AWS

Amazon Web Services (AWS), is a collection of remote computing services, also called web services, that make up a cloud-computing platform  operated from 11 geographical regions across the world. The most central and well-known of these services include Amazon Elastic Compute Cloud, also known as "EC2", and Amazon Simple Storage Service, also known as "S3". Other services include Elastic MapReduce (EMR), Route 53 (a DNS web service),  provides a highly available and scalable Domain Name System (DNS) web service, Virtual Private Cloud (VPC), storage, database, deployment and application services.

Share tech news, updates, or what's on your mind.

Sign up to Post

My DNS name is currently pointingto, one of my two load balancers.
I want to script to determine which one. Calling one BLUE, the other GREEN

Meaning "you are on Blue" else "you are on Green"
This will let me know to deploy to the other non-production environment, then switch dns.

Background:
I am using AWS and two load balancers [ELB] for Blue and Green deployments.

I have a dns record : test.somesite.com
The "Blue" load balancer " is always: f5-test-123456789.us-east-1.elb.amazonaws.com
The "Green" load balancer is always: f5-test2-123456789.us-east-1.elb.amazonaws.com

example
if I perform a nslookup on my domain name:
nslookup test.somesite.com

Server:            176.103.130.130
Address:      176.103.130.130#53

Non-authoritative answer:
Name:      test.somesite.com
Address: 52.7.126.236 <<<<pointing to this current ip
Name:      test.somesite.com
Address: 52.7.120.31  <<<<pointing to this current ip

if I perform a nslookup on my BLUE ELB:
nslookup  f5-test-123456789.us-east-1.elb.amazonaws.com

Server:            176.103.130.130
Address:      176.103.130.130#53

Non-authoritative answer:
Name:      test.somesite.com
Address: 52.7.126.236
Name:      test.somesite.com
Address: 52.7.120.31

In this case its a match, and the output would be: You are on BLUE

nslookup the GREEN ELB
nslookup f5-test2-123456789.us-east-1.elb.amazonaws.com
Server:            176.103.130.130
Address:      176.103.130.130#53

Non-authoritative answer:
Name:      test.somesite.com
Address: 52.7.125.233
Name:      …
0
Become a Microsoft Certified Solutions Expert
LVL 12
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

I need to copy a file from one Ubuntu server to another.

They are two servers in the same AWS VPC and are in the same Public Subnet. They are both running Ubuntu (Ubuntu 14.04.5 LTS and Ubuntu 18.04.1 LTS, respectively).

I've opened up the Security Group for BOTH Server using Port 22. I also confirmed that openSSH is running by using this command "ps -A | grep sshd" and seeing process ID's.

I created a Text file for testing.

Here's the command I used to copy between servers:

scp ubuntu@**.*.**.***:/usr/local/thomtesttext.txt ubuntu@**.*.**.***:/usr/local/testtext.txt

Open in new window


This is the error I'm seeing:
ssh: connect to host **.*.**.*** port 22: Connection timed out

Open in new window


What am I doing wrong? How can I get an AWS Ubuntu Server to copy files between them?

Thanks for your help!
0
I want to modify EC2 Instances based on AWS Tags

For example instead of doing this

aws ec2 modify-instance-attribute --instance-id i-0035105226cbb39e0 --instance-type t2.small


I could like to do something like this
aws ec2 modify-instance-attribute --tag testservers --instance-type t2.small


Is this possible? I noticed that the documentation did not have an option to call Tags! You must be able to do this. What am I am missing. Thanks

https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html
0
Hello all,
        Our company is just getting into AWS and we are trying to run security reports across multiple Account IDs that the company has (to list users etc.)
When I run <aws iam get-account-authorization-details> i am able to see the users on the account i am signed in on.
         My question , is there a way yo retrieve the info across multiple Account IDs using a similar CLI method?


Thank you for your time,
0
I have two EC2 Instances with AMI's created.  I want to restore an AMI into a different availability zone, then place it in a new VPC.  I am having some trouble finding the availability zone when restoring.  Is this possible?  The end goal is to move a EC2 instance into a VPC in a different availability zone.
To be clear...I want to move from Ohio to Northern Virginia.
0
I want to write a C# Console App that connects to the aws api gateway to retrieve information about various objects in my aws account.

Where do I get the AWS Toolkit for Visual Studio?

This page seems like it should have the answer to this question, but it doesn't:

https://aws.amazon.com/visualstudio/

Thanks in advance for any and all help.
0
Can you change an EC2 Instance type with Ansible?


I know I can use the AWS CLI to change instance type but I am hoping I can use Ansible instead. However, it does not appear that modifying an instance type is an option.

https://docs.ansible.com/ansible/latest/modules/ec2_module.html

I could be reading the docs incorrectly can I get a second opinion?  Thanks
0
I am running Ubuntu 14.04.5 LTS in Amazon Web Services with an Elastic IP and an inbound connection for my Static IP.

I need to simply copy files from Ubuntu (Ubuntu 14.04.5) to my local mac (running OS 10.14.2) and then copy them back, both using a Terminal window and SSH.

I've tried scp, but can't seem to get the command correct as the error I'm getting is:

"ssh: connect to host **.*.**.*.** port 22: Connection timed out" (This IP is the Elastic IP).

What am I doing wrong? Help! Thanks in advance. :-)
0
Hello,

I am trying to import a SQL file dumped using MySQL administrator from v5.5.12, first using MysQL8 on Windows 10 then using 5.6.41 on AWS/RDS, the error using MySQL Workbench 8 is:

15:25:12 Restoring C:\path\sql\sqlfile.sql
Running: mysql.exe --defaults-file="c:\users\users\appdata\local\temp\tmpyzknop.cnf"  --protocol=tcp --host=awsendpoint.rds.amazonaws.com --user=myuser --port=3306 --default-character-set=utf8 --comments --database=mysql  < "C:\\Users\\users\\OneDrive\\Documents\\sqlfile.sql"
ERROR 1044 (42000) at line 21: Access denied for user 'myuser'@'%' to database 'mysql'

Operation failed with exitcode 1
15:25:17 Restoring C:\Users\abell\OneDrive\Documents\\sqlfile.sql
Running: mysql.exe --defaults-file="c:\users\user\appdata\local\temp\tmpvhirjz.cnf"  --protocol=tcp --host=awsendpoint.rds.amazonaws.com --user=myuser --port=3306 --default-character-set=utf8 --comments --database=mysql  < "C:\\Users\\user\\OneDrive\\Documents\\sqlfile.sql"
ERROR 1045 (28000): Access denied for user 'myuser'@'123.456.78.9' (using password: NO)

Operation failed with exitcode 1

I've established that the username and password with which I logged on to AWS.RDS via Workbench is the master user for this instance, BUT I also notice it doesn't have DBS and maintenance perms and I am not sure if these are required or how to set them from AWS dashboard ? or how to create a new user for the existing RDS instance MYSQL as permission is denied using the …
0
I'm currently in the process of migrating one of my clients to AWS and am looking for assistance in configuring their DC in the cloud.

The DC has already been moved, but what changes will I have to make in order for it to start accepting logons in the cloud.

I'm assuming the SRV record may have to be and I may have to create a new site in AD Sites & Services.

If someone could provide some guidance I would greatly appreciate it.
0
Fundamentals of JavaScript
LVL 12
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

Hey All, Need some advise:

What’s the correct way of licensing Visual Studio and other licensed development tools when running on an EC2 instance and cloning them for any new instances? Right now, there are 5 developers with a Visual Studio 2017 licence and they login to their respective Ec2 instance where each developer has a Visual studio license. Now the scenario is:

If new VM’s need to be created, current process is basically creating an Instance from a Base AMI which has got all of these development tools installed with a generic license and then manually entering new license info.

Is there a way that any new VM created can de-associate previous license and enter new license or does it have to be done manually. terraform is being used to spin up these instances.
0
Hello

I have setup MySQL 4.6.x on AWS, and created a new DB schema to receive data from a SQL file created using MySQL DUMP.  Using MySQL Workbench 8.0 CE I can establish a connection, but when I import the data (it seems to start with password-yes then switch to password-no after first failure exit code 1) I get the following error:

ERROR 1044 (42000) at line 21: Access denied for user 'admin'@'%' to database 'mysql'

If it is relevant the SQL file was dumped with a different admin account/password on a different SQL box.

I've looked at a lot of articles and believe this is related to logins/perms but I am mostly good with data rather than sysadmin so any help getting started greatly appreciated...

The full error text is..

box1.ap-southeast-1.rds.amazonaws.com
14:26:34 Restoring C:\Program Files\MySQL\MySQL Server 8.0\bin\yfsql.sql
Running: mysql.exe --defaults-file="c:\users\user\appdata\local\temp\tmpgq7exl.cnf"  --protocol=tcp --host=box1.ap-southeast-1.rds.amazonaws.com --user=admin --port=3306 --default-character-set=utf8 --comments  < "C:\\Program Files\\MySQL\\MySQL Server 8.0\\bin\\sql.sql"
ERROR 1044 (42000) at line 21: Access denied for user 'admin'@'%' to database 'mysql'

Operation failed with exitcode 1
14:26:55 Restoring C:\Program Files\MySQL\MySQL Server 8.0\bin\yfsql.sql
Running: mysql.exe --defaults-file="c:\users\user\appdata\local\temp\tmpjzz_nr.cnf"  --protocol=tcp --host=box1.ap-southeast-1.rds.amazonaws.com --user=admin
0
Have an S3 bucket. I have made a file in this public. In fact I have made it public twice.. However access is still denied. Why would that be?
0
I'm in the midst of moving one of our clients to AWS and I am looking for some assistance.  

Their current setup is they have 3 servers on site:

1.  Active Directory, File Services, Print Server, User Profiles, DNS
2.  RDP / Citrix server
3.  Windows 7 computer running indexing software for document management solution

I have already migrated all of their servers to AWS.  I plan on leaving a domain controller on site as well as a print server.

AWS is connected to head office via a VPN tunnel.

The subnet at head office is 192.168.70.0/24 and the subnet in our AWS VPC is 172.16.0.0.

My questions are:

1.  Would best practice be to host DNS on Route 53 (AWS), on our cloud based or on prem?
2.  Is it practical to have Roaming Profiles from a cloud based file server?  In anticipate this will significantly slow down login times.
3.  When we move the domain controller from on site to the cloud how do we update DNS records so workstations and servers are authenticating against the cloud based DC?  I'm not certain if the SRV record has to be changed.

Any advice or tips would be greatly appreciated.

Thanks,

Sean
0
I recently migrated 2 VMs to AWS EC2.
Both the new AWS VMs can ping  server1 (also AWS VM), but cannot connect to server1 in explorer.  All other workstations/servers in our domain can, including other AWS VMs that are on a different subnet.  (172.27.162,xxx is the subnet for the new VMs. Other AWS VMs on 172.27.130.xxx subnet connect fine).

When trying to navigate to the share, the following error occurs: "Windows cannot access \\server1\"  error code 0x80004005

Any ideas how this could be fixed?
0
I am trying to forward ports through an OpenVPN AS server to a pfSense router that is connected as a client. I want to do this because my home internet connection is a LTE/4G connection that is NATed at the ISP’S end as well. This means I do not get a public ip and instead get the ISP’s local LAN address. This is a problem because I cannot forward any ports from the outside.

In the OpenVPN AS server config User Permissions > More Settings > DMZ I have put in the address as instructed by https://openvpn.net/vpn-server-resources/how-to-setup-dmz-in-openvpn-access-server/
 52.95.245.250:tcp/32400

The Open VPN AS server has been set up in AWS form the OpenVPN market AMI.
So the setup I am aiming for should look something like :

52.95.245.250 (AWS public IP/OVPNAS server)
          |
       (NAT)->172.16.16.2 (pfSense ovpn client IP)
                     |
                  (NAT)->192.168.1.10 (Plex server or whatever)


End goal is that 52.95.245.250:32400 should be forwarded to 192.168.1.10:32400


PROBLEM:
My issue is that while the OpenVPN AS is receiving the packets they are not being forwarded to the client.
The OpenVPN AS is getting packets and this has been confirmed via sudo tcpdump -i eth0 tcp port 32400
The pfsense router is not getting packets confirmed via tcpdump -i ovpnc3 tcp port 32400
0
We have a 2008 server in AWS and we need to remove and re-add it back to the DNS/Domain.
Is it as simple as if it were sitting in my local computer room or is it a really evolved process?
Meaning that I need to alter or deal with the Instances.
0
I am trying to find out the specific permissions that are granted to an object in an S3 bucket.This object is in sub folders within the bucket. I can see the general permissions in the Web Management console, but I need more detailed information.

I have tried using this command in the AWS CLI:

aws s3api get-object-acl --bucket BUCKET_NAME\FOLDER_1\FOLDER2\ --key FILE_NAME.EXT

but this does not seems to work, I either get regex errors, or the specified key does not exist. I can use get_bucket_acl using just the bucket name and can access that buckets permissions.

Any help on this would be greatly appreciated.

Devin Becker
0
https://www.cloudcomputing-news.net/news/2016/oct/31/agentless-vs-agent-based-architectures-why-does-it-matter/
https://aws.amazon.com/marketplace/pp/B01LXMNGHB?qid=1541553180900&sr=0-1&ref_=srh_res_product_title

Extracted from above links, "Agentless services, on the other hand, talk directly to the underlying cloud platform (e.g., AWS, Azure)...",

Q1:
Is AWS' AV subscription now an agentless AV?  Is this the agentless Deep Security?

Q2:
If there are appliance VMs (eg: highly stripped-down Linux), is it the way to go to
adopt agentless (as we may subscribe to say Commzgate SMS or cloud-based
services) AV/end-point IPS as agents can't run/install in the stripped-down guest
OS?

Q3:
in the case of AWS' AV/IPS service (ie the 2nd link above), is this an SaaS of FaaS
(Function as a Service)?
0
OWASP Proactive Controls
LVL 12
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

I have a wordpress website on AWS EC2 Ubuntu Linux. I am not good in this department of coding but I get by. I just used created a Load Balancer and attached it to my EC2 instance. I am trying to force SSL (HTTPS) on anyone who visits my site. I have 90% of it correct.  if you visit:

https://www.Example.com
www.Example.com
http://www.Example.com (Redirects to https://www.Example.com)

it works perfectly with Secure. But if you go to
Example.com
http://Example.com

then it goes to a UNSECURE site. and stays on Example.com

In my ".htaccess" file at the very top I have the code below.  So what is the problem? I thank you for the help.


#Force www:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^Example.com [NC]
RewriteRule ^(.*)$ https://www.Example.com/$1 [L,R=301,NC]

# Begin force ssl
<IfModule mod_rewrite.c>
# RewriteEngine On
 RewriteCond %{SERVER_PORT} 443
 RewriteRule ^(.*)$ https://Example.com/$1 [R,L]
</IfModule>

Open in new window

0
Hi Experts,
I am completely new to AWS. I have been assigned a task to transfer the files of  'x' folder  on the server to s3 bucket .  Because the server space is getting filled very fast. We need an automated power shell script or something else which would move the files everyday automatically and delete the files from the server.

Any help would be greatly appreciated!
1
I am encountering an error when I try to install memcached on a PHP 7 - Linux AWS system.  This is the command I am using that generates the error.
yum install memcached php-pecl-memcache

Open in new window


This is 1 of 2 errors:
1.
Finished Dependency Resolution
Error: Package: php-pecl-memcache-3.0.8-4.amzn2.x86_64 (amzn2-core)
           Requires: php(api) = 20100412-64

Open in new window


2.  
Error: Package: php-pecl-memcache-3.0.8-4.amzn2.x86_64 (amzn2-core)
           Requires: php(zend-abi) = 20100525-64

Open in new window


Please help me with how to finish installing memcached.

Thanks,
0
I've installed a version of the Unifi Controller to the AWS cloud before, but it's been over 6 months. I went to install a second, built my EC2 on AWS as per the instructions, but then I couldn't get the UNIX commands to work after install. It was flawless before. I'm not getting anywhere with searching on the error.

Here's the command from the instructions that fails after launching the instance:

Once you connect to the Server and are greeted with the Ubuntu Command Line Interface (CLI), do the following:
5.1. Add the Ubiquiti repository to /etc/apt/sources.list:
echo "deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti" | sudo tee -a /etc/apt/sources.list

HERE's what I get...

Complete!
[ec2-user@ip-172-31-22-106 ~]$ echo "deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti" | sudo tee -a /etc/apt/sources.list
tee: /etc/apt/sources.list: No such file or directory
deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti

The instructions are found at:  https://help.ubnt.com/hc/en-us/articles/209376117-UniFi-Install-a-UniFi-Cloud-Controller-on-Amazon-Web-Services

Has anyone RECENTLY gotten the Unifi Controller installed on AWS?  I didn't even get to the point of installing the controller. Just made it to the point where it would pull it down.

Thanks,
Ken
0
Hi Experts,

I have elasticsearch installed on ubuntu aws machine.  It is running properly,  see below image for reference.

elastic-search.pngI am not able to access this elastic search from windows.

I had tried http://54.252.92.17:9200 on browser. I get this site cannot be reached on the browser.  same way I had installed curl on windows and tried to access it

I had tried curl -XGET "54.252.92.17:9200"  I get failed to connect ipaddress on port 9200: connection refused.  Ip address and ports are open from the aws ubuntu machine.

When I try on ubuntu machine

root@ip-10-252-14-11:/home/ubuntu/workarea/sourcecode/ntdl# curl -XGET '172.17.0.1:9200/_cat/indices?v'
health status index    uuid                   pri rep docs.count docs.deleted store.size pri.store.size
yellow open   ntdl_v01 VSKQjn3RSRSRBHbOaQzEBw   5   1        465            0      2.6mb          2.6mb

the public ip is 54.252.92.17, network.host in elasticsearch.yml is 172.17.0.1 and the port is 9200.

Please help me in resolving this issue.

With Many thanks,

Bharath AK
0
I am trying to verify some AWS prerequisites for Server Migration.  Could someone help me with the following 3 prerequisites listed below.   specifically:

a) verify if the following prerequisite connections are allowed
b) if they are blocked, how to open the requested ports in the fortigate

1)  DNS—Allow the connector (192.168.1.17) to initiate connections to port 53 for name resolution.

 2)  HTTPS on WinRM port 5986 on your SCVMM or standalone Hyper-V host

 3)  Inbound HTTPS on port 443 of the connector (192.168.1.17) —Allow the connector to receive secure web connections on port 443 from Hyper-V hosts containing the VMs you intend to migrate.
0

AWS

Amazon Web Services (AWS), is a collection of remote computing services, also called web services, that make up a cloud-computing platform  operated from 11 geographical regions across the world. The most central and well-known of these services include Amazon Elastic Compute Cloud, also known as "EC2", and Amazon Simple Storage Service, also known as "S3". Other services include Elastic MapReduce (EMR), Route 53 (a DNS web service),  provides a highly available and scalable Domain Name System (DNS) web service, Virtual Private Cloud (VPC), storage, database, deployment and application services.