Handy list
https://gist.github.com/neilstuartcraig/0ccefcf0887f29b7f240
Category Archives: AWS
Terraform: Error creating launch configuration: AlreadyExists: Launch Configuration by this name already exists
If you’re creating an ASG using an AWS Launch Configuration, you cannot use a name for the Launch Configuration.
The solution? Simply omit name from your launch configuration.
https://github.com/hashicorp/terraform/issues/3665
Launch Configurations cannot be updated after creation with the Amazon Web Service API.
AWS Lambda
Disabling a Lambda function should be easier.
It should be a clear UI control in the Lambda > Functions dashboard.
Which it is except you have to click on the Trigger (e.g. CloudWatch Events), then scroll down and hit the Enabled / Disabled toggle switch next to the function name there.
AWS EC2: change instance type – aka resize
Terraform will automatically do the following steps.
Manually:
Right click on Instance for menu options:
1. Instance State > Stop
2. Instance Settings > Change Instance Type
3. Instance State > Start
ECR Console Version 2
ECR (Amazon Container Registry) now has a dedicated management console.
https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-ecr-console-version-2
Simple guide to creating a repo and pushing a docker image to it:
1. https://eu-west-2.console.aws.amazon.com/ecr/home?region=eu-west-2# and click Create a repository > Get Started
2. Enter a repository name (usually namespace/repo-name). e.g. snowcrash/wordpress
3. You’ll get a panel showing the URI – e.g. 026972849384.dkr.ecr.eu-west-2.amazonaws.com/snowcrash/wordpress
4. You’ll need to push a docker image to this repo. Assuming you’ve got a docker image you’re happy with locally then get a docker login command by running `$(aws ecr get-login –no-include-email –region eu-west-2)`.
You get this aws ecr get-login command from your ECR console by clicking View push commands.
Note: the --no-include-email is required for more recent versions of docker. E.g. if you get the error message:
== -e none https://026972849384.dkr.ecr.us-east-1.amazonaws.com unknown shorthand flag: 'e' in -e See 'docker login --help'.
If it succeeds, you should get:
WARNING! Using --password via the CLI is insecure. Use --password-stdin. Login Succeeded
5. tag it with
docker tag <image id> <remote tag>
6. and push with
docker push <remote tag>
AWS Config
Note: AWS Config records and evaluates configurations of your AWS resources.
You set up a bucket, a SNS topic and some rules.
The state of your AWS resources are stored and, if a non-compliant resource gets created, you get notified via the SNS topic.
Example rules might be:
- Only SSL requests on S3 buckets
- Logging enabled on S3 buckets
- Versioning enabled on S3 buckets
- Volumes are encrypted
- SSH restricted: i.e. only a restricted set of IPs are allowed to access via SSH
https://aws.amazon.com/config/
Note: AWS Config is expensive.
AWS Control Tower
AWS Control Tower automates the set-up of a baseline environment, or landing zone, that is a secure, well-architected multi-account AWS environment.
Announced at re:Invent 2018.
https://aws.amazon.com/controltower/
Uses AWS Config (expensive).
AWS App Mesh
AWS App Mesh makes it easy to monitor and control microservices running on AWS.
Use it with ECS and EKS.
It uses Envoy.
AWS Outposts
AWS Outposts bring native AWS services and infrastructure on-prem.
But expensive.
Watch out Cisco, Dell and HP (or HPE as they’re known now)!
https://aws.amazon.com/outposts/
AWS Transit Gateways
Simplifying the thousands of VPCs, subnets, routes, etc you may have.
Note: currently only available in:
- US East (N. Virginia)
- US East (Ohio)
- US West (Oregon)
- US West (N. California)
- Europe (Ireland)
- Asia Pacific (Mumbai)