← All posts tagged aws


AWS CDK Developer Preview

You can think of the CDK as a cloud infrastructure “complier”. It provides a set of high-level class libraries, called Constructs, that abstract AWS cloud resources and encapsulate AWS best practices. Constructs can be snapped together into object-oriented CDK applications that precisely define your application infrastructure and take care of all the complex boilerplate logic. When you run your CDK application, it is compiled into a CloudFormation Template, the “assembly language” for AWS cloud infrastructure.


If you wan to add element in existing list - use nested joins:

ExternalBastionSecurityGroups - List<AWS::EC2::SecurityGroup::Id>
SecurityGroupsList            - List<AWS::EC2::SecurityGroup::Id>
Outputs.BastionSecurityGroup  - AWS::EC2::SecurityGroup::Id

SecurityGroupsList: !Join
  - ','
  - - !GetAtt [ securitygroups, Outputs.BastionSecurityGroup ]
    - !Join [ ',', !Ref ExternalBastionSecurityGroups ]


This IAM Role trust relationship configuration allow IAM User from another account to assume current role

"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::USER-ACCOUNT-ID:root"
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:username": "USER-NAME"


get current version of deployed by docker application on aws (hard way)

on linux host with access to ECR
# get login string
aws ecr get-login --registry-ids ECR-ACCOUNT-ID --region ECR-REGION
# get latest deployed image
docker pull ECR-ACCOUNT-ID.dkr.ecr.ECR-REGION.amazonaws.com/ECR-NAME:latest
# run and verify
docker run -it ECR-ACCOUNT-ID.dkr.ecr.ECR-REGION.amazonaws.com/ECR-NAME:latest bash
# list ontainers to get container ID
docker ps -a
# docker cp CONTAINER-ID:/file/path/within/container /host/path/target
# create APP-NAMEzip with application files
zip -r /tmp/APP-NAME /tmp/APP-NAME

on win host
# register environment key file in putty
# run copy command
pscp -r ec2-user@LINUX-HOST-DNS:/tmp/APP-NAME.zip d:\


manual deployment of elastic beanstalk application:

upload new package version to s3

aws s3 cp app-package.zip s3://packages-bucket/packages/manual-app-0.zip --profile yourprofile

create new version in beanstalk

aws elasticbeanstalk create-application-version --application-name some-app --version-label "manual-0" --source-bundle S3Bucket="packages-bucket",S3Key="/packages/manual-app-0.zip" --profile yourprofile

update beanstalk to new version

aws elasticbeanstalk update-environment --application-name some-app --environment-id e-someid --version-label "manual-0" --profile yourprofile



There are couple issues with push agent functionality:

— by default wrapper.ntservice.interactive setting in the buildAgent/launcher/conf/wrapper.conf configuration file is set to true — this brings to error during agent installation with psexec:

in the push agent logs:

bootstrapper.exe exited on MY_AGENT_HOST_IP with error code 255.
Remote agent installation failed: Command 'D:\:\teamcity\temp___5060497447753492559\cli-wrapper.exe D:\teamcity_data\system\pluginData\psexec\psexec.exe /accepteula \\MY_AGENT_HOST_IP -e -h -u MY_USER -p ********** -c -f D:\teamcity\temp___5612841585882618839\bootstrapper.exe bootstrap -u MY_TC_MASTER_HOST – bin\install.bat MY_TC_MASTER_HOST C:\\BuildAgent 27f25fcd78b2812602f9a14ea6756bae' was executed with error message(s): Execution error. Return code=255

in the windows event logs on agent host:

The TeamCity Build Agent service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

— it would be good to determine if push agent functionality used to install agent on EC2 host and set wrapper.ntservice.dependency.1=Ec2Config setting of the buildAgent/launcher/conf/wrapper.conf configuration file. As mentioned in manual (https://confluence.jetbrains.com/display/TCD9/Setting+up+and+Running+Additional+Build+Agents#SettingupandRunningAdditionalBuildAgents-BuildAgentasaWindowsService). Or provide corresponding configuration option in the Agent Push preset configuration dialog

— to simplify agent push configuration on the AWS please add note to manual about 445 port that should be configured in the AWS::EC2::SecurityGroup attached to build agent host. This allow to communicate psexec from TeamCity server host with build agent host