#StackBounty: #nginx #amazon-web-services #node.js #elastic-beanstalk NGINX Set client_max_body_size For One Route on AWS Elastic Beans…

Bounty: 50

I have a Node.Js application deployed to Amazon Elastic Beanstalk. When uploading a file, I get the following error:

2019/03/04 17:00:42 [error] 4325#0: *722 client intended to send too large body: 30877841 bytes,
client: my ip,
server: ,
request: "POST /api/files/upload HTTP/1.1",
host: "mydomain.com",
referrer: "mydomain.com/..."

Therefore, I need to add client_max_body_size XXM to nginx.conf.

Issues

(1) But as I am using Amazon Elastic Beanstalk, I don’t know how to do this, without connecting to every single EC2 instance and updating the file manually.

(2) I also want to increase the max size only for one url.


Get this bounty!!!

#StackBounty: #dns #dhcp #amazon-web-services #amazon-ec2 dhclient lease renewal occasionally breaks DNS resolution

Bounty: 50

I have a set of ec2 instances (ubuntu trusty 14.04) that I have never done any special dhcp configuration with. It’s on a VPC with the default dhcp options.

For some reason, roughly ever 25 minutes, I see this in my logs

(IP’s and xid are scrubbed)

DHCPREQUEST of 172.16.1.111 on eth0 to 172.16.0.1 port 67 (xid=0x0000000c)
DHCPACK of 172.16.1.111 from 172.16.0.1
bound to 172.16.1.111 -- renewal in 1693 seconds.

(The exact number of seconds changes between 1300 and 1700.)

Occasionally, like once every 10 days, this renewal will break DNS, and my running application will start giving errors like getaddrinfo: Name or service not known. Once the renewal runs again in about 25 minutes, the problem is resolved. I have tested this by waiting for a failure and manually renewing the dhclient lease (sudo dhclient -v -r eth0 then sudo dhclient -v eth0), and seeing that fix the issue instantly.

I have 2 questions:

  1. Why is the renewal time this strange ~25 minute number? I know that I can set this through a conf file, but this seems like it’s a strange default.

  2. Why does it sometimes break DNS resolution? This is the main issue here. My other sets of ec2 instances also have this short DHCP renewal time, but only this one set of instances has the issue where, occasionally, DNS breaks when DHCP is renewed.


Get this bounty!!!

#StackBounty: #amazon-web-services #kubernetes Exposing a K8s TCP Service Endpoint to the Public Internet Without a Load Balancer

Bounty: 100

So I’m working on a project that involves managing many postgres instances inside of a k8s cluster. Each instance is managed using a Stateful Set with a Service for network communication. I need to expose each Service to the public internet via DNS on port 5432.

The most natural approach here is to use the k8s Load Balancer resource and something like external dns to dynamically map a DNS name to a load balancer endpoint. This is great for many types of services, but for databases there is one massive limitation: the idle connection timeout. AWS ELBs have a maximum idle timeout limit of 4000 seconds. There are many long running analytical queries/transactions that easily exceed that amount of time, not to mention potentially long-running operations like pg_restore.

So I need some kind of solution that allows me to work around the limitations of Load Balancers. Node IPs are out of the question since I will need port 5432 exposed for every single postgres instance in the cluster. Ingress also seems less than ideal since it’s a layer 7 proxy that only supports HTTP/HTTPS. I’ve seen workarounds with nginx-ingress involving some configmap chicanery, but I’m a little worried about committing to hacks like that for a large project. ExternalName is intriguing but even if I can find better documentation on it I think it may end up having similar limitations as NodeIP.

Any suggestions would be greatly appreciated.


Get this bounty!!!

#StackBounty: #facebook #amazon-web-services #amazon-cognito #amazon-cognito-facebook User not creating in user pool when login with fa…

Bounty: 50

i want to know how to create user entry in user pool when user login with facebook. I am able to integrate aws cognito up and the facebook log in just fine but user is not creating in user pool when login with facebook.
identity Id is creating in default facebook group.

Map<String, String> logins = new HashMap<String, String>();
logins.put("graph.facebook.com", 
AccessToken.getCurrentAccessToken().getToken());
                credentialsProvider.setLogins(logins);
                credentialsProvider.refresh();


Get this bounty!!!

#StackBounty: #amazon-web-services #java #command-line-interface AWS MTurk Command Line Tools – A JNI error has occurred

Bounty: 50

I’m trying to install and use Amazon Mechanical Turk Command Line Tools, which I just downloaded from https://requester.mturk.com/developer/tools/clt

I’m trying to run them from a Administrator Command Prompt in Windows 10.

When I try the getBalance script, I get the following error:

c:mypathaws-mturk-cltaws-mturk-clt-1.3.4>bingetBalance
Error: A JNI error has occurred, please check your installation and try again
Exception in thread "main" java.lang.NoClassDefFoundError: com/amazonaws/mturk/filter/Filter
        at java.lang.Class.getDeclaredMethods0(Native Method)
        at java.lang.Class.privateGetDeclaredMethods(Unknown Source)
        at java.lang.Class.privateGetMethodRecursive(Unknown Source)
        at java.lang.Class.getMethod0(Unknown Source)
        at java.lang.Class.getMethod(Unknown Source)
        at sun.launcher.LauncherHelper.validateMainClass(Unknown Source)
        at sun.launcher.LauncherHelper.checkAndLoadMain(Unknown Source)
Caused by: java.lang.ClassNotFoundException: com.amazonaws.mturk.filter.Filter
        at java.net.URLClassLoader.findClass(Unknown Source)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        ... 7 more

The error message tells me to check my installation, but there was really nothing to install.


Get this bounty!!!

#StackBounty: #amazon-web-services #amazon-ec2 #amazon-iam #aws-systems-manager AWS Systems Manager Linux Instance Patching – "The…

Bounty: 50

I’m trying to set up AWS Systems Manager (SSM) to patch a production Amazon Linux 1 instance. I’ve tried setting SSM tasks up from scratch a few times but I keep getting the error message “The specified service role is invalid”. This is an area I’m a bit weak in, I need a bit of help to work out how to get automatic Linux patcing working.

I know the agent is working ok. When I go into “Managed Instances” I can see the instance is online and I have a software inventory.

SSM Setup

Here’s screen shots of everything I can think would be relevant.

Maintenance Window

Window Details

Note that tasks shows the task it’s running – “AWS-RunPatchBaseline”

Tasks

This shows the service role in use

Service Role

This shows the service role in IAM

IAM

Here’s the service role trust relationships.

IAM

Here’s the access log for the IAM role.

IAM

I’m happy to add more info / share more if it would help. I note that I’ve set up S3 logging and SNS notifications and neither of those are happening.

Inventory Problem

I also noticed that my inventory is reporting an error. It must have run once because I can see what software is on the instance, but it seems stuck now.

I can’t work out how to remove the unnecessary inventory tasks.

Inventory Problem

The error message is: “1 out of 1 plugin processed, 0 success, 1 failed, 0 timedout, 0 skipped. The operation collectSoftwareInventoryItems failed because aws:softwareInventory detected multiple inventory configurations associated with one instance. Each instance can be associated with just one inventory configuration”


Get this bounty!!!