Home
About Me
Résumé
Portfolio
DevOps
C/C++
Drupal
Java
PHP
Ruby
Symfony
WordPress
Blog
Astronomy
Fitness
Photography
RDBMS
Technology
WWF
Pictures
Instagram
Galleries
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
Contact
Search for:
Search Button
Home
About Me
Résumé
Portfolio
DevOps
C/C++
Drupal
Java
PHP
Ruby
Symfony
WordPress
Blog
Astronomy
Fitness
Photography
RDBMS
Technology
WWF
Pictures
Instagram
Galleries
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
Contact
Search for:
Search Button
Cloud Architecture
DevOps
AWS
August 30, 2022
Table of Contents
Cloud Strategies
AWS Shared Responsibility Model
Online Calculators
Named Profiles
Installing
Unable to login as root
Unable to login as victord
EC2 Metadata
AWSCLI – unable to install
Billing
EC2 Billing
Support Billing
Automatic Payments Cancelled
Billing Alarms vs AWS Budgets
Cost Explorer – EC2-Other
AWS Cost Management – Utilization Report
CloudWatch – Surprising Billing Costs
KMS – Surprising Billing Costs
EC2 – Surprising Billing Costs (1)
EC2 – Surprising Billing Costs (2)
Config – Surprising Billing Costs
Inspector – Surprising Billing Costs
GuardDuty – Surprising Billing Costs
RDS – Surprising Billing Costs
Secrets Manager – Surprising Billing Costs
VPC
Creating a VPC
Creating a Site-to-Site VPN (1)
Single Site-to-Site VPN connection
Multiple Site-to-Site VPN connections
What is AWS Site-to-Site VPN?
Concepts
Working with Site-to-Site VPN
Site-to-Site VPN limitations
How AWS Site-to-Site VPN works
Site-to-Site VPN Components
Virtual private gateway
Transit gateway
Customer gateway device
Customer gateway
IPv4 and IPv6 support
Site-to-Site VPN categories
Tunnel options for your Site-to-Site VPN connection
Site-to-Site VPN tunnel authentication options
Pre-shared keys
Private certificate from AWS Certificate Manager Private Certificate Authority
Site-to-Site VPN tunnel initiation options
VPN tunnel IKE initiation options
Rules and limitations
Working with VPN tunnel initiation options
Site-to-Site VPN tunnel endpoint replacements
Endpoint replacements during VPN tunnel updates
Endpoint replacements during VPN connection modifications
Customer gateway options for your Site-to-Site VPN connection
Accelerated Site-to-Site VPN connections
Site-to-Site VPN routing options
Static and dynamic routing
Route tables and VPN route priority
Routing during VPN tunnel endpoint updates
Getting started
Prerequisites
Step 1: Create a customer gateway
Step 2: Create a target gateway
Step 3: Configure routing
Step 4: Update your security group
Step 5: Create a Site-to-Site VPN connection
Step 6: Download the configuration file
Step 7: Configure the customer gateway device
Creating a Site-to-Site VPN (2)
Azure – Create the Virtual Gateway
AWS – Create Virtual Private Gateway
AWS – Attach Virtual Private Gateway to VPC
AWS – Create Customer Gateway
AWS – Create VPN Connection
Azure – Create a Local Network Gateway
Azure – Create the Azure connection
AWS – Update Route Table
Testing
S2S VPN Tunnels go down
Security Groups – Temp backup (1)
Security Groups – Temp backup (1)
SSH into EC2 in Private Subnet
Deleting a VPC
IAM
IAM via Console
IAM via CLI
Users
Groups
Roles
Policies
Enable Root MFA
Disable Root MFA
Enable Users MFA
Virtual MFA device corrupted
Virtual MFA deny access to S3 Buckets & Glacier Vaults
IAM Group rom-administrator conflicts with AWS CLI
AccessDenied when calling the UpdateAutoScalingGroup operation
Unable to access AWS Root Account
Enforcing MFA through CLI
SSO – Sign in with Google
Access Keys
Configure the AWS CLI to use AWS IAM Identity Center
Configure the AWS CLI to use IAM Identity Center token provider credentials with automatic authentication refresh
Access Keys Rotation
EC2
SSH Keys Pairs
Default EC2 users
vCPU
EC2 via Console
EC2 via CLI
EBS – Changing from gp2 to io1
Custom private IP addresses
Migrating EC2 from VPC to VPC
Restoring EC2 from a snapshot
Step 1: Gather Information about the Snapshot to Restore
Step 2: Create a New Volume to hold the Snapshot
Step 3: Remove the Problematic volume from the Instance
Step 4: Attach the NEW Volume to the Instance
Step 5: Restart the Instance
OpenVPN
AWS VPN Client
Pricing Models
Downgrading issues
AWS-ROM S2S VPN – ROM VPN EC2 Firewall Rule to Allow
Testing public ip addresses
Testing private ip addresses
Testing AWS-ROM S2S VPN connections
Conclusions
Reserved Instances
Spot Instances
Scheduled Instances
Increasing volume size
Verify file system disk space
Increase the size with AWS Console
Wait for the volume to complete its optimization (This can take a while)
Verify block devices
Extend the partition
Verify new file system disk space
Extend the file system
[XFS file system]
[ext4 file system]
Finally, verify file system disk space
Increasing volume size with Ansible
Decreasing volume size
Snapshot the volume
Create a new smaller EBS volume
Attach the new volume
Format the new volume
Mount the new volume
Copy data from old volume to the new volume
Prepare the new volume
Detach and unmount old volume
Finally, verify file system disk space
Decreasing volume size with Ansible
You can’t start the Spot Instance
Security Group for Scratch
scratch
scratch-db
scratch-search
Snapshots
All my EC2 Development and One non-development Instances went down
Ghost Instances
ELB – Elastic Load Balancers
ASG – Auto Scaling Groups
ELB + ASG – Load/Stress Testing (TO BE COMPLETED)
Scenario 1
Scenario 2
Scenario 3
Scenario 4
Scenario 5
ELB + ASG – EC2 instances cannot connect to the internet
ELB + ASG – EC2 instances popping up randomly
ELB + ASG – Instance refresh
ELB + ASG – Unable to send emails from my EC2 servers behind an ELB/ASG configuration.
My Query
AWS Answer (1)
My Response
AWS Answer (2)
My Solution
ELB + ASG – Unable to connect to Azure BOS
ELB + ASG – Client IP addresses
ELB + ASG – Scheduling
ELB + ASG – Empty array returned
ELB + ASG – Updating image
Jenkins’ pipeline is not working.
Unable to SSH using private IP address
Price difference between Linux OS
Unable to launch CentOS 7 EC2 server
Mounting Volumes
EC2 Instance Connect Fails
System Status Check vs Instance Status Check
SES
SMTP
SMTP Account Re-activation
“< was unexpected at this time”
Unable to attach files
Email Address for victordiaz.ca
Domain for victordiaz.ca
I have requested SES production access to AWS.
I have been granted access to SES production.
Testing my new AWS SES service with PHP
Testing my new AWS SES service with WP Mail SMTP
Fixing the DNS SPF record
Fixing the DNS DMARC record
Email sending history
Your account’s ability to send email is paused in US East (N. Virginia)
Failed to authenticate on SMTP server
Phishing Attacks – We are getting targeted for cyberattacks
SNS
Tracking Message IDs
Beautifying messages
S3
AWS S3
Rsync wonders
S3 via Console
S3 via CLI
S3 Glacier via Console
S3 Glacier via CLI
S3 Glacier Deep via Console
S3 Glacier Deep via CLI
make_bucket failed: An error occurred (IllegalLocationConstraintException)
S3: Changing S3 bucket region
Switching to Glacier or Glacier Deep
S3: can’t start new thread
Restoring from S3 Glacier & S3 Glacier Deep Archive
Using bash script
Using batch operations
S3 > Events – Unable to validate the following destination configurations
Insufficient permissions to delete bucket
Bandwidth Optimization
Access Denied
Excluding directories
Renaming buckets
Backup Times
S3 Pricing
Make objects public
Failed to list buckets
An error occurred (SignatureDoesNotMatch) when calling the ListObjectsV2 operation
Verifying reads from S3
Verifying writes to S3
You don’t have permissions to edit bucket policy
(AccessDenied) when calling the PutObject operation
Pre-signing URLs
You don’t have permission to delete bucket “elasticbeanstalk-ca-central-1-{{ AWS_ACCOUNT }}”
S3 Glacier
Welcome to Amazon S3 Glacier
Backing up and Restoring from Vaults
KMS
What is AWS Key Management Service?
Creating a Customer Managed Key – Symmetric
Creating a Customer Managed Key – Asymmetric
Creating a Customer Managed Key – BYOK
Deleting a Customer Managed Key
Encryption/Decryption at Rest – Client
Encryption/Decryption at Rest – Server
Encryption during Transit
Route 53
Health Checks
DNS
EFS
Creating an EFS
EFS
Mount.nfs4: Connection timed out
CloudWatch
Adding Disk Space Alarm
Logs
Service Monitoring
Composite Alarms
ServiceNow Integration
CloudTrail
How to use
CloudEndure
CloudEndure Disaster Recovery
Direct Connect
What is it?
ECR
What is AWS ECR?
AWS ECR Pricing
Creating a private AWS ECR repository
ECS
What is AWS ECS?
AWS ECS Pricing
Creating an ECS
Deleting an ECS
Unable to run task – No Container Instances were found in your cluster.
Certificate Manager
What is the Certificate Manager?
Importing my TLS certificate into AWS
Cognito
Log into AWS with Google (TO BE COMPLETED)
SSO
Organizations
Systems Manager
Unable to add managed instances into Systems Manager
Unable to execute Run Command
Athena
My First Athena DB
Inspector
My First Scan
Data Lifecycle Manager
Backup
RDS
My First DB
Lambda
My First Lambda function
CloudFormation
Template Anatomy
AWS::IAM::Role – Unable to create role
Beanstalk
Installing AWS BS CLI
SAM
CodeDeploy
The overall deployment failed because too many individual instances failed deployment
CodePipeline
Connecting GitHub
CodeDeploy agent was not able to receive the lifecycle event
Logs
CDK
AWS CDK Primary Programming Language
AWS CDK Releases
AWS CDK Developer Guide
AWS CDK API/Construct Library
L1 Constructs
L2 Constructs
L3 Constructs
Benefits of using high level constructs
GitHub CDK Examples
AWS CDK Workshop
Pluralsight Course GitHub Repo
Cross-Stack vs Nested-Stack Architectures
Renaming Resources
Challenges
Interacting with AWS
Benefits of a Development Workflow
IaC Approaches
IaC Approaches – Procedural
IaC Approaches – Declarative
IaC Solutions for AWS
Next steps with the CDK
Cross-Reference Stacks
CDK Command Line Parameters
Context Values
ModuleNotFoundError: No module named ‘aws_cdk’
This software has not been tested with node v21.2.0.
Import “aws_cdk” could not be resolved
Newer version of CDK is available
How to know the status of CDK Stack
allow_default_port_to vs allow_to_default_port
Renaming CDK Object Names
Awful Logical IDs and Physical IDs Naming Convention
Is the docker daemon running?
aws-cdk-lib.aws_ec2.VpcProps#cidr is deprecated
aws-cdk-lib.aws_ec2.LaunchTemplateProps#keyName is deprecated
CDK bootstrap stack version 6 required. Please run ‘cdk bootstrap’ with a recent version of the CDK CLI
npm notice New minor version of npm available! 10.2.4 -> 10.4.0
CDK Python vs CDK TypeScript
QuickSight
ELK
SysAdmin
Instance reachability check failed
AWS Tech Support – Attempt 1 (failed)
AWS Tech Support – Attempt 2 (Succeeded)
Newer Linux kernels may rename your devices
Memory Allocation Issues
Space Allocation Issues
dyld: Library not loaded
AWS-ROM S2S VPN Tunnels keep going down
AWS-ROM S2S VPN DNS does not work
Testing AWS-ROM S2S VPN
Network Diagrams
All my EC2 Development and One non-development Instances went down
Space Allocation Issues (2)
Awesome AWS
AWS CloudEndure
AWS CloudFormation
AWS Cloud9
AWS CodeCommit
AWS CodePipeline
AWS EKS (Elastic Kubernetes Service)
AWS Config
AWS Control Tower (From AWS Meeting)
AWS File System (From AWS Meeting)
AWS Storage Gateway (From AWS Meeting)
AWS Well-Architected Framework
AWS WAF & Shield
AWS Trusted Advisor
Recommendation – MFA on Root Account
Recommendation – EC2 Reserved Instances Optimization
Recommendation – EC2 Reserved Instances Optimization
AWS Athena
aws
,
cloud-architecture
,
devops
Written By victord On August 30, 2022