custom MIDDLEWARE which will give the response to ELB before the ALLOWED_HOSTS is checked. So now you don't have to load ALLOWED_HOSTS dynamically.
The middleware can be as simple as:
project/app/middleware.py
from django.http import HttpResponse
from django.utils.deprecation import MiddlewareMixin
class HealthCheckMiddleware(MiddlewareMixin):
def process_request(self, request):
if request.META["PATH_INFO"] == "/ping/":
return HttpResponse("pong")
settings.py
MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'app.middleware.HealthCheckMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
...
]
Django Middleware reference https://docs.djangoproject.com/en/dev/topics/http/middleware/
]]>https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-target-tracking.html
https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-monitoring.html#enable-as-instance-metrics
https://www.terraform.io/docs/providers/aws/r/appautoscaling_policy.html
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-auto-scaling.html
Pardefault les credentials temporaires donnés par un assume role sont valables 1h
C'est un peu juste en dev, pour augmenter cette periode :
1) dans le role en question, autoriser a demander +
2) au moment de faire le assume role en CLI, il faut passer un param pour demander +
— Permalink
For UDP traffic, the load balancer selects a target using a flow hash algorithm based on the protocol, source IP address, source port, destination IP address, and destination port. A UDP flow has the same source and destination, so it is consistently routed to a single target throughout its lifetime. Different UDP flows have different source IP addresses and ports, so they can be routed to different targets.
— Permalink
people are crazy
— Permalink
Your task definition contains a parameter that requires a specific container instance attribute that is not available on your container instances. For example, if your task uses the awsvpc network mode, but there are no instances in your specified subnets with the ecs.capability.task-eni attribute. For more information about which attributes are required for specific task definition parameters and agent configuration variables, see Task Definition Parameters and Amazon ECS Container Agent Configuration.
— Permalink