All Questions
Content language: English
Sort by most recent
I just created an AWS account for the purpose of using AWS EC2 virtual machine at some point in the future.
However I don't need to use it yet (probably in the next 6-12 months). How can I pause the 12 month free-tier until I am ready to use EC2?
Thanks,
Hi AWS, I am trying to impose a condition on S3 `BucketEncryption` property whether it should be customer managed (SSE-KMS) or AWS managed key (SSE-S3). The code for the template is:
```
# version: 1.0
AWSTemplateFormatVersion: "2010-09-09"
Description: Create standardized S3 bucket using CloudFormation Template
Parameters:
BucketName:
Type: String
Description: "Name of the S3 bucket"
KMSKeyArn:
Type: String
Description: "KMS Key Arn to encrypt S3 bucket"
Default: ""
SSEAlgorithm:
Type: String
Description: "Encryption algorithm for KMS"
AllowedValues:
- aws:kms
- AES256
Conditions:
KMSKeysProvided: !Not [!Equals [!Ref KMSKeyArn, ""]]
Resources:
S3Bucket:
Type: 'AWS::S3::Bucket'
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
BucketName: !Ref BucketName
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
BucketEncryption:
ServerSideEncryptionConfiguration:
- !If
- KMSKeysProvided
- ServerSideEncryptionByDefault:
SSEAlgorithm: !Ref SSEAlgorithm
KMSMasterKeyID: !Ref KMSKeyArn
BucketKeyEnabled: true
- !Ref "AWS::NoValue"
```
When I am selecting the SSEAlgorithm as `AES256` I am receiving this error **Property ServerSideEncryptionConfiguration cannot be empty**. I know `KMSMasterKeyID` should not be present when the SSEAlgorithm is of AES256 type but I am confused how to get rid of this error.
Please help.
asked 19 hours ago
I am working on adding a new library that depends on AWS JDK to my project, however, some other untouched existing component querying DynamoDB throws the exception:
```
Caused by: com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException: User not found: the_user_key (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: null; Proxy: null)
```
`the_user_key` works well before I add the new library, but it suddenly says the user was not found.
I am using `com.amazonaws:aws-java-sdk-dynamodb:1.11.704`, `"com.amazonaws:aws-java-sdk-core:1.11.704"`, and there are also a bunch of `software.amazon.awssdk` with version 2.16.87.
I am wondering if anybody encountered similar issues before, or if anybody could give any advice.
I would like to give very specific, temporary permissions to a user/role to allow them to send an SMS, restricting the body template and the Sender ID.
I know I can do this in SES (https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_SendEmail.html), but is it possible with Pinpoint (or even SNS)?
Thanks for the help! :)
I didn't understand the concept of delegating admin access to member account for certain services (Say guard duty etc.). Why is that delegation required. Generally at an enterprise level, AWS sso in management account is integrated with IDP(mostly Azure) and users/groups would be able to access the member accounts as per the permission sets and scps defined.
If I gave the security account access to particular group/user in Azure AD and restricted the access to all others, what is this concept of delegation. Can anyone help me with this.
I have a NLB in public subnet with a static ip address and an EC2 instance in private subnet. Connection to EC2 is not working for TCP protocol on port 6000. I have a NAT gateway in public subnet and route table of private subnet is pointing to 0.0.0.0/0 and NAT gateway. EC2 security group, inbound connection is open for 0.0.0.0/0 on port 6000. NACL for both subnets allows inbound and outbound connections. Route table of public subnet has an IGW. What might be missing in the configuration to make it work?
We currently are using Amazon Elastic Compute Cloud t2.large with Windows Server 2012 R2. Microsoft support for Windows Server 2012 R2 ends October 10, 2023. Does that mean we’ll need to upgrade our current AWS setup? If so, what is the cutoff date for when this needs to get done.
I'm trying to modify the networking configuration for my ECS cluster. During the creation process, I was able to specify the VPC and subnets, but I did not see an option to specify a security group. How can I specify a security group for my ECS cluster, and how can I add additional security groups to the cluster after it has been created? Thank you.
Does AWS AppSync support a way to map Queries/Mutations/Fields to a resolver without having to define everything as a 1:1 mapping? I was thinking something like a default or pattern-based resolver mapping, similar to how API Gateway allows you to map entire URL patterns to a Lambda function.
I've been using AWS AppSync for a project that has grown quite large. The vast majority of our GraphQL queries and mutations map to a single Lambda function, which uses a router to match requests to the correct logic. This is similar to how many webapp frameworks are designed. Since all our resolver mappings are 1:1, we're accumulating a giant Cloudformation template that grows with every new Query/Mutation. Updating our Lambda function requires long deployment times because all the resolver mappings must be updated too.
I've searched AWS AppSync documentation and found no reference to such a feature. Does anyone know if a solution exists or have any suggestions?
Hi there,
I am using a 2.5 OpenSearch instance managed by AWS (not serverless). I would like to collect my Prometheus metrics from an EKS in the same VPC as the OpenSearch cluster. But I found no button of configuring data source on the OpenSearch dashboard. I tried to find it using the tutorial here https://opensearch.org/docs/2.4/dashboards/discover/multi-data-sources/. Is it because I do not have the proper permission to do this?
When I get an error using the AWS API the user name in the error text is wrong. It shows a very old name used years ago and I want to update it but don't know how to do it. A typical error contains "User `arn:aws:iam::MYACCOUNTNUMBER:user/owhindev'" where owhindev is old.
I'm toying with API gateway and have run into an issue in which one account gets a 403 Forbidden Error. VPCE's are setup in two accounts. The Account where the api gateway and one of the VPCE's resides works just fine, however the second account does not. The forbidden message is just that "Forbidden" so very unhelpful. Any ideas on how to resolve the 403's?
Calling it like so:
```
curl -v https://vpce-0c868a4b1293a28b5-6gi9t6mm.execute-api.us-east-1.vpce.amazonaws.com/dev -H 'Host: abc123defg.execute-api.us-east-1.amazonaws.com'
```
Resource policy is as follows (I did replace the account id and actual api id with something random):
vpce-078ec1da4e3a0deb3 = VPCE in account where API gateway resides.
vpce-0c868a4b1293a28b5 = VPCE in secondary account.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:us-east-1:123456789123:abc123defg/*",
"Condition": {
"StringNotEquals": {
"aws:sourceVpce": [
"vpce-0925a8e90cbab6f12",
"vpce-078ec1da4e3a0deb3",
"vpce-0c868a4b1293a28b5"
],
"aws:SourceIP": [
"10.0.0.0/8",
"63.237.3.169/32"
],
"aws:sourceVpc": "vpc-06f730a7eb116c752"
}
}
},
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:us-east-1:1234567891323:abc123defg/*"
}
]
}
```