Welcome to AWS re:Post

Hello, We have tomcat servers with latest tomcat 8.5.* installed from amazon-linux-extras The latest version now is **8.5.79.0** But in the Apache Tomcat site https://tomcat.apache.org/download-80.cgi, they have this latest version 8.5.87 Could you please advise why AL2 doesn't have the latest tomcat version? Thankslg...

Client is unable to control the usage of certificates, looking for AWS best practices for Certificate tracking and monitoring.lg...

Hi community, I am trying to perform an ETL job using AWS Glue. Our data is stored in MongoDB Atlas, inside a VPC. Our AWS is connected to our MongoDB Atlas using VPC peering. To perform the ETL job in AWS Glue I have first created a connection using the VPC details and the mongoDB Atlas URI along with the password and username. The connection is used by the AWS Glue crawlers to extract the schema to AWS Data Catalog Tables. This connection works! However, I am then attempting to perform the actual ETL job using the following pySpark code: #My Temp Variables source_database="d*********a" source_table_name="main_businesses source_mongodb_db_name = "main" source_mongodb_collection = "businesses" glueContext.create_dynamic_frame.from_catalog(database=source_database,table_name=source_table_name,additional_options = {"database": source_mongodb_db_name,"collection":source_mongodb_collection}) However the connection times out and for some reason mongodb atlas is blocking the connection from the ETL job. It's as if the ETL Job is using the connection differently than the crawler does. Maybe the ETL Job is not able to run the job inside our AWS VPC that is connected to the MongoDB Atlas VPC (VPC Peering is not possible?). Does anyone have any idea what might be going on or how I can fix this? Thank you!lg...

I Is it possible to attach NLB in AWS WAF, If yes this option not showing in console. Could you please provide step how to do that, what are changes need to done. We configured same region, same VPC but option not showing in NLB in WAF console.lg...

Hello Team, I'm trying to launch an instance through CF template. However, I'm getting below error while launching: "Value of property SubnetId must be of type String" Steps Followed: 1. Created a VPC CF template and defined "Outputs" in the template section as below: Outputs: PublicSubnet1: Description: Public Subnet 1 ID Export: Name: !Sub ${AWS::StackName}-PublicSubnet1 Value: !Ref PublicSubnet1 2. Created an EC2 launch template and in "Resources" section , defined Subnet properties as follows: Properties: SubnetId: - Fn::ImportValue: !Sub ${ExportVpcStackName}-PublicSubnet1 Can anyone please advise what the reason for failure? Thanks, Abhisheklg...

Hi All, I'm having an issue running enhanced scanning in ECR for my Docker image. To replicate the issue, I have tested this on some sample base images that I'm using from Nvidia's container registry. When uploading the base Nvidia TensorRT image for Cuda 11.6, I am able to receive a vulnerability report. This is the tag: `nvcr.io/nvidia/tensorrt:21.07-py3` However, a newer CUDA version variant (which is still Ubuntu 20 based) is showing `UNSUPPORTED_IMAGE` in the vulnerability report: `nvcr.io/nvidia/tensorrt:22.12-py3` According to AWS docs, Ubuntu 20 images should still be supported. Is there any way to remediate this?lg...

Hello everyone. I am trying to use Test Client in my account and it do not connect to the Gateway. Until last day it was working fine. Now, it connects only sometimes. thanks in advance.lg...

Hi, I was trying to register a domain name for my association but unfortunately I have received an email says "We weren't able to register the domain name." we can't finish registering your domain. Contact AWS Support at this link Did anybody have the same problem? Kindly help to solve this issue!.lg...

I have diffrent account which I opened in order to test free tier couple years ago and I closed the instance within a month. To day and I wanted to use the free tier plan and wanted to know if this is against any of Aws policies?lg...

We are integrating with a partner who uses Amazon Cognito and we are the IDP. They have loaded our IDP metadata file and when I send a request to their authorization endpoint to initiate the SAML session, we receive a request containing SAMLRequest and RelayState values. Amazon Cognito documentation does not state how the SAMLRequest and RelayState are generated/formatted. Are these values encrypted and then Base64 encoded? Are there any samples or examples available of what an unencrypted SAMLRequest contains?lg...

 Hi! I'm reading the log file from my proxy server/squid and there is an unknown url from "lambda-url" from many and differents workstations/IP addresses. So, Can anybody know what is this? Thank you!lg...

Hey Support, We are going to be integration Identity Center with Multi account access connector for different environments like Dev, Prod, and Management account. What I want to understand is. we currently already have this setup but we do not have SSO enabled. We want to start using Identity Center for SSO. Before we transition into using it. There are some questions I want to ask. 1. Is there any potential issues if we integrate Identity Center, we will also be using SCIM as well.? Like how will it affect the current users, permissions, roles, policys when transferring ovewr? Will anything break from our current setup? Would the transition be smooth? Do we have to recreate groups/roles/permissions or it will be populated over? Do we have to reassign licenses? Our current setup is by accessing a link/URL in which we type in the account ID and username to login. We want to Setup AWS Identity Center with Multi Account access connector on Okta. We have 3 environments, which is Dev, Prod, and Management. Thanks alot and appreciate it! Aaronlg...

I have a google cloud storage bucket (Sao pablo) and a backup bucket in S3 (virginia). The command I use is ``` gsutil -m rsync -r gs://**** s3://**** ``` It was working fine with less than 200gb. After uploading more than 350gb, every time I run the command, google cloud takes some minutes to list files ("At source listing ..." ) but the destination S3 takes an hour to list 10000 files, so I need a day to sync files. I don't understand what happened because if some days ago it took 3 hours for example, after duplicating the space I hope about 6 hours not a day. Any idea?lg...

Hi folks, I'm strugling to get rid of nginx proxy in front of our application (which is a YARP proxy in itself, thus doesn't need another reverse proxy). I've set the aws:elasticbeanstalk:environment:proxy ProxyServer option to "none" and I can see from the eb-engine log that the nignx indeed gets disabled. In it's place, eb-engine adds two routes to nat iptable for redirecting port 80 to 5000 (default .NET core http port). I've ssh'd to the instance and confirmed that I can call the app both via localhost(:80) and localhost:5000. Unfortunately, the app doesn't seem to get exposed outside of the instance - ELB healthchecks fail, I can't call it using the instance IP directly (Failed to connect to 10.0.x.y port 80: Connection refused). It works fine with nginx enabled so I would rule out any vpc networking issues. Any ideas what required linux configuration might be missing that prevents the app from getting exposed on the instance? Thanks, Piotrlg...

Hello. We have enabled logging from RDS instance to the CloudWatch. I have noticed that some sensitive info like certificates and private keys are appearing in CloudWatch logs. I would like to hide this type of logs so it won't be shown in CloudWatch. Could you please advise how can I do it? Unfortunately I can not use Data protection policy because it's not supported in our AWS Regionlg...

We were troubleshooting an issue for the customer and encountered the flow wherein the call is routed to the error branch due to the timeout. The Invoke AWS Lambda function timeout is maxed out at 8 seconds but the query to the API takes about 11 seconds.  The Lambda is already set at 10mins, but it seems the timeout in connect takes precedence.  Is there a way to increase the timeout in the AWS Connect module "Invoke AWS Lambda function" to more than 8 seconds?lg...

Hi, I want to call a HTTP endpoint from my AWS API gateway and that endpoint is secured with Oauth 2.0. So, is there any way to implement Oauth 2.0 using HTTP integration type in AWS API Gateway (API Creation Wizard)? Also, if lambda is the only option, any examples will be appreciated.lg...

Hello, I'm trying to create a distribution on Cloudfront and S3 and use a domain outside of AWS, with route 53 I can use my domain without problems, but my question is whether it would be possible to use my domain without using Route 53. on the site that hosts my domain, since I don't have ns, it's like something is missing. I can manage to configure the cname from the certificate generated in ACM, the txt and the alias that points to the cloudFront, but I could not configure the ns. So, is Route 53 fundamental in this process?lg...