Questions tagged with Amazon EC2

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

CloudFront - API Gateway as Reverse HTTP Proxy to CloudFront - ALB - EC2

I'm trying to set up an API Gateway as a simple proxy, using the Proxy option. The back-end is a endpoint hosted by an Cloudfront as reverse proxy for ALB + application running on EC2. User -> Cloudfront -> API Gateway Proxy Integration -> CLoudFront -> ALB -> Internal APIs hosted by EC2s. Cloudfront and API gw proxy located is in AWS account A and CloudFront + ALB + EC2 is located in account B. When I use API gateway console to test method, request hits the targeted internal api without any problem. Test execution log: ``` Execution log for request 849015fb-12c9-4619-bc96-363ecb6e9e94 Fri Nov 18 17:33:08 UTC 2022 : Starting execution for request: 849015fb-12c9-4619-bc96-363ecb6e9e94 Fri Nov 18 17:33:08 UTC 2022 : HTTP Method: POST, Resource Path: /api/v2/test/apply Fri Nov 18 17:33:08 UTC 2022 : Method request path: {} Fri Nov 18 17:33:08 UTC 2022 : Method request query string: {} Fri Nov 18 17:33:08 UTC 2022 : Method request headers: {} Fri Nov 18 17:33:08 UTC 2022 : Method request body before transformations: Fri Nov 18 17:33:08 UTC 2022 : Endpoint request URI: https://example.com/ext/v2/test/apply Fri Nov 18 17:33:08 UTC 2022 : Endpoint request headers: {x-amzn-apigateway-api-id=u041f78dig, User-Agent=AmazonAPIGateway_u041f78dig, X-Custom-Header=xxx} Fri Nov 18 17:33:08 UTC 2022 : Endpoint request body after transformations: Fri Nov 18 17:33:08 UTC 2022 : Sending request to https://example.com/ext/v2/test/apply Fri Nov 18 17:33:08 UTC 2022 : Received response. Status: 400, Integration latency: 55 ms Fri Nov 18 17:33:08 UTC 2022 : Endpoint response headers: {Content-Length=0, Connection=keep-alive, Date=Fri, 18 Nov 2022 17:33:08 GMT, Server=nginx, X-Custom-Header=4100adeb, X-Cache=Error from cloudfront, Via=1.1 c022ca80d7b946eb138dfd2e55c98980.cloudfront.net (CloudFront), X-Amz-Cf-Pop=IAD12-P4, X-Amz-Cf-Id=xxx} Fri Nov 18 17:33:08 UTC 2022 : Endpoint response body before transformations: Fri Nov 18 17:33:08 UTC 2022 : Method response body after transformations: Fri Nov 18 17:33:08 UTC 2022 : Method response headers: {Content-Length=0, Connection=keep-alive, Date=Fri, 18 Nov 2022 17:33:08 GMT, Server=nginx, X-Custom-Header=4100adeb, X-Cache=Error from cloudfront, Via=1.1 c022ca80d7b946eb138dfd2e55c98980.cloudfront.net (CloudFront), X-Amz-Cf-Pop=IAD12-P4, X-Amz-Cf-Id=xxx} Fri Nov 18 17:33:08 UTC 2022 : Successfully completed execution Fri Nov 18 17:33:08 UTC 2022 : Method completed with status: 400 ``` You can count 400 as success, because it returned from internal api running on EC2. When I'm trying to invoke cloudfront-account-a.com/api/v2/test/apply I'm getting 403 error from CF with the following headers: ``` access-control-allow-origin: * access-control-expose-headers: * content-length: 915 content-type: text/html date: Fri, 18 Nov 2022 17:11:43 GMT referrer-policy: strict-origin-when-cross-origin strict-transport-security: max-age=31536000 via: 1.1 a27022837959b6f70545c8d6d0de9d04.cloudfront.net (CloudFront), 1.1 f0f1092b2ad1f0e573a4fcbefe4fb620.cloudfront.net (CloudFront), 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront) x-amz-apigw-id: xxx x-amz-cf-id: xxx x-amz-cf-pop: IAD12-P4 x-amz-cf-pop: IAD79-C1 x-amz-cf-pop: IAD89-C1 x-amzn-remapped-connection: keep-alive x-amzn-remapped-content-length: 915 x-amzn-remapped-date: Fri, 18 Nov 2022 17:11:43 GMT x-amzn-remapped-server: CloudFront x-amzn-requestid: 4d928828-e650-492f-b165-0654c97acab5 x-cache: Error from cloudfront x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block ``` What I'm doing wrong? Is it even possible to proxy request in the way I'm trying to do?
1
answers
0
votes
45
views
IP
asked 11 days ago

Can I Use NVMe Reservation on a Multi-Attach Enabled Volume?

Hi, I want to use Amazon EBS Multi-Attach to share data between multiple EC2 instances. In the [UserGuide](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes-multi.html), it says > Multi-Attach enabled volumes do not support I/O fencing. I/O fencing protocols control write access in a shared storage environment to maintain data consistency. Your applications must provide write ordering for the attached instances to maintain data consistency. I've googled *"I/O fencing"* and found that NVMe Reservation is a good way (compared to "power fencing", which means powering off the error node) to implement I/O fencing. However, I failed to use NVMe Reservation on a Multi-Attach Enabled Volume. The details are as follows. - EC2: r5b.large, ubuntu-22.04 - EBS: io2, 100GiB, 6000 IOPS, enabled Multi-Attach I run following command in ec2 instance: ``` > sudo nvme list ``` and get ``` Node SN Model Namespace Usage Format FW Rev --------------------- -------------------- ---------------------------------------- --------- -------------------------- ---------------- -------- /dev/nvme0n1 volxxxxxxxxxxxxxxxx Amazon Elastic Block Store 1 8.59 GB / 8.59 GB 512 B + 0 B 2.0 /dev/nvme1n1 volxxxxxxxxxxxxxxxx Amazon Elastic Block Store 1 107.37 GB / 107.37 GB 512 B + 0 B 2.0 ``` then run ``` > sudo nvme resv-register -n 1 --crkey=0x0 --nrkey=0xa1 --rrega=0 /dev/nvme1n1 ``` and get ``` NVMe status: INVALID_OPCODE: The associated command opcode field is not valid(0x2001) ``` I googled this error message and find that it may be caused by the driver not supporting. To confirm that, I run ``` > sudo nvme amzn id-ctrl /dev/nvme1n1 -H ``` and get ``` ... oncs : 0 [8:8] : 0 Copy Not Supported [7:7] : 0 Verify Not Supported [6:6] : 0 Timestamp Not Supported [5:5] : 0 Reservations Not Supported [4:4] : 0 Save and Select Not Supported [3:3] : 0 Write Zeroes Not Supported [2:2] : 0 Data Set Management Not Supported [1:1] : 0 Write Uncorrectable Not Supported [0:0] : 0 Compare Not Supported ... ``` The fifth bit indicates that "not supporting reservation". So does **NOT** AWS Multi-Attach Enabled Volume support NVMe Reservation? Or there are other ways to solve this problem?
1
answers
0
votes
24
views
Robert
asked 12 days ago