When setting up the load balancer, I understand that it consists of a listener port, a target group port, and an instance port (ip port). I think that the load balancer goes to the target group through the listener port and traffic is divided according to the instance port in the target group. Then, the target group port does not seem to affect the load balancing. What is the role of the target group port?lg...

I purchased a domain in .click. I configured an EC2 instance with a html page and started httpd. I am able to access the html using the public ip of EC2 instance. I created A record in Route 53 for my .click domain under pubic hosted zone and pointed it to EC2 instance. But the html page is not accessible using the domain name. I tested the nslookup and dig using cloudshell. But getting error like "server cant find domain.click: NXDOMAIN" What I'm doing wrong. Kindly assist.lg...

Is it possible to do inter-region (inter-vpc) multicast routing using transit gateway peering connections? If not natively supported, can the result be achieved using specific routing rules (i.e. forward packets with destination `224.0.0.1` to transit gateway peering attachment)? I'm not very familiar with both AWS networking and multicast, so any pointers would help.lg...

Hi team, I have a Cognito user pool with 3 Groups, I want to create users inside Groups as System Administrators: 1. the system Admin will fill out a form about client's: given name, surname, email address + some custom attributes 2. when sending the form (invitation), my lambda function should create the user inside my Cognito user pool Group with all the above attributes. 3. the client will receive a link via email to validate the invitation 4. when the client clicks the link (custom Domain link), he validates the invitation I created a lambda function that creates the user in the Cognito user pool and then added it inside the group (`using adminCreateUser and adminAddUserToGroup AP calls`) ``` const params = { UserPoolId: USER_POOL_ID, Username: event.email, UserAttributes: [ { Name: "email", Value: event.email, }, { Name: "given_name", Value: event.givenName, }, { Name: "family_name", Value: event.familyName, }, ], }; try { const result = await cognitoIdentityServiceProvider .adminCreateUser(params) .promise(); ``` I also configured the Cognito to send a link email > On "Message customisations" page> "Do you want to customize your email verification messages?" > "Verification type" => I chose "Link" option After lambda has run, the user is created with `Confirmation status = ` **Force change password** and the email I received looks like this : ``` Subject = Your temporary password Body = Your username is myEmail@gmail.com and temporary password is Hc>sP40782HNz%. ``` so I expected to receive a Link and when the client click the link it validate the invitation (point 4 above) then the client becomes validated inside my user pool. But I did not receive a link, how can I achieve points 3 and 4? I just want after creating the user and adding it to a group, to make it valid in Cognito once he clicks the emailed linklg...

Hello, I am new to AWS Lambda, I created a Pytorch Lambda function using SAM with architecture x86_64. When invoking the same function with SAM local invoke, the total billable seconds is around 7 seconds, but after "sam deploy --guided" I invoked lambda function + API gateway using Python request module with the exact same setting as sam local invoke (Memory = 3 GB). Then the total billable seconds is around 17 seconds. I just did not understand why there is 10 seconds increase in time.lg...

I am running a Lightsail Instance (WordPress site). I have a static IP address assigned to the instance. It has been running for several months without any problems. I restarted the instance and now the public IP doesn't work, or at least I can't connect to my website. What do I need to do to get the public IP address working again? The static IP is 3.2118.65.209. The DNS is on Cloudflare, and the domain is registered there, too.lg...

based on the docs, enabling throttling allows to set rate and burst in a usage plan. if burst is the number of request api will handle concurrently, so should the rate be always equal or less than the burst limit? why would we want a higher rate than we can can handle?lg...

Hi, I've created an opensearch cluster in a VPC. I'm able to "GET" the cluster details by hitting <vpc endpoint>/_cluster/settings but am not having luck when trying to "POST". Which URL do I need to POST to when the opensearch cluster is deployed in a VPC? Should it work with the <vpc endpoint>/_cluster/settings ? My working GET command - ``` def lambda_handler(event, context): x = requests.get('https://<vpc endpoint>/_cluster/settings?include_defaults=true') ``` output - Function Logs ``` :"5s","max_index_buffer_size":"-1","shard_inactive_time":"5m","index_buffer_size":"10%","min_index_buffer_size":"48mb..." ``` POST command that is not working - ``` def lambda_handler(event, context): url = 'https://vpc-XXXXXX-us-east-1.es.amazonaws.com/_cluster/settings' myobj = {"SnapshotOptions": { "AutomatedSnapshotStartHour": 3 } } x = requests.post(url, json = myobj) ``` output - Function Logs ``` START RequestId: b483f2ca-0051-468a-81cf-8a771a667bd2 Version: $LATEST {"Message":"Your request: '/_cluster/settings' is not allowed for verb: POST"} ``` documentation I followed - https://docs.aws.amazon.com/opensearch-service/latest/developerguide/configuration-api.html#configuration-api-actions-describedomainconfiglg...

I have been battling this for a while. The user must be able to view, edit and create API's. I have tried using the AWS Policy Generator to create the following: ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmtxxxxxxxxxxx", "Action": "apigateway:*", "Effect": "Allow", "Resource": "arn:aws:apigateway:us-east/*" } ] } ``` Then when testing the policy, I get that my username does not have apigateway: GET rights. What gives?lg...

Hi team, I have a Cognito user pool with 3 Groups, I want to create users inside Groups as System Administrator: - the system Admin will fill out a form about client's: given name, surname, email address + some custom attributes - when sending the form (invitation), my lambda function should create the user inside my Cognito user pool Group with all the above attributes. - the client will receive a link via email to validate the **invitation** - when the client clicks the link (custom Domain link), he validates the invitation In the SDK documentation, I found that a system Admin can add users to the Cognito group using the `adminAddUserToGroup` API call ``` var params = { GroupName: 'STRING_VALUE', /* required */ UserPoolId: 'STRING_VALUE', /* required */ Username: 'STRING_VALUE' /* required */ }; cognitoidentityserviceprovider.adminAddUserToGroup(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response }); ``` but the `adminAddUserToGroup` API call, only take as params the GroupName, UserPoolId and Username ``` { "GroupName": "string", "Username": "string", "UserPoolId": "string" } ``` - how can I get my user created (with the given name, surname, email, and custom attributes...) with this call: `adminAddUserToGroup`? - the username on the params above is it the sys admin username or the user name of the client to create? - how can I validate the invitation once the client clicks the verification link? - should I create a new lambda that sends the verification link or the API call `adminAddUserToGroup` send the email to the user on our behalf? the critical part is how can the system admin create a new user (with all attributes: given name, email....), via the `adminAddUserToGroup` API call and how can I validate the invitation when the user clicks the verification link? Thank you team for your help!lg...

I have a private API gateway in its own account. It is used by clients having VPC Endpoint interfaces to execute-api service, and until now these have had Private DNS enabled, and there have been no issues. A new client uses some existing public APIs, so Private DNS is disabled. However, they have had intermittent connectivity to the gateway during their testing. I tried reproducing this from a second account with a test Lambda (node.js, v16, arm) in a VPC, using a VPC Endpoint with Private DNS disabled. I was able to reproduce the intermittent connectivity, but I can't understand why this happens. [Edit: The subnets attached to the VPC use the same security group, and this allows htttps ingress from 10.57.150.0/24] I found that when using the generic endpoint DNS Name (no AZ marker in the name) the intermittent issue could be reproduced. If I switch to using the Endpoint DNS Names that include the AZ marker, then 1 of the DNS Names connected every time, but the other 2 (we use 3 AZs and 1 subnet per AZ) fail to connect with a timeout error. I added a call to resolve the hostname passed in, and all three hosts resolve to what I would expect (10.57.150.x), so I think this is a routing issue rather than DNS. The route tables for all three subnets are the same, 2 routes for the s3 and DynamoDB prefix lists, a route for 10.57.150.0/24 and the remaining 0.0.0.0/0 going via a transit gateway instance. I'm not sure what other information I would need to add here. Has anyone seen anything like this before?lg...

 do I have to incude it here? Thanks in advance!lg...