← All posts tagged aws

otakuSiD
asg codedeploy aws In case when following error bring to canceling of new asg instance launching:
Launching a new EC2 instance: INSTANCE-ID. Status Reason: Instance failed to complete user's Lifecycle Action: Lifecycle Action with token TOKEN was abandoned: Heartbeat Timeout

Check that asg have no lifecykle hooks related to not existing CodeDeploy Deployment Group with following command:
aws autoscaling describe-lifecycle-hooks --auto-scaling-group-name ASG_NAME --profile PROFILE_NAME --region AWS_REGION

If hook for not existing CodeDeploy Deployment Group exist — delete it
aws autoscaling delete-lifecycle-hook --auto-scaling-group-name ASG_NAME --lifecycle-hook-name HOOK_NAME --profile PROFILE_NAME --region AWS_REGION
otakuSiD
dev infrastructure aws AWS CDK Developer Preview

You can think of the CDK as a cloud infrastructure “complier”. It provides a set of high-level class libraries, called Constructs, that abstract AWS cloud resources and encapsulate AWS best practices. Constructs can be snapped together into object-oriented CDK applications that precisely define your application infrastructure and take care of all the complex boilerplate logic. When you run your CDK application, it is compiled into a CloudFormation Template, the “assembly language” for AWS cloud infrastructure.

aws.amazon.com
otakuSiD
code infrastructure cloudformation aws
If you wan to add element in existing list - use nested joins:

ExternalBastionSecurityGroups - List<AWS::EC2::SecurityGroup::Id>
SecurityGroupsList            - List<AWS::EC2::SecurityGroup::Id>
Outputs.BastionSecurityGroup  - AWS::EC2::SecurityGroup::Id

SecurityGroupsList: !Join
  - ','
  - - !GetAtt [ securitygroups, Outputs.BastionSecurityGroup ]
    - !Join [ ',', !Ref ExternalBastionSecurityGroups ]
otakuSiD
dev iam aws This IAM Role trust relationship configuration allow IAM User from another account to assume current role

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::USER-ACCOUNT-ID:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:username": "USER-NAME"
}
}
}
]
}
otakuSiD
docker dev aws get current version of deployed by docker application on aws (hard way)

on linux host with access to ECR
```
# get login string
aws ecr get-login --registry-ids ECR-ACCOUNT-ID --region ECR-REGION
# get latest deployed image
docker pull ECR-ACCOUNT-ID.dkr.ecr.ECR-REGION.amazonaws.com/ECR-NAME:latest
# run and verify
docker run -it ECR-ACCOUNT-ID.dkr.ecr.ECR-REGION.amazonaws.com/ECR-NAME:latest bash
# list ontainers to get container ID
docker ps -a
# docker cp CONTAINER-ID:/file/path/within/container /host/path/target
# create APP-NAMEzip with application files
zip -r /tmp/APP-NAME /tmp/APP-NAME
```

on win host
```
# register environment key file in putty
# run copy command
pscp -r ec2-user@LINUX-HOST-DNS:/tmp/APP-NAME.zip d:\
```