miztiik / aws-demos Goto Github PK

Hi,

I just tried this stack in the Ohio region but I get this error = subject.
I have tried multiple variants of the availability region from the drop downs but it throws the same error irregardless of what I select.

Do you know why this is?

How can we give a command to press any key during the script?
ex:

1. I want to create anew file: vi test.txt
2. I added some sample data to it
3. I want to press ESC (in order to exit insert mode)
4. Save the file

How can we pass the command to press ESC key?

Hi has anyone extended this form so that one can upload more input field data and more files ?

There is no such parameter in Parameter Group for msql8.0 in AWS RDS. See screenshot:

Please update the docs here.

I would suggest to ask other author to credit the hard work done by you, by at least adding this repo link when copying line by line.

Here is the duplicate entry: https://github.com/kcr123/AWS-Interview-Questions-Answers/tree/master/Interview-Questions

I have created IAM roles and updated the trusted entities as instructed, but I continue to get an error "The defined assume role is unable to be assumed." When executing I am selecting the basic function option.

I did make some minor modifications to the parameter store. I have already created a hardened image and would like to use that one. I am also using Ubuntu 18.04, but don't think any of these modifications would trigger the error above.

Do you have any ideas on what is causing this error?

============================================
{
"schemaVersion": "0.3",
"description": "Create a Golden AMI with Linux distribution packages(ClamAV) and Amazon software(SSM & Inspector). For details,see https://github.com/miztiik/AWS-Demos/tree/master/How-To/setup-ami-lifecycle-management-using-ssm",
"assumeRole": "{{AutomationAssumeRole}}}",
"parameters": {
"SourceAmiId": {
"type": "String",
"description": "(Required) The source Amazon Machine Image ID.",
"default": "{{ssm:/GoldenAMI/Ubuntu/source}}"
},
"InstanceIamRole": {
"type": "String",
"description": "(Required) The name of the role that enables Systems Manager (SSM) to manage the instance.",
"default": "ManagedInstanceRole"
},
"AutomationAssumeRole": {
"type": "String",
"description": "(Required) The ARN of the role that allows Automation to perform the actions on your behalf.",
"default": "arn:aws:iam::{{global:ACCOUNT_ID}}:role/AutomationServiceRole"
},
"SubnetId": {
"type": "String",
"description": "(Required) The subnet that the created instance will be placed into.",
"default": ""
},
"TargetAmiName": {
"type": "String",
"description": "(Optional) The name of the new AMI that will be created. Default is a system-generated string including the source AMI id, and the creation time and date.",
"default": "GoldenAMI-Ubuntu_18_on_{{global:DATE_TIME}}"
},
"InstanceType": {
"type": "String",
"description": "(Optional) Type of instance to launch as the workspace host. Instance types vary by region. Default is t2.medium.",
"default": "t2.medium"
},
"PreUpdateScript": {
"type": "String",
"description": "(Optional) URL of a script to run before updates are applied. Default ("none") is to not run a script.",
"default": "none"
},
"PostUpdateScript": {
"type": "String",
"description": "(Optional) URL of a script to run after package updates are applied. Default ("none") is to not run a script.",
"default": ""
},
"IncludePackages": {
"type": "String",
"description": "(Optional) Only update these named packages. By default ("all"), all available updates are applied.",
"default": "all"
},
"ExcludePackages": {
"type": "String",
"description": "(Optional) Names of packages to hold back from updates, under all conditions. By default ("none"), no package is excluded.",
"default": "none"
},
"lambdaFunctionName": {
"type": "String",
"description": "(Required) The name of the lambda function. Default ('none') is to not run a script.",
"default": "GoldImg-Automation-UpdateSsmParam"
}
},
"mainSteps": [
{
"name": "launchInstance",
"action": "aws:runInstances",
"maxAttempts": 3,
"timeoutSeconds": 1200,
"onFailure": "Abort",
"inputs": {
"ImageId": "{{SourceAmiId}}",
"InstanceType": "{{InstanceType}}",
"SubnetId": "{{ SubnetId }}",
"UserData":
"MinInstanceCount": 1,
"MaxInstanceCount": 1,
"IamInstanceProfileName": "{{InstanceIamRole}}"
}
},
{
"name": "updateOSSoftware",
"action": "aws:runCommand",
"maxAttempts": 3,
"timeoutSeconds": 3600,
"onFailure": "Abort",
"inputs": {
"DocumentName": "AWS-RunShellScript",
"InstanceIds": [
"{{launchInstance.InstanceIds}}"
],
"Parameters": {
"commands": [
"set -e",
"[ -x "$(which wget)" ] && get_contents='wget $1 -O -'",
"[ -x "$(which curl)" ] && get_contents='curl -s -f $1'",
"eval $get_contents https://aws-ssm-downloads-{{global:REGION}}.s3.amazonaws.com/scripts/aws-update-linux-instance > /tmp/aws-update-linux-instance",
"chmod +x /tmp/aws-update-linux-instance",
"/tmp/aws-update-linux-instance --pre-update-script '{{PreUpdateScript}}' --post-update-script '{{PostUpdateScript}}' --include-packages '{{IncludePackages}}' --exclude-packages '{{ExcludePackages}}' 2>&1 | tee /tmp/aws-update-linux-instance.log"
]
}
}
},
{
"name": "installCustomizations",
"action": "aws:runCommand",
"maxAttempts": 3,
"timeoutSeconds": 600,
"onFailure": "Abort",
"inputs": {
"DocumentName": "AWS-RunShellScript",
"InstanceIds": [
"{{launchInstance.InstanceIds}}"
],
"Parameters": {
"commands": "sudo apt-get update && sudo apt-get upgrade -y"
}
}
},
{
"name": "installInspectorAgent",
"action": "aws:runCommand",
"maxAttempts": 3,
"timeoutSeconds": 600,
"onFailure": "Abort",
"inputs": {
"DocumentName": "AmazonInspector-ManageAWSAgent",
"InstanceIds": [
"{{launchInstance.InstanceIds}}"
],
"Parameters": {
"Operation": "Install"
}
}
},
{
"name": "installUnifiedCloudWatchAgent",
"action": "aws:runCommand",
"maxAttempts": 3,
"timeoutSeconds": 600,
"onFailure": "Abort",
"inputs": {
"DocumentName": "AWS-ConfigureAWSPackage",
"InstanceIds": [
"{{launchInstance.InstanceIds}}"
],
"Parameters": {
"name": "AmazonCloudWatchAgent",
"action": "Install"
}
}
},
{
"name": "stopInstance",
"action": "aws:changeInstanceState",
"maxAttempts": 3,
"timeoutSeconds": 1200,
"onFailure": "Abort",
"inputs": {
"InstanceIds": [
"{{launchInstance.InstanceIds}}"
],
"DesiredState": "stopped"
}
},
{
"name": "createImage",
"action": "aws:createImage",
"maxAttempts": 3,
"onFailure": "Abort",
"inputs": {
"InstanceId": "{{launchInstance.InstanceIds}}",
"ImageName": "{{TargetAmiName}}",
"NoReboot": true,
"ImageDescription": "AMI Generated by EC2 Automation on {{global:DATE_TIME}} from {{SourceAmiId}}"
}
},
{
"name": "createEncryptedCopy",
"action": "aws:copyImage",
"maxAttempts": 3,
"onFailure": "Abort",
"inputs": {
"SourceImageId": "{{createImage.ImageId}}",
"SourceRegion": "{{global:REGION}}",
"ImageName": "Encrypted-{{TargetAmiName}}",
"ImageDescription": "Encrypted GoldenAMI by SSM Automation on {{global:DATE_TIME}} from source AMI {{createImage.ImageId}}",
"Encrypted": true
}
},
{
"name": "createTagsForEncryptedImage",
"action": "aws:createTags",
"maxAttempts": 1,
"onFailure": "Continue",
"inputs": {
"ResourceType": "EC2",
"ResourceIds": [
"{{createEncryptedCopy.ImageId}}"
],
"Tags": [
{
"Key": "Automation-Id",
"Value": "{{automation:EXECUTION_ID}}"
},
{
"Key": "Owner",
"Value": "Mystique"
},
{
"Key": "SourceAMI",
"Value": "{{SourceAmiId}}"
},
{
"Key": "Amazon-Inspector",
"Value": "true"
},
{
"Key": "Amazon-SSM",
"Value": "true"
},
{
"Key": "Encrypted",
"Value": "true"
}
]
}
},
{
"name": "updateSsmParam",
"action": "aws:invokeLambdaFunction",
"timeoutSeconds": 1200,
"maxAttempts": 1,
"onFailure": "Abort",
"inputs": {
"FunctionName": "Automation-UpdateSsmParam",
"Payload": "{"parameterName":"/GoldenAMI/Ubuntu/latest", "parameterValue":"{{createEncryptedCopy.ImageId}}"}"
}
},
{
"name": "terminateInstance",
"action": "aws:changeInstanceState",
"maxAttempts": 3,
"onFailure": "Continue",
"inputs": {
"InstanceIds": [
"{{launchInstance.InstanceIds}}"
],
"DesiredState": "terminated"
}
},
{
"name": "deleteUnEcryptedImage",
"action": "aws:deleteImage",
"maxAttempts": 3,
"timeoutSeconds": 180,
"onFailure": "Abort",
"inputs": {
"ImageId": "{{createImage.ImageId}}"
}
}
],
"outputs": [
"createImage.ImageId"
]
}

issue for the interview questions:
Q: Can you establish a peering connection to a VPC in a different REGION?

Ans: Not possible. Peering Connection are available only between VPC in the same region.

need to update the answer to below:
Ans: Yes, if the VPCs are in different regions, the request must be accepted in the region of the accepter VPC.

@KrishDD , In file https://github.com/miztiik/AWS-Demos/tree/master/How-To/setup-lvm-in-EC2#create-file-system there is an extra "". It shoudn't be there

Hi
As showed in the video the bucket has to be private, however index.html file has to be public. I am unable to make my index.html public. please see snapshot below

can you please suggest why "make public" option is grayed out

Hi,

the web server that is built as a part of the CloudFormation is not possible to be accessed.
I get connection refused - is this to do with some of the commands on the linux machine is not supported anymore?
Or why do we get this issue - I did not get it before the first time I tried this code?

This is related to the code in setup-cloudformation-webserver

@KrishDD

In file https://github.com/miztiik/AWS-Demos/tree/master/How-To/setup-lvm-in-EC2#create-file-system can we use "mkdir -p" instead of just "mkdir" it will create the whole directory tree if they are missing and will not throw an error if it already exists.

README.MD needs to be updated of setup-manual-elasticsearch-snapshots

AWS recently updated I was wondering what changes do we need to do to deploy S3 Security - Uploading Objects Using Pre-Signed URLs project or will it work as it is?

With reference to the repo titled " setup-pre-signed-s3-urls/"

When one uploads a file called "filename.png" - the filename is amended to some thing like this:

cd3223123_filename.png.

How can we stop this from happening and retain the original "filename.png"