Questions tagged with AWS Cloud Map
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
AWS ECS issue with cloudMap service
i have created an ECS service and during creation i have enabled service discovery, which in its turn create a namespace in cloudmap service, then cloudmap have created a hosted zone in Rout53 for the ecs service, then i have used that cloud map provided dns name as a CNAME to my domain sub.example.com which is located in different hosted zone, ![Enter image description here](/media/postImages/original/IMQU4ULeDoSNiG7X6auUOIAg) **Issue: ** the above solution was working since about 1 week but i noticed that this solution was not work any more yesterday. To solve the issue temporary, i have mapped the EC2 instance ip (which created by ECS to hold the ecs service) to the domian instead of mapping the domain to the cloudmap DNS service, and everything is working properly, so i don't know why this issue happened suddenly, all things was ok till yesterday, but something unexpected got happened with the cloudmap dns which was working before with no issues.
ECS Fargate - CloudMap Service Discovery not working.
Hello I have created a private clodmap namespace in a VPC and deployed 3 ECS services in to the VPC. My VPC has DNS resolution enabled. On the ECS dashboard I can see the corresponding service discovery names for my services and they all match the records on CloudMap and route 53 hosted zone. My problem is, from service A, I can not reach to service B using service discovery names even though the resources are inside the same fargate cluster. Interestingly, I can reach from A to B if I use the internal IP address. I believe there is a problem in the resolution of the dns, since there is no response to the dig command. I am attaching the logs when I execute a dig command from service A to B. I really appreciate any help, thanks! ![Enter image description here](/media/postImages/original/IMfrRvoIE2RDKViGhc6Kcd4w) ![Enter image description here](/media/postImages/original/IMRJH6bm0fQ1Sl8PojvwuC8Q)
403 CORS Error ONLY on work Laptop and not personal
Hi All, I am getting a 403 CORS error from an API Gateway endpoint ONLY when i use my work laptop. **On my personal laptop everything works fine. ** I checked the with the local IT team and they said there is no firewall policy or anything that prevents CORS. Also i tried installing and enabling chrome extension for CORS on my work laptop. It did not work. Here is the error `Access to fetch at 'xyz' from origin 'abc' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.` In response header i see ``` x-amzn-errortype: ForbiddenException access-control-allow-origin: * access-control-allow-methods: PUT, GET, HEAD, POST, DELETE, OPTIONS content-type: application/json x-amzn-apigw-id: 12344.. ``` The surprising thing is it happens only on work laptop, Has anyone faced this issue before?
How to make the log of "DeleteUser" "responseElements" to have the value of "UserId"
The "DeleteUser" log has a "null" value on "responseElements" filed. Is there any flag I can raise so that the delete_user action will return the "userId" in the response? The scenario is: create then delete in loop users with the same name. I should determine the correlation between creating and deleting logs in real time. I can determine what "create" action is related to what "delete" action since they all have the same name.
APPMESH + ECS_FARGATE - When starting task in ECS Fargate integrated with AWS appmesh, cloudmap service discovery instance is not getting registered (when checked Target group throws 503 error)
When running java microservice in ECS Fargate, application starts and running smoothly. While try integrating AWS appmesh with ECS Fargate, ecs task is running for few minutes and after that task getting restarted continuously. Have found the following line cloudwatch logs for **`envoy container`** > **level=error msg="Couldn't determine the AZ ID due to: unable to fetch placement/availability-zone-id from IMDSv1, Get \"http://169.254.169.254/latest/meta-data/placement/availability-zone-id\": dial tcp 169.254.169.254:80: connect: invalid argument"** Adding this information for reference: **Envoy_Container health status is `HEALTHY` & Application_Container health status is `UNKNOWN`** *Not sure where I'm currently getting stuck any solution for getting out of this issue and start using ECS Fargate service with AWS Appmesh Integrated?*
HTTP API GW + API VPC Link + Cloudmap + Fargate - How does it load balance
I am using an infrastructure setup as described in the title. This setup is also somewhat shown in this picture: https://d2908q01vomqb2.cloudfront.net/1b6453892473a467d07372d45eb05abc2031647a/2021/02/04/5-CloudMap-example.png In the official AWS blog here: https://aws.amazon.com/blogs/compute/configuring-private-integrations-with-amazon-api-gateway-http-apis/ the following is stated about using such setup: > As AWS Cloud Map provides client-side service discovery, you can replace the load balancer with a service registry. Now, connections are routed directly to backend resources, instead of being proxied. This involves fewer components, making deployments safer and with less management, and reducing complexity. My question is simple: What load balancing algorithm does HTTP API GW use when distributing traffic to resources (the Fargate tasks) registered in a service registry? Is it round-robin just as it is with ALB? Only thing I was able to find is this: > For integrations with AWS Cloud Map, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. The registered resources' attributes must include IP addresses and ports. API Gateway distributes requests across healthy resources that are returned from DiscoverInstances. https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-private.html#http-api-develop-integrations-private-Cloud-Map
failed to invoke EFS utils commands to set up EFS volumes: stderr: Failed to resolve "fs-03ec98cf2f1d81580.efs.us-east-1.amazonaws.com"
Hi, I'm following the APPLICATION MODERNIZATION WITH AWS AND DOCKER workshop steps as mentioned and in module 2, Step 1 - Section: ***Deploy to Amazon ECS***, really got stuck when deploying application to AWS ECS. When I execute the "*docker compose up*" command as mentioned, it starts deploying resources and The Docker Compose CLI first concatenates the compose files passed through and generates an opinionated AWS CloudFormation template and deploys it to create the AWS resources defined in our compose file. After few mins , its shows in cloudformation "DELETE_IN_PROGRESS" and when all the resources get decommissioned it throws an error message saying "*DbService TaskFailedToStart: ResourceInitializationError: failed to invoke EFS utils commands to set up EFS volumes: stderr: Failed to resolve '*fs-03ec98cf2f1d81580.efs.us-east-1.amazonaws.com*' - check that your file system ID is correct.*" When I checked in the EFS console, the EFS was created successfully. Not sure why is this causing an issue? **GitHub Repo:** https://github.com/spawar1991/docker-compose-ecs-sample ------------------------------------------------------------------------- Workshop URL: https://docker.awsworkshop.io/31_docker_ecs_integration/10_migrate_to_ecs.html Can someone know how to mitigate this error and why is it causing an issue? Thanks in advance.
Shared account App Mesh and Cloudmap - What's the service discovery behaviour?
My customer is looking at implementing a multi-account/multi-VPC microservice architecture by sharing their App Mesh across accounts. They want to use Cloud Map as a service discovery mechanism and what's not clear to me is how service discovery works in a multi-account scenario. For example, Team X has an account where they deploy their services in ECS and the CloudMap namespace is managed there. How can services in other accounts (in the same mesh) discover services if the namespace is in another account?