Questions tagged with Amazon EC2

I am trying to write a permission boundary policy that allows developers to create personal IAM roles that are only allowed to pass themselves to EC2 instances. I'm not seeing an obvious way to write a general purpose policy for this I tried interpolating the role ARN in the resource field, which didn't work because the field only allows using policy variables in the final segment of the ARN. ``` { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "${aws:PrincipalArn}" } ``` There doesn't seem to be a way to either retrieve the role **name** for use in the resource field, or the target role ARN for use in a condition statement. Thanks P.S. I realize I could create a set of policies that each hardcode the name of the role, but I am hoping to write just a single more flexible policy because I want to use it as a permissions boundary.lg...

I rec'd the notice regarding [ the deprecation of Launch Configurations](https://aws.amazon.com/blogs/compute/amazon-ec2-auto-scaling-will-no-longer-add-support-for-new-ec2-features-to-launch-configurations/) at the end of 2022. The notice states that: > **You can *continue* using launch configurations**, and AWS is committed to supporting applications you have already built using them, but in order for you to take advantage of our most recent and upcoming releases, a migration to launch templates is recommended. Additionally, we plan to no longer support ***new* instance types** with launch configurations by the end of 2022. Does this mean that my ability to use and create new Launch Configurations will continue to work as they do now, but only that any new instance **types** that are introduced in the future are not supported? By "type" I assume that means a new instance type class that currently doesn't exist (e.g. "t3**b**"). Thanks for your help!lg...

Hi, I'm developping a node js site in EB and inside i use Google API. For this i have a large private key ``` -----BEGIN PRIVATE KEY-----\nihriohioerhfierjfirejfi=\n-----END PRIVATE KEY-----\n ``` I tried to store it inside environment variable but it's limited with 256 characters. EC2 key pair value has the same size limit So my question is: Where do i have to store this key and how can i use it inside my node js app? I found this link but i'm not sure if it's the right way and it's not enough explain (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-storingprivatekeys.html) Thanks for your helplg...

I received information that Amazon EC2 Launch Configurations will Deprecate support for new Instances (https://aws.amazon.com/blogs/compute/amazon-ec2-auto-scaling-will-no-longer-add-support-for-new-ec2-features-to-launch-configurations/). When running inventory check I see that all Elastic Beanstalk clusters are using deprecated functionality but there is no migration path in documentation. How does the change impacts Elastic beanstalk users?lg...

I have added one TCP port in NLB for existing ASG instance, health check failing, request anyone please guide me what to check.lg...

There is an error that changes to "??" when I type Korean on the server. I wonder if the hosting server environment is UTF-8. It seems that the server doesn't accept Korean, so I want to know the solution. lg...

EC2 instance with cPanel & CentOS running when ran out of disk space. Using the volume modification option, I increased the size of the volume, but the ClearOS won't change its partitios automaticly, so system is stucked. How do I increase the partitios ofter a volume modification?lg...

Is there any way to use CloudWatch to monitor the number of active connections to a Lightsail/EC2 server? I know there's such an indicator for the Application Load Balancer, however, there's no load balancer in my infrastructure. The number of active web users/connections is one of the most popular indicators and we want to find out more about it. Thank you.lg...

Our infrastructure is in AWS. We use AWS Security Group to define inbound/outbound traffic rules. Our servers are ip restricted, as in only traffic from one particular ip is allowed as per the Security Group rule. Say, we have 2 EC2 apps that serve web traffic. And, as per the Security Group rule, only traffic from that one ip is allowed to these servers on port 80 and 443. We now need for these apps to communicate with each other, i.e. send each other HTTP requests. We want the 2 apps to communicate with each other internally because they belong to the same Public Subnet and VPC. If the communication is not internal, traffic from one app would reach the other app via the internet, and this would not be allowed by the existing Security Group rules. Is trying to keep the communication internal between the 2 apps the standard way? I need some guidance on how to best implement this idea.lg...

As of now, I have been using Lightsail-related computing business for several months, but I have found that sometimes my customers cannot connect to the server in recent months, and this time lasts for a short time, and it will be restored in a few minutes. Still, it makes me worry about its usability. After my investigation, when my client can't access the server, he can't ping the target IP address. Does this explain the difference in the availability of EC2 and Lightsail? Or is it an issue with the AWS network? If my business requires high availability of the network, will using more expensive EC2 improve availability?lg...

Hey team, say I have an RDS endpoint that's publicly available. I then access this endpoint from an EC2 instance. What happens at the network layer? Does the request go to the public internet? Ideally, the system would know that the we're inside the same vpc and hop right over. How could I confirm this?lg...

Hi Is there something needed to be done to enable jumbo packets for RDS instances? Is this feature enabled by default? Thanks!lg...