Search: [aws] - Arnaud's links

4339 links

Links per page: 20 50 100

◄Older

page 1 / 2

157 results tagged aws x

Assign more IP addresses to Amazon EKS nodes with prefixes - Amazon EKS
August 27, 2025 at 1:23:59 PM GMT+2 * - permalink - - https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html

aws cni prefix
aws/amazon-ec2-spot-interrupter: The ec2-spot-interrupter is a simple CLI tool that triggers Amazon EC2 Spot Interruption Notifications and Rebalance Recommendations.
April 14, 2024 at 11:42:33 AM GMT+2 - permalink - - https://github.com/aws/amazon-ec2-spot-interrupter

aws ec2 karpenter spot tools
Bucket - ACK
February 12, 2024 at 1:43:05 PM GMT+1 - permalink - - https://aws-controllers-k8s.github.io/community/reference/s3/v1alpha1/bucket/

ack aws s3
Predefined SSL security policies for Classic Load Balancers - Elastic Load Balancing
February 7, 2024 at 11:34:41 AM GMT+1 - permalink - - https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html

aws policy ssl
Working with presigned URLs - Amazon Simple Storage Service

If you created a presigned URL by using a temporary token, then the URL expires when the token expires, even if you created the URL with a later expiration time. For more information about how the credentials you use affect the expiration time, see Who can create a presigned URL.

So you have to use regular IAM user instead of IAM role for service generating presigned urls..? :-/
August 12, 2023 at 10:53:10 AM GMT+2 - permalink - - https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-presigned-url.html#who-presigned-url

aws iam presigned s3
Network Load Balancer now supports security groups

Finally!
August 12, 2023 at 10:51:38 AM GMT+2 - permalink - - https://aws.amazon.com/fr/about-aws/whats-new/2023/08/network-load-balancer-supports-security-groups/

aws nlb
TierMobility/codeartifact-dependabot-sync
- https://tier.engineering/Dependabot-CodeArtifact-Sync
April 3, 2023 at 2:52:26 PM GMT+2 - permalink - - https://github.com/TierMobility/codeartifact-dependabot-sync

aws codeartifact dependabot github sync
iam-policy-json-to-terraform - Easily convert AWS IAM policies to Terraform HCL

via nedim
November 24, 2022 at 9:33:44 AM GMT+1 * - permalink - - https://flosell.github.io/iam-policy-json-to-terraform/

aws hcl iam json terraform
https://github.com/m-radzikowski/diagrams-aws-icons

draw.io aws shapes
September 8, 2022 at 9:09:20 AM GMT+2 - permalink - - https://github.com/m-radzikowski/diagrams-aws-icons

aws dessin draw
Steampipe | select * from cloud;

from Rostan
August 10, 2022 at 10:02:44 AM GMT+2 - permalink - - https://steampipe.io/

aws sql
Create a managed Amazon MemoryDB for Redis Cluster using the ACK MemoryDB Controller - ACK

"Create Amazon MemoryDB Cluster Instances#

You can create Amazon MemoryDB Clusters using the Cluster custom resource"

They really name their CRD "Cluster" ?? :facepalm:
April 16, 2022 at 11:03:14 AM GMT+2 - permalink - - https://aws-controllers-k8s.github.io/community/docs/tutorials/memorydb-example/

aws crd memorydb redis
AWS Documentation

Aws documentation index, and for each product doc you can get a RSS feed
March 4, 2022 at 7:43:37 AM GMT+1 - permalink - - https://docs.aws.amazon.com/index.html

aws doc index
Restricting access to Amazon S3 content by using an origin access identity (OAI) - Amazon CloudFront

Note à moi même : il faut faire attention aux headers qu'on forward à l'origine dans ce cas précis car ça peut poser des problemes d'authent' entre cloudfront et le bucket s3
January 4, 2022 at 3:15:11 PM GMT+1 - permalink - - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#private-content-origin-access-identity-signature-version-4

aws cloudfront
Features - LocalStack
November 22, 2021 at 2:03:54 PM GMT+1 * - permalink - - https://localstack.cloud/features/

aws cloud dev local
Sharing an object with a presigned URL - Amazon Simple Storage Service
August 11, 2021 at 3:02:48 PM GMT+2 - permalink - - https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html

aws s3 share
Default Tags in the Terraform AWS Provider

woot! ça va etre tres utile
May 17, 2021 at 9:39:54 AM GMT+2 - permalink - - https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider?s=09

aws tag terraform
Collect Amazon CloudWatch Metrics Faster With Datadog Using CloudWatch Metric Streams | Datadog

Intéressant pour rapatrier plus vite les metrics aws cloudwatch dans datadog
May 10, 2021 at 10:06:40 AM GMT+2 - permalink - - https://www.datadoghq.com/blog/amazon-cloudwatch-metric-streams-datadog/?mkt_tok=ODc1LVVWWS02ODUAAAF85oycJAszSM9iHzDSr4C0X29JUnHtE1fmtLO0QEfzsn1WTY0rME_PzPJgZsYhP7KRjF4XxG0qga9nbVIcB1bzkued2ix_pJfImXlrE2AkUr6gu6o

aws datadog
Introducing OpenSearch | AWS Open Source Blog

they did it
April 15, 2021 at 10:16:43 AM GMT+2 - permalink - - https://aws.amazon.com/fr/blogs/opensource/introducing-opensearch/

aws elasticsearch es opensearch
NEW – Using Amazon ECS Exec to access your containers on AWS Fargate and Amazon EC2 | Containers

docker exec into fargate container
April 6, 2021 at 10:35:46 AM GMT+2 - permalink - - https://aws.amazon.com/blogs/containers/new-using-amazon-ecs-exec-access-your-containers-fargate-ec2/

aws ecs fargate
Using an IAM role in the AWS CLI - AWS Command Line Interface
To run a CLI command from within an Amazon Elastic Compute Cloud (Amazon EC2) instance or an Amazon Elastic Container Service (Amazon ECS) container, you can use an IAM role attached to the instance profile or the container. If you specify no profile or set no environment variables, that role is used directly. This enables you to avoid storing long-lived access keys on your instances. You can also use those instance or container roles only to get credentials for another role. To do this, you use credential_source (instead of source_profile) to specify how to find the credentials. The credential_source attribute supports the following values:
```
Environment – Retrieves the source credentials from environment variables.

Ec2InstanceMetadata – Uses the IAM role attached to the Amazon EC2 instance profile.

EcsContainer – Uses the IAM role attached to the Amazon ECS container.
```
March 22, 2021 at 11:20:35 AM GMT+1 - permalink - - https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html

aws credentials profile
cloudposse/eks-node-group/aws | Terraform Registry

vs https://registry.terraform.io/modules/cloudposse/eks-workers/aws/latest

cluster : https://registry.terraform.io/modules/cloudposse/eks-cluster/aws/latest
March 2, 2021 at 3:19:39 PM GMT+1 * - permalink - - https://registry.terraform.io/modules/cloudposse/eks-node-group/aws/latest

aws eks k8s terraform
Creating Lambda container images - AWS Lambda

Packaging docker pour lambda
February 23, 2021 at 10:33:39 AM GMT+1 - permalink - - https://docs.aws.amazon.com/lambda/latest/dg/images-create.html

aws docker lambda
A Guide to Locally Testing Containers with Amazon ECS Local Endpoints and Docker Compose | AWS Compute Blog

Un container pour émuler en local l'api metadata et ainsi endosser un role
https://github.com/awslabs/amazon-ecs-local-container-endpoints
October 16, 2020 at 5:48:54 PM GMT+2 - permalink - - https://aws.amazon.com/blogs/compute/a-guide-to-locally-testing-containers-with-amazon-ecs-local-endpoints-and-docker-compose/

aws dev local metadata
Introducing the AWS Controllers for Kubernetes (ACK) | Containers

Gérer des resources aws avec un controller kube fourni par aws
August 31, 2020 at 10:04:55 AM GMT+2 - permalink - - https://aws.amazon.com/blogs/containers/aws-controllers-for-kubernetes-ack/

aws controller k8s
GitHub - cycloidio/inframap: Read your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.
July 17, 2020 at 10:06:28 AM GMT+2 - permalink - - https://github.com/cycloidio/inframap

aws graph terraform
Monitoring the Health of ECS Service Deployments - Aaron Kaz Kaczmarek - Medium
June 26, 2020 at 6:18:26 PM GMT+2 - permalink - - https://medium.com/@aaron.kaz.music/monitoring-the-health-of-ecs-service-deployments-baeea41ae737

aws ecs
GitHub - django-ses/django-ses: A Django email backend for Amazon's Simple Email Service
June 15, 2020 at 3:21:02 PM GMT+2 - permalink - - https://github.com/django-ses/django-ses

aws django mail ses
AWS ALB Authentication with OKTA OIDC using Terraform
June 15, 2020 at 2:17:12 PM GMT+2 - permalink - - https://medium.com/swlh/aws-alb-authentication-with-okta-oidc-using-terraform-902cd8289db4

alb aws okta
Django ALLOWED_HOSTS for Amazon ELB - Stack Overflow

Another simple solution would be to write a custom MIDDLEWARE which will give the response to ELB before the ALLOWED_HOSTS is checked. So now you don't have to load ALLOWED_HOSTS dynamically.

The middleware can be as simple as:

project/app/middleware.py

from django.http import HttpResponse
from django.utils.deprecation import MiddlewareMixin

class HealthCheckMiddleware(MiddlewareMixin):
def process_request(self, request):
if request.META["PATH_INFO"] == "/ping/":
return HttpResponse("pong")

settings.py

MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'app.middleware.HealthCheckMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
...
]

Django Middleware reference https://docs.djangoproject.com/en/dev/topics/http/middleware/
June 10, 2020 at 4:54:02 PM GMT+2 - permalink - - https://stackoverflow.com/questions/35858040/django-allowed-hosts-for-amazon-elb

alb aws django elb
Apache Hadoop Amazon Web Services support – Working with IAM Assumed Roles
April 22, 2020 at 5:23:26 PM GMT+2 - permalink - - https://hadoop.apache.org/docs/current/hadoop-aws/tools/hadoop-aws/assumed_roles.html

assume aws hadoop python role spark
Scaling containers in AWS :: Vlad Ionescu
April 12, 2020 at 6:16:09 PM GMT+2 - permalink - - https://www.vladionescu.me/posts/scaling-containers-in-aws.html

aws benchmark ecs eks
GitHub - cronyo/cronyo: The missing cron CLI for AWS Cloudwatch and Lambda
February 9, 2020 at 10:20:42 AM GMT+1 - permalink - - https://github.com/cronyo/cronyo

aws cron lambda
Placement Groups - Amazon Elastic Compute Cloud
January 9, 2020 at 11:55:43 AM GMT+1 - permalink - - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html#placement-groups-spread

aws placement
GitHub - Sceptre/sceptre: Build better AWS infrastructure
January 8, 2020 at 11:40:53 AM GMT+1 - permalink - - https://github.com/Sceptre/sceptre

aws cloudformation
Access S3 using Pyspark by assuming an AWS role. - Leyth Gorgeis - Medium
January 3, 2020 at 3:16:08 PM GMT+1 - permalink - - https://medium.com/@leythg/access-s3-using-pyspark-by-assuming-an-aws-role-9558dbef0b9e

aws role s3 spark
AWS Extend Switch Roles – Get this Extension for 🦊 Firefox (en-US)
December 30, 2019 at 3:11:13 PM GMT+1 - permalink - - https://addons.mozilla.org/en-US/firefox/addon/aws-extend-switch-roles3/

aws firefox
Vers un monde sans bastion | Le Blog Amazon Web Services
December 17, 2019 at 9:19:57 PM GMT+1 - permalink - - https://aws.amazon.com/fr/blogs/france/vers-un-monde-sans-bastion/

aws ssm
Identify Unintended Resource Access with AWS Identity and Access Management (IAM) Access Analyzer | AWS News Blog
December 3, 2019 at 9:41:36 AM GMT+1 - permalink - - https://aws.amazon.com/fr/blogs/aws/identify-unintended-resource-access-with-aws-identity-and-access-management-iam-access-analyzer/

audit aws iam
Application Load Balancer Adds Support for New RequestCountPerTarget CloudWatch Metric

https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-target-tracking.html
https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-monitoring.html#enable-as-instance-metrics
https://www.terraform.io/docs/providers/aws/r/appautoscaling_policy.html
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-auto-scaling.html
November 21, 2019 at 1:41:47 PM GMT+1 - permalink - - https://aws.amazon.com/fr/about-aws/whats-new/2017/07/application-load-balancer-adds-support-for-new-requestcountpertarget-cloudwatch-metric/

autoscaling aws
Using IAM Roles - AWS Identity and Access Management

Pardefault les credentials temporaires donnés par un assume role sont valables 1h
C'est un peu juste en dev, pour augmenter cette periode :
1) dans le role en question, autoriser a demander +
2) au moment de faire le assume role en CLI, il faut passer un param pour demander +
November 20, 2019 at 3:59:06 PM GMT+1 - permalink - - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session

assume aws role
What Is a Network Load Balancer? - Elastic Load Balancing

For UDP traffic, the load balancer selects a target using a flow hash algorithm based on the protocol, source IP address, source port, destination IP address, and destination port. A UDP flow has the same source and destination, so it is consistently routed to a single target throughout its lifetime. Different UDP flows have different source IP addresses and ports, so they can be routed to different targets.
October 29, 2019 at 6:31:41 PM GMT+1 - permalink - - https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html

aws nlb udp
ElastiCache for Redis Terminology - Amazon ElastiCache for Redis
October 23, 2019 at 9:09:25 AM GMT+2 - permalink - - https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.Terms.html

aws elasticache redis
GitHub - localstack/localstack: 💻 A fully functional local AWS cloud stack. Develop and test your cloud & Serverless apps offline!

people are crazy
October 21, 2019 at 3:39:39 PM GMT+2 - permalink - - https://github.com/localstack/localstack

aws dev local
Using Terraform for zero downtime updates of an Auto Scaling group in AWS
October 17, 2019 at 11:32:39 AM GMT+2 - permalink - - https://medium.com/@endofcake/using-terraform-for-zero-downtime-updates-of-an-auto-scaling-group-in-aws-60faca582664

asg aws terraform
Cloud/AmazonEC2Image/Buster - Debian Wiki
October 17, 2019 at 11:32:18 AM GMT+2 - permalink - - https://wiki.debian.org/Cloud/AmazonEC2Image/Buster

ami aws buster debian
Tutorial: Specifying Sensitive Data Using Secrets Manager Secrets - Amazon Elastic Container Service
September 13, 2019 at 4:42:13 PM GMT+2 - permalink - - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-tutorial.html

aws ecs secrets
GitHub - silinternational/ecs-deploy: Simple shell script for initiating blue-green deployments on Amazon EC2 Container Service (ECS)
September 13, 2019 at 4:40:07 PM GMT+2 * - permalink - - https://github.com/silinternational/ecs-deploy

aws ecs fargate
Introduction | eksctl
September 11, 2019 at 2:59:35 PM GMT+2 - permalink - - https://eksctl.io/

aws eks
GitHub - jkehler/awslambda-psycopg2
September 2, 2019 at 11:05:19 AM GMT+2 * - permalink - - https://github.com/jkehler/awslambda-psycopg2

aws lambda postgresql psycopg2 python
GitHub - claranet/terraform-aws-lambda: Terraform module for AWS Lambda functions
September 2, 2019 at 9:53:13 AM GMT+2 - permalink - - https://github.com/claranet/terraform-aws-lambda

aws lambda terraform
Working with GPUs on Amazon ECS - Amazon Elastic Container Service
August 21, 2019 at 5:55:26 PM GMT+2 - permalink - - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-gpu.html

aws gpu
API failures Error Messages - Amazon Elastic Container Service

Your task definition contains a parameter that requires a specific container instance attribute that is not available on your container instances. For example, if your task uses the awsvpc network mode, but there are no instances in your specified subnets with the ecs.capability.task-eni attribute. For more information about which attributes are required for specific task definition parameters and agent configuration variables, see Task Definition Parameters and Amazon ECS Container Agent Configuration.
August 21, 2019 at 4:29:09 PM GMT+2 - permalink - - https://docs.amazonaws.cn/en_us/AmazonECS/latest/developerguide/api_failures_messages.html

aws ecs
Jerry Hargrove | History of Amazon Web Services

SQS first service :|
August 15, 2019 at 2:03:03 PM GMT+2 - permalink - - https://www.awsgeek.com/pages/AWS-History/

aws history
Note: ssm links

https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html

https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-sessions-start.html#sessions-start-ssh

https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-enable-ssh-connections.html
August 10, 2019 at 1:43:30 PM GMT+2 - permalink - - https://links.infomee.fr/?Hgv05w

aws ssm
Managing PostgreSQL users and roles | AWS Database Blog

A faire en superuser:

-- Revoke privileges from 'public' role
REVOKE CREATE ON SCHEMA public FROM PUBLIC;
REVOKE ALL ON DATABASE mydatabase FROM PUBLIC;

-- Create schema
CREATE SCHEMA myschema

-- Read-only role
CREATE ROLE readonly;
GRANT CONNECT ON DATABASE mydatabase TO readonly;
GRANT USAGE ON SCHEMA myschema TO readonly;
GRANT SELECT ON ALL TABLES IN SCHEMA myschema TO readonly;
ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT SELECT ON TABLES TO readonly;

-- Read/write role
CREATE ROLE readwrite;
GRANT CONNECT ON DATABASE mydatabase TO readwrite;
GRANT USAGE, CREATE ON SCHEMA myschema TO readwrite;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA myschema TO readwrite;
ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO readwrite;
GRANT USAGE ON ALL SEQUENCES IN SCHEMA myschema TO readwrite;
ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT USAGE ON SEQUENCES TO readwrite;

-- Users creation
CREATE USER reporting_user1 WITH PASSWORD 'some_secret_passwd';
CREATE USER reporting_user2 WITH PASSWORD 'some_secret_passwd';
CREATE USER app_user1 WITH PASSWORD 'some_secret_passwd';
CREATE USER app_user2 WITH PASSWORD 'some_secret_passwd';

-- Grant privileges to users
GRANT readonly TO reporting_user1;
GRANT readonly TO reporting_user2;
GRANT readwrite TO app_user1;
GRANT readwrite TO app_user2;
August 3, 2019 at 4:10:30 PM GMT+2 * - permalink - - https://aws.amazon.com/fr/blogs/database/managing-postgresql-users-and-roles/

aws postgresql rds
AWS Fargate Pricing Calculator

0,25 vCPU + 0,5GB = 9,010$ (1 month)
July 23, 2019 at 6:25:07 PM GMT+2 - permalink - - http://fargate-pricing-calculator.site.s3-website-us-east-1.amazonaws.com/

aws fargate
Terraform: terraform_remote_state - Terraform by HashiCorp
July 12, 2019 at 1:54:34 PM GMT+2 - permalink - - https://www.terraform.io/docs/providers/terraform/d/remote_state.html

aws data terraform
Announcing Amazon VPC Traffic Mirroring for Amazon EC2 Instances
July 3, 2019 at 3:39:40 PM GMT+2 - permalink - - https://aws.amazon.com/about-aws/whats-new/2019/06/announcing-amazon-vpc-traffic-mirroring-for-amazon-ec2-instances/

aws mirror network
AWS Systems Manager Session Manager - AWS Systems Manager

interessant
June 28, 2019 at 10:44:14 AM GMT+2 - permalink - - https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html

aws ssh ssm
Secure your instances with multi-factor authentication | AWS Startups Blog
June 12, 2019 at 6:18:16 PM GMT+2 - permalink - - https://aws.amazon.com/fr/blogs/startups/securing-ssh-to-amazon-ec2-linux-hosts/

aws mfa ssh
Tutorial: Delegate Access Across AWS Accounts Using IAM Roles - AWS Identity and Access Management

Gestion multi compte aws
May 30, 2019 at 10:50:22 PM GMT+2 - permalink - - https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

account aws
GitHub - mlabouardy/komiser: Cloud Environment Inspector 👮
May 20, 2019 at 4:52:41 PM GMT+2 - permalink - - https://github.com/mlabouardy/komiser

aws cost
cni-ipvlan-vpc-k8s/README.md at master · lyft/cni-ipvlan-vpc-k8s · GitHub
May 14, 2019 at 10:56:36 PM GMT+2 - permalink - - https://github.com/lyft/cni-ipvlan-vpc-k8s/blob/master/README.md

aws cni k8s
AWS re:Invent 2014 | (DEV307) Introduction to Version 3 of the AWS SDK for Python (Boto) - YouTube
May 12, 2019 at 8:30:08 PM GMT+2 - permalink - - https://www.youtube.com/watch?v=Cb2czfCV4Dg

aws boto3 python
Amazon S3 Path Deprecation Plan – The Rest of the Story | AWS News Blog
May 9, 2019 at 1:56:24 PM GMT+2 - permalink - - https://aws.amazon.com/fr/blogs/aws/amazon-s3-path-deprecation-plan-the-rest-of-the-story/

aws s3
Note: EKS max pods by EC2
Le nombre de pods par worker node dépend du type d'EC2 utilisé qui détermine combien d'interfaces secondaires on a à notre disposition et de combien d'ips sur chaque interfaces on peut allouer.

Exemple avec une t2.small, on a 2 interfaces secondaires et sur chacune on peut allouer 4 ips. On peut donc lancer 8 pods maximum sur une t2.small

Il faut aussi savoir qu'un cluster EKS va faire tourner de base quelques pods :
- un deployment pour coredns avec un replicaset=2 par défaut
- un daemonset spécifique à aws (awsnode)
- un daemonset pour le kubeproxy
Ce qui équivaut à 2 pods occupés sur chaque worker node (à cause des deux daemonset) et 2 pod supplémentaire lancé sur la totalité du cluster (pour coredns).

Il faut aussi compter un pod pour le dashboard, un pod pour le metrics-server et surement 2 pods pour l'external-dns, sans compter les ingress

Tout ça pour dire que ce n'est pas facile d'avoir un "petit" cluster EKS : on va vite être limité par le nombre d'ip qui est assez faible sur les EC2 les plus modestes et on va vite être obligé de lancer des EC2 supplémentaire juste pour avoir des ip
February 24, 2019 at 5:27:40 PM GMT+1 - permalink - - https://links.infomee.fr/?j-DVoQ

aws eks k8s
Secrets Management within AWS ECS – Hacker Noon

olded by https://docs.aws.amazon.com/fr_fr/AmazonECS/latest/developerguide/specifying-sensitive-data.html
January 17, 2019 at 11:45:13 AM GMT+1 * - permalink - - https://hackernoon.com/secrets-management-within-aws-ecs-1b6975819ccd

aws docker ecs secret ssm
What is Amazon Elastic Container Service? - Amazon Elastic Container Service
November 15, 2018 at 9:11:33 AM GMT+1 - permalink - - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html

aws docker ecs
What Is Amazon VPC? - Amazon Virtual Private Cloud
November 15, 2018 at 9:10:53 AM GMT+1 - permalink - - https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html

aws network vpc
awslabs/amazon-ecr-credential-helper: Automatically gets credentials for Amazon ECR on docker push/docker pull
September 20, 2018 at 4:26:36 PM GMT+2 - permalink - - https://github.com/awslabs/amazon-ecr-credential-helper

aws ecr
AWS vs Azure vs Google vs IBM vs Oracle vs Alibaba | A detailed comparison and mapping between various cloud services
August 10, 2018 at 1:25:21 PM GMT+2 - permalink - - http://comparecloud.in/

aws cloud compare
Note: Containers on aws

beanstalk : https://aws.amazon.com/fr/elasticbeanstalk/

EKS : https://aws.amazon.com/eks/

Fargate : https://aws.amazon.com/fargate/
July 2, 2018 at 9:02:40 AM GMT+2 - permalink - - https://links.infomee.fr/?78xRRg

amazon aws cicd container docker
Netflix: What Happens When You Press Play?

from ifttt pocket
December 14, 2017 at 9:19:35 AM GMT+1 * - permalink - - http://highscalability.com/blog/2017/12/11/netflix-what-happens-when-you-press-play.html

aws netflix
sysadvent: Day 9 - Using Kubernetes for multi-provider, multi-region batch jobs
December 9, 2017 at 6:18:13 PM GMT+1 - permalink - - http://sysadvent.blogspot.fr/2017/12/day-9-using-kubernetes-for-multi.html

aws docker k8s
Installing Kubernetes on AWS with kops | Kubernetes
- https://www.youtube.com/watch?v=52G2T1V_UJ4
November 23, 2017 at 11:37:54 AM GMT+1 * - permalink - - https://kubernetes.io/docs/getting-started-guides/kops/

aws k8s
Note: get aws meta

curl -s http://169.254.169.254/latest/meta-data/

or

/opt/aws/bin/ec2-metadata
November 22, 2017 at 12:13:45 PM GMT+1 - permalink - - https://links.infomee.fr/?hpMq3w

aws meta
Using Temporary Security Credentials to Request Access to AWS Resources - AWS Identity and Access Management

Use role in script
November 21, 2017 at 5:03:26 PM GMT+1 - permalink - - http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html?shortFooter=true#using-temp-creds-sdk-cli

aws bash cli role
Amazon ECS présente le mode de mise en réseau des conteneurs AWSVPC pour une prise en charge des fonctionnalités de mise en réseau complètes
November 17, 2017 at 8:49:31 AM GMT+1 - permalink - - https://aws.amazon.com/fr/about-aws/whats-new/2017/11/amazon-ecs-introduces-awsvpc-networking-mode-for-containers-to-support-full-networking-capabilities/

aws ecs

Note:

SYNOPSIS
get-login
[--registry-ids <value> [<value>...]]
[--include-email | --no-include-email]

OPTIONS
--registry-ids (string) A list of AWS account IDs that correspond to
the Amazon ECR registries that you want to log in to.

   --include-email | --no-include-email (boolean) Specify if the '-e' flag
   should  be  included in the 'docker login' command. The '-e' option has
   been deprecated and is removed in docker version 17.06 and  later.  You
   must specify --no-include-email if you're using docker version 17.06 or
   later. The default behavior is to include the '-e' flag in the  'docker
   login' output.

October 6, 2017 at 2:34:21 PM GMT+2 - permalink -

- https://links.infomee.fr/?ECje8g

aws ecr

Note: List users and their inline attached policies

for user in $(aws iam list-users|jq '.Users|.[]|.UserName' -r); do echo $user;aws iam list-user-policies --user-name $user; done
September 22, 2017 at 10:19:31 AM GMT+2 - permalink - - https://links.infomee.fr/?xhJZ2g

aws iam
How Do I Create a Lifecycle Policy for an S3 Bucket? - Amazon Simple Storage Service

To apply this lifecycle rule to all objects in the bucket, choose Next.

That's why wildcard was not working :D
September 22, 2017 at 10:14:20 AM GMT+2 - permalink - - http://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-lifecycle.html

aws policy s3
GitHub - abutaha/aws-es-proxy: aws-es-proxy is a small web server application sitting between your HTTP client (browser, curl, etc...) and Amazon Elasticsearch service.

Amazon Elasticsearch access control may be based on IAM account with signed request mechanism
One way not to rewrite all applications is using such a proxy
September 5, 2017 at 5:35:53 PM GMT+2 * - permalink - - https://github.com/abutaha/aws-es-proxy

aws elasticsearch es
Note: List item in dynamo db table

aws dynamodb scan --table-name foo
August 18, 2017 at 11:10:05 AM GMT+2 - permalink - - https://links.infomee.fr/?AqSZDA

aws dynamodb
Note: Delete dynamo db item in cmdline

aws dynamodb delete-item --table-name foo --key "{\"id\":{\"S\":\"$id\"}}"
August 18, 2017 at 11:08:55 AM GMT+2 - permalink - - https://links.infomee.fr/?bx3KXg

aws dynamodb
upload-server-certificate — AWS CLI 1.11.124 Command Reference

--path
July 25, 2017 at 11:07:06 AM GMT+2 - permalink - - http://docs.aws.amazon.com/cli/latest/reference/iam/upload-server-certificate.html

aws iam ssl
SQS — Boto 3 Docs 1.4.4 documentation

On peut "remettre" ou plutot rendre disponible de nouveau un message SQS en changeant sa visibility timeout à 0
July 12, 2017 at 11:37:59 AM GMT+2 - permalink - - http://boto3.readthedocs.io/en/latest/reference/services/sqs.html#SQS.Client.change_message_visibility

aws sqs
Note: Count object in bucket/folder

aws s3 ls s3://bucket/path/ --recursive --summarize | grep "Total Objects:"
July 12, 2017 at 10:12:14 AM GMT+2 - permalink - - https://links.infomee.fr/?rcG0hg

aws count s3
set-repository-policy — AWS CLI 1.11.117 Command Reference

Truc con : on ne peut pas utiliser le résultat du get-repository-policy dans le set-repository-policy pour cloner.

Il faut au passage enlever les \n qui trainent dans la réponse
July 11, 2017 at 5:19:45 PM GMT+2 * - permalink - - http://docs.aws.amazon.com/cli/latest/reference/ecr/set-repository-policy.html

aws ecs
Amazon Glacier Direct Upload vs Glacier Upload via Amazon S3

So you can put your data into glacier with 2 differents ways:
1) directly to glacier via API
2) Store them to s3 then with a management policy, it'll go to Glacier

Warning : Huge cost when you download from glacier and when you delete before 3 months
June 27, 2017 at 11:01:12 AM GMT+2 - permalink - - https://www.cloudberrylab.com/blog/compare-amazon-glacier-direct-upload-and-glacier-upload-through-amazon-s3/

aws glacier s3
Creating a Redis (cluster mode enabled) Cluster with Replicas from Scratch - Amazon ElastiCache
June 20, 2017 at 11:31:28 AM GMT+2 - permalink - - http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/Replication.CreatingReplGroup.NoExistingCluster.Cluster.html

aws redis
Creating a Redis (cluster mode disabled) Cluster with Replicas from Scratch - Amazon ElastiCache
June 20, 2017 at 11:31:18 AM GMT+2 - permalink - - http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/Replication.CreatingReplGroup.NoExistingCluster.Classic.html

aws redis
Replication: Redis (cluster mode disabled) vs. Redis (cluster mode enabled) - Amazon ElastiCache
June 20, 2017 at 9:59:57 AM GMT+2 - permalink - - http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/Replication.Redis-RedisCluster.html

aws redis
Replication: Multi-AZ with Automatic Failover (Redis) - Amazon ElastiCache
June 19, 2017 at 5:05:58 PM GMT+2 - permalink - - http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/AutoFailover.html

aws redis
Note: some draft about monitoring beanstalk applications health with boto3 python script

import pprint
p = pprint.PrettyPrinter(indent=4)
p.pprint(x)

or

import pprint
pprint.pformat(x)

import logging
import pprint
logging.info(pprint.pformat(dict))

$ cat monitor_beanstalk.py
#!/bin/python

import boto3
import pprint
pp = pprint.PrettyPrinter(indent=4)

#List all env and status and instances health

client = boto3.client('elasticbeanstalk')

envs = client.describe_environments()['Environments']

#pp.pprint(envs)

for env in envs:
print 'ApplicationName: {} EnvironmentName: {} Health: {} HealthStatus: {} Status: {}'.format(env['ApplicationName'].ljust(30),env['EnvironmentName'].ljust(30),env['Health'].ljust(10),env.get('HealthStatus', 'N/A').ljust(10),env['Status'].ljust(10))
if (env['Health'] != 'Green') or (env.get('HealthStatus', 'N/A') != 'Ok' and env.get('HealthStatus', 'N/A') != 'N/A'):
print '\nProblem'
details = client.describe_environment_health(EnvironmentName=env['EnvironmentName'],AttributeNames=['All'])
#pp.pprint(details)
print details['Causes']
print details['InstancesHealth']
print '\n'

June 15, 2017 at 11:12:05 AM GMT+2 * - permalink - - https://links.infomee.fr/?eFFzMg

aws beanstalk boto pprint python
Note: EFS size by api

aws efs describe-file-systems| jq '.FileSystems|.[]|[.Name, .SizeInBytes.Timestamp, .SizeInBytes.Value]' -c

Retourne une ligne par EFS
Sur chaque ligne, un array avec :
[0] = nom de l'efs
[1] = timestamp du moment où la taille a été calculée
[2] = la taille en bytes

Pour avoir la taille en GB :

aws efs describe-file-systems| jq '.FileSystems|.[]|[.Name, .SizeInBytes.Timestamp, .SizeInBytes.Value / 1024 /1024 / 1024]' -c

aws efs describe-file-systems| jq '.FileSystems|.[]|[.Name, .SizeInBytes.Value / 1024 /1024 / 1024]' -c
June 13, 2017 at 11:56:27 AM GMT+2 * - permalink - - https://links.infomee.fr/?MzuW2A

aws efs size
Example 2: Bucket Owner Granting Cross-Account Bucket Permissions - Amazon Simple Storage Service

Donc pour autoriser un compte externe, on va créer une bucket policy sur notre bucket pour autoriser "arn:aws:iam::account_id:root" ou plus précis sur l'user arn:aws:iam::account_id:user/foobar ou le role

C'est le compte en face qui va décider qui a le droit de venir sur notre bucket avec des user policy standard (quand on est dans le contexte du compte en face, c'est comme si le bucket nous appartenait)

Exemple bucket policy à mettre sur le BUCKET de l'account A pour autoriser l'account xxx en RW

{
"Version": "2012-10-17",
"Statement": [

{
"Sid": "Allow account_xx on aws account xxx RW",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::OTHER_ACCOUNT_ID:root"
},
"Action": ["s3:GetBucketLocation", "s3:ListBucket"],
"Resource": "arn:aws:s3:::BUCKET"
},
{
"Sid": "Allow account_xx on aws account xxx RW",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::OTHER_ACCOUNT_ID:root"
},
"Action": [
"s3:*"
],
"Resource": "arn:aws:s3:::BUCKET/*"
}

]
}

Pour Read only, remplacer action du deuxieme bloc par "Action": ["s3:Get*","s3:List*"],
June 12, 2017 at 8:48:42 AM GMT+2 * - permalink - - http://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example2.html

aws cross iam policy s3
Copy between S3 buckets w/ different accounts · GitHub
June 8, 2017 at 5:29:42 PM GMT+2 - permalink - - https://gist.github.com/ushu/7217693

aws s3
The Challenges of EFS

one more
June 8, 2017 at 4:54:01 PM GMT+2 - permalink - - https://convox.com/blog/challenges-of-efs/

aws efs
wordpress - Degrading Performance of AWS EFS - Stack Overflow

why EFS sucks
June 8, 2017 at 4:44:50 PM GMT+2 - permalink - - https://stackoverflow.com/questions/41673284/degrading-performance-of-aws-efs

aws efs
Note: s3 policy one bucket

ReadWrite :

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetBucketLocation", "s3:ListBucket"],
"Resource": [
"arn:aws:s3:::LeBucket"
]
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::LeBucket/*"
]
}
]
}

Pour Read only, remplacer action du deuxieme bloc par "Action": ["s3:Get*","s3:List*"],
May 17, 2017 at 5:02:27 PM GMT+2 * - permalink - - https://links.infomee.fr/?Vp7r6Q

aws iam s3

Links per page: 20 50 100

◄Older

page 1 / 2