Management & Governance

Hi, we use CloudFormation and SAM to deploy our Lambda (Node.js) functions. All our Lambda functions has a layer set through `Globals`. When we make breaking changes in the layer code we get errors during deployment because new Lambda functions are rolled out to production with old layer and after a few seconds *(~40 seconds in our case)* it starts using the new layer. For example, let's say we add a new class to the layer and we import it in the function code then we get an error that says `NewClass is not found` for a few seconds during deployment *(this happens because new function code still uses old layer which doesn't have `NewClass`)*. Is it possible to ensure new lambda function is always rolled out with the latest layer version? Example CloudFormation template.yaml: ``` Globals: Function: Runtime: nodejs14.x Layers: - !Ref CoreLayer Resources: CoreLayer: Type: AWS::Serverless::LayerVersion Properties: LayerName: core-layer ContentUri: packages/coreLayer/dist CompatibleRuntimes: - nodejs14.x Metadata: BuildMethod: nodejs14.x ExampleFunction: Type: AWS::Serverless::Function Properties: FunctionName: example-function CodeUri: packages/exampleFunction/dist ``` SAM build: `sam build --base-dir . --template ./template.yaml` SAM package: `sam package --s3-bucket example-lambda --output-template-file ./cf.yaml` Example CloudFormation deployment events, as you can see new layer (`CoreLayer123abc456`) is created before updating the Lambda function so it should be available to use in the new function code but for some reasons Lambda is updated and deployed with the old layer version for a few seconds: | Timestamp | Logical ID | Status | Status reason | | --- | --- | --- | --- | 2022-05-23 16:26:54 | stack-name | UPDATE_COMPLETE | - 2022-05-23 16:26:54 | CoreLayer789def456 | DELETE_SKIPPED | - 2022-05-23 16:26:53 | v3uat-farthing | UPDATE_COMPLETE_CLEANUP_IN_PROGRESS | - 2022-05-23 16:26:44 | ExampleFunction | UPDATE_COMPLETE | - 2022-05-23 16:25:58 | ExampleFunction | UPDATE_IN_PROGRESS | - 2022-05-23 16:25:53 | CoreLayer123abc456 | CREATE_COMPLETE | - 2022-05-23 16:25:53 | CoreLayer123abc456 | CREATE_IN_PROGRESS | Resource creation Initiated 2022-05-23 16:25:50 | CoreLayer123abc456 | CREATE_IN_PROGRESS | - 2022-05-23 16:25:41 | stack-name | UPDATE_IN_PROGRESS | User Initiated

When I created an EC2 instance and for that I created access key and secret key pair, and download the same from aws console site, as a csv file, the file just contains 2 rows, access key and secret key, but don't have username field in it. And when I go into my local ubuntu client shell, and try to configure aws cli there, it asks for the csv file in which my username row also should be given. How come? I've tried many times. Also, I've tried manually inserting my username in the first row of the csv file, but it didn't work. username=BathindaHelper or user name=BathindaHelper none worked.

I want to create accounts in an organization programmatically and once created, I would like to programmatically manage resources within the account. How can this be done without having to use the AWS Console to switch accounts or reset the password? Can I use the AWS ~~API~~ SDK with an access key from the organization account to target the sub account?

Hi everyone, i have been trying to test AWS elastic disaster recover, i have successfully initiate drill and also initiate recovery. but the problem is when i try to test failback, i have failed. i already create an account using failback user with recommended credential. [![credential]](https://agit365-my.sharepoint.com/:i:/g/personal/jeff_ag-it_com/ERkb6azgA21ElkQqQdgTQfoBLu9s_gHP8Yq3Qi1RqL8Dcg?e=VSFrxb) when i tried to failback it comeback with this error. [![error]](https://agit365-my.sharepoint.com/:i:/g/personal/jeff_ag-it_com/EWTxXOeB1U9PtO-gyepnu1cByM8xycqeDI2vIn9pnzbbTA?e=rIUZoF) i hope there are someone who can help me with this ? is there anything that i miss in the configuration ? for region i use ap-southeast-1.

Afternoon all, the title says it all. I really just want to have cloudwatch send text messages when critical services fail. I am not in the sandbox anymore (it appears), and under Text messaging (SMS) I see my failed messages. (I did setup a cloudwatch alert to use that number). I did notice under Origination numbers I have one number that says active, but capabilities only says VOICE. The {i} mouseover help says this number doesn't support SMS. So, I am reading a bit all over, and I see where inside pinpoint I can request a short-code or 10DLC. I am just needing some help confirming that I am on the right path as that step shows for the long code a $54 registration fee, then $11/month. Am I correct in that if the above is needed, I could then send those SMS alerts for the $11/mo? Thanks

I have created a composite SSM document that included the AWS-RunShellScript document: This is the action portion: { "action": "aws:runDocument", "name": "RunShellScriptHello", "inputs": { "documentType": "SSMDocument", "documentPath": "AWS-RunShellScript", "documentParameters": "{\"commands\":\"echo hello > /tmp/testcomp\"}" } When I run it, I keep getting the error: Invalid format in plugin properties map[id:0.aws:runShellScript runCommand:echo hello > /tmp/testcomp timeoutSeconds:3600 workingDirectory:]; error json: cannot unmarshal string into Go struct field RunScriptPluginInput.RunCommand of type []string I just don't understand why I am getting this response.

Hi everyone, new to CloudWatch log insights. Trying to make sense out of this. ``` responseStatus.code: 200 responseStatus.message: Connection closed early response Status.status: Success ``` How is it possible for the connection to be successful and the connection to be closed early? When googling this issue, nothing came up. Side question: is there a way to query for Ports and/or Protocol? I have an alert from Guard Duty that I have been bending over backwards to find out in the logs but none of the logs from that time period in CloudWatch mentions any Port or Protocol, both of which was the cause of the alert. Does anybody know where I can get more info besides using Detective? Thank you.

I am unable to create an instance. Getting "Error loading AMI data" while creating instance. Also in dashboard getting error "An error occurred retrieving ..." Also I see the below error on EC2 Dashboard. Supported platforms * An error occurred * An error occurred retrieving supported platforms Default VPC * An error occurred * An error occurred checking for a default VPC Service health * An error occurred * An error occurred retrieving service health information Scheduled events * An error occurred * There was an error while checking for scheduled events

Looking at the documentation of `AWS::EC2::TransitGatewayAttachment` and `AWS::EC2::TransitGatewayVpcAttachment` it looks that first is a subset of later. If `TransitGatewayVpcAttachment`is kept only for backwards compatibility, would it make sense to add a note into documentation stating this is obsolete version, and there is better alternative available? * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayattachment.html * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayvpcattachment.html

My use case is to fetch the number of rows returned/affected by a SQL query of Postgres/MYSQL RDS using the logs. Is there any configuration option?

Hello I am trying to create one EC2 using cloudformation. The requirement is to use volume attachment with a snapshot id. This snapshot id is coming from my AMI and the snapshot id provided is the root device. (AMI only consist of one snapshot) I got the error message: Property ImageId cannot be empty when deploying the resource. When I input the ImageId for AWS::EC2::Instance, it will crash with AWS::EC2::VolumeAttachment property. Can someone help to modify my template and point out how can I fix this issue? ``` --- Description: "AWS CloudFormation sample template. Create a new EC2 instance" Resources: myEC2Instance: Properties: IamInstanceProfile: ec2role InstanceType: t2.micro SecurityGroupIds: - sg-123456 SubnetId: subnet-123456 Tags: - Key: Name Value: ec2test Type: "AWS::EC2::Instance" myMountPoint: Properties: Device: /dev/xvda InstanceId: myEC2Instance VolumeId: myVolume Type: "AWS::EC2::VolumeAttachment" myVolume: Properties: AvailabilityZone: !GetAtt myEC2Instance.AvailabilityZone Size: 10 SnapshotId: snap-123456 Tags: - Key: Name Value: ebstest VolumeType: gp2 Size: 10 Type: "AWS::EC2::Volume" ```

Hi, I have an ApplicationLoadBalancedFargateService that exposes a service on one port, but the health check runs on another. Unfortunately, the target fails health check and terminates the task. Here's a snippet of my code ``` const hostPort = 5701; const healthCheckPort = 8080; taskDefinition.addContainer(stackPrefix + 'Container', { image: ecs.ContainerImage.fromRegistry('hazelcast/hazelcast:3.12.6'), environment : { 'JAVA_OPTS': `-Dhazelcast.local.publicAddress=localhost:${hostPort} -Dhazelcast.rest.enabled=true`, 'LOGGING_LEVEL':'DEBUG', 'PROMETHEUS_PORT': `${healthCheckPort}`}, portMappings: [{containerPort : hostPort, hostPort: hostPort},{containerPort : healthCheckPort, hostPort: healthCheckPort}], logging: ecs.LogDriver.awsLogs({streamPrefix: stackPrefix, logRetention: logs.RetentionDays.ONE_DAY}), }); const loadBalancedFargateService = new ecsPatterns.ApplicationLoadBalancedFargateService(this, stackPrefix + 'Service', { cluster, publicLoadBalancer : false, desiredCount: 1, listenerPort: hostPort, taskDefinition: taskDefinition, securityGroups : [fargateServiceSecurityGroup], domainName : env.getPrefixedRoute53(stackName), domainZone : env.getDomainZone(), }); loadBalancedFargateService.targetGroup.configureHealthCheck({ path: "/metrics", port: healthCheckPort.toString(), timeout: cdk.Duration.seconds(15), interval: cdk.Duration.seconds(30), healthyThresholdCount: 2, unhealthyThresholdCount: 5, healthyHttpCodes: '200-299' }); ``` Any suggestions on how I can get this to work? thanks

I copied an EBS environment and was showing severe health because the environment was not pinging /healthCheck. I couldn't find where to change the "health check URL" so I updated the server to response with 200(OK) on root / Now I'm getting Cloudwatch logs with 404 responses on /healthCheck....grrr. It's like EBS is pinging /healthCheck but listening on root /. How can I fix this?

Need to switch account from ADS employee to AWS employee and NOT have to pay/put in credit card. Can someone help?

Hi, Working in Xilinx Vitis flow for F1 FPGA instance I am trying to forward placement constriants on F1 FPGA in the synthesis/placement stage but the vivado said there is collision with current constraints probably becuase the vitis flow with AWS shell provide constrints on the user logic locations So I tried to put placement constraints on the use logic side but again got error from impl process and terminated the execution of the synthesis. Please advise how to forward placement constraints to my user logic in a way that I can put my logic in the place that was dedicated for the user Thanks

Hi, Using xrt application and trying to access to read/write register and got this error: [XRT] ERROR: xclRegRW: can't map CU: My xrt.ini contains this content: [Debug] profile=true [Runtime] rw_shared=true runtime_log=console and inside the my code I used those commands: / Read clock count from clk_cnt* registers and unite into 64-bit value // There is issue with [XRT] error : xclRegRW: can't map CU: clock count is 0 xclOpenContext(handle, xclbinId, cuidx, false); xclRegRead(handle, cuidx, clk_cnt_lsb_offset, &clk_cnt_lsb); xclCloseContext(handle, xclbinId, cuidx); xclOpenContext(handle, xclbinId, cuidx, false); xclRegRead(handle, cuidx, clk_cnt_msb_offset, &clk_cnt_msb); xclCloseContext(handle, xclbinId, cuidx); long int clock_count = ((long int)clk_cnt_msb << 32) | (long int)clk_cnt_lsb; std::cout << std::endl << "Clock count is: " << clock_count << std::endl;

Hi Is there any API to create DataExchange Product dynamically? If not can [this service catalog API](https://docs.aws.amazon.com/servicecatalog/latest/dg/API_CreateProduct.html) be used with some CLOUD_FORMATION_TEMPLATE? Thank you in advance for any help you can provide.

Hello, We have a application running on elasticbeanstalk that listens for client request and returns a stream segment. We have some requirements for application: 1) Client session should be sticky (all request for some session should go to same EC2) for specified time without any changes on client side. (we can't add cookie sending via client). As per my understanding application load balancer supports that and i enabled stickiness in load balancer. As per my understanding load balancer generated cookie are managed by load balancer and we do not need to send cookie through client side. 2) Based on CPU utilisation we need to auto scale instances, (when CPU load > 80%) we need to scale instances +1. Problem:- 1) When i request from multiple clients from same IP address. CPU load goes above 80% and new instance is launched. But after sometime i see CPU load going down . does this mean that 1 of these client are now connected to new instance and load is shared. That means stickiness is not working. Though It is not clear how to test it properly. However sometimes when i tried to stop new instance manually . No client has got any errors. When I stop first instance all client gets 404 error for sometime. How to check whether stickiness is working properly ? 2) If i get stickiness to work. As per my understanding Load will not be shared by new instance. So Average CPU usage will be same. So autoscaling will keep on launching new instance until max limit. How do i set stickiness with autoscaling feature. I set stickiness seconds to 86400 sec (24 hours) for safe side. Can someone please guide me how to configure stickiness and autoscaling proper way ?