← All posts tagged aws


In case when following error bring to canceling of new asg instance launching:
Launching a new EC2 instance: INSTANCE-ID. Status Reason: Instance failed to complete user's Lifecycle Action: Lifecycle Action with token TOKEN was abandoned: Heartbeat Timeout
Check that asg have no lifecykle hooks related to not existing CodeDeploy Deployment Group with following command:
aws autoscaling describe-lifecycle-hooks --auto-scaling-group-name ASG_NAME --profile PROFILE_NAME --region AWS_REGION
If hook for not existing CodeDeploy Deployment Group exist — delete it
aws autoscaling delete-lifecycle-hook --auto-scaling-group-name ASG_NAME --lifecycle-hook-name HOOK_NAME --profile PROFILE_NAME --region AWS_REGION


AWS CDK Developer Preview

You can think of the CDK as a cloud infrastructure “complier”. It provides a set of high-level class libraries, called Constructs, that abstract AWS cloud resources and encapsulate AWS best practices. Constructs can be snapped together into object-oriented CDK applications that precisely define your application infrastructure and take care of all the complex boilerplate logic. When you run your CDK application, it is compiled into a CloudFormation Template, the “assembly language” for AWS cloud infrastructure.


If you wan to add element in existing list - use nested joins:

ExternalBastionSecurityGroups - List<AWS::EC2::SecurityGroup::Id>
SecurityGroupsList            - List<AWS::EC2::SecurityGroup::Id>
Outputs.BastionSecurityGroup  - AWS::EC2::SecurityGroup::Id

SecurityGroupsList: !Join
  - ','
  - - !GetAtt [ securitygroups, Outputs.BastionSecurityGroup ]
    - !Join [ ',', !Ref ExternalBastionSecurityGroups ]


This IAM Role trust relationship configuration allow IAM User from another account to assume current role

"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::USER-ACCOUNT-ID:root"
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:username": "USER-NAME"


get current version of deployed by docker application on aws (hard way)

on linux host with access to ECR
# get login string
aws ecr get-login --registry-ids ECR-ACCOUNT-ID --region ECR-REGION
# get latest deployed image
docker pull ECR-ACCOUNT-ID.dkr.ecr.ECR-REGION.amazonaws.com/ECR-NAME:latest
# run and verify
docker run -it ECR-ACCOUNT-ID.dkr.ecr.ECR-REGION.amazonaws.com/ECR-NAME:latest bash
# list ontainers to get container ID
docker ps -a
# docker cp CONTAINER-ID:/file/path/within/container /host/path/target
# create APP-NAMEzip with application files
zip -r /tmp/APP-NAME /tmp/APP-NAME

on win host
# register environment key file in putty
# run copy command
pscp -r ec2-user@LINUX-HOST-DNS:/tmp/APP-NAME.zip d:\


manual deployment of elastic beanstalk application:

upload new package version to s3

aws s3 cp app-package.zip s3://packages-bucket/packages/manual-app-0.zip --profile yourprofile

create new version in beanstalk

aws elasticbeanstalk create-application-version --application-name some-app --version-label "manual-0" --source-bundle S3Bucket="packages-bucket",S3Key="/packages/manual-app-0.zip" --profile yourprofile

update beanstalk to new version

aws elasticbeanstalk update-environment --application-name some-app --environment-id e-someid --version-label "manual-0" --profile yourprofile