Questions tagged with Amazon EC2

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Can I Use NVMe Reservation on a Multi-Attach Enabled Volume?

Hi, I want to use Amazon EBS Multi-Attach to share data between multiple EC2 instances. In the [UserGuide](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes-multi.html), it says > Multi-Attach enabled volumes do not support I/O fencing. I/O fencing protocols control write access in a shared storage environment to maintain data consistency. Your applications must provide write ordering for the attached instances to maintain data consistency. I've googled *"I/O fencing"* and found that NVMe Reservation is a good way (compared to "power fencing", which means powering off the error node) to implement I/O fencing. However, I failed to use NVMe Reservation on a Multi-Attach Enabled Volume. The details are as follows. - EC2: r5b.large, ubuntu-22.04 - EBS: io2, 100GiB, 6000 IOPS, enabled Multi-Attach I run following command in ec2 instance: ``` > sudo nvme list ``` and get ``` Node SN Model Namespace Usage Format FW Rev --------------------- -------------------- ---------------------------------------- --------- -------------------------- ---------------- -------- /dev/nvme0n1 volxxxxxxxxxxxxxxxx Amazon Elastic Block Store 1 8.59 GB / 8.59 GB 512 B + 0 B 2.0 /dev/nvme1n1 volxxxxxxxxxxxxxxxx Amazon Elastic Block Store 1 107.37 GB / 107.37 GB 512 B + 0 B 2.0 ``` then run ``` > sudo nvme resv-register -n 1 --crkey=0x0 --nrkey=0xa1 --rrega=0 /dev/nvme1n1 ``` and get ``` NVMe status: INVALID_OPCODE: The associated command opcode field is not valid(0x2001) ``` I googled this error message and find that it may be caused by the driver not supporting. To confirm that, I run ``` > sudo nvme amzn id-ctrl /dev/nvme1n1 -H ``` and get ``` ... oncs : 0 [8:8] : 0 Copy Not Supported [7:7] : 0 Verify Not Supported [6:6] : 0 Timestamp Not Supported [5:5] : 0 Reservations Not Supported [4:4] : 0 Save and Select Not Supported [3:3] : 0 Write Zeroes Not Supported [2:2] : 0 Data Set Management Not Supported [1:1] : 0 Write Uncorrectable Not Supported [0:0] : 0 Compare Not Supported ... ``` The fifth bit indicates that "not supporting reservation". So does **NOT** AWS Multi-Attach Enabled Volume support NVMe Reservation? Or there are other ways to solve this problem?
1
answers
0
votes
26
views
Robert
asked 19 days ago

AWS Inspector V2 and AWS Inspector Classic findings are different

I am using Ubuntu 20.04 EC2 Instances and was investigating the difference between AWS Inspector Classic and AWS Inspector V2. There seemed to be many differences but the main one was the actual findings. With Inspector Classic a number of CVE would be found while with Inspector V2 the same instance once scanned would say `No Findings`. ### Inspector Classic finds 53 CVE's ![Enter image description here](/media/postImages/original/IM7H1iE2k8S2iL21F4CODGEQ) ### Same instance with InspectorV2 Just show `No findings` ![Enter image description here](/media/postImages/original/IMLgoOIjGzSqm7eZcT5bGH4Q) ------- With Inspector Classic I did attach a rule called `Common Vulnerabilities and Exposures-1.1`. I'm not sure what Inspector V2 actually checks against either. During my search to make this work did find that I needed the following Systems Managers manager Association needed to work `InspectorInventoryCollection-do-not-delete`. It's working now and show success for all ec2 instances. I am unsure if the `InvokeInspectorSsmPlugin-do-not-delete` Association needs to work as well. Not quite sure what this is used for but it shows skipped for all instances and when I look at the detailed status output on a specific instances is just says `InvalidPlatform`. Not sure if this is related. Can InspectorV2 actually be used to check Ubuntu 20.04 CVE's. If so how. Is there some special IAM or SSM config/setup that needs to be applied?
1
answers
0
votes
25
views
profile picture
dili
asked 20 days ago