Here are a few questions that I asked AWS regarding the security group limits and their answers. Just like to share it with more people here: 1) Q: By default, it is 50 limit for both inbound and outbound (giving 100 rules in total). Is it possible to set a different limit to inbound and … Continue reading AWS security group limits Q&A
Elasticache Redis Unreachable Issue
We have a Elasticache Redis replication group, it has two nodes: one primary and one replica. Last week, we noticed that the primary redis node suddenly stops working - any connections to the primary node timed out eventually. According to the log, there was a load burst and following that the redis reboot itself. Unfortunately, … Continue reading Elasticache Redis Unreachable Issue
CloudFormation takes 8 hours to complete
I used CloudFormation to restore a RDS snapshot to a new instance, and it took 8 hours to complete!! The original instance (where the snapshot was taken) disk size is 45G, and the new instance is 50G which I specified in the CloudFormation template. According to AWS, that is the reason why it took so … Continue reading CloudFormation takes 8 hours to complete
Double SSH Hops example
Client -ssh only--> Jumpbox00 -ssh only--> Jumpbox01 --http only-> Internal network Here is how to ssh to jumpbox01, and visit websites in internal networks from Client. 1) Ensure you have a private key that is trusted by both jumpbox00 and jumpbox01. For example, jb.pem under ~/.ssh/, then run the following command: ssh-add ~/.ssh/jb.pem 2) Add the following … Continue reading Double SSH Hops example
Avoid Elastic Beanstalk to create security group for ELB
Just found out that there is a Elastic Beanstalk option named 'ManagedSecurityGroup' to allow you to use an exisiting security group for the ELB. Note the security group must be in the aws:elb:loadbalancer SecurityGroups list. Here is a sample: { "Namespace": "aws:elb:loadbalancer", "OptionName": "SecurityGroups", "Value": "sg-1111111,sg-222222" }, } "Namespace": "aws:elb:loadbalancer", "OptionName": "ManagedSecurityGroup", "Value": "sg-1111111" } … Continue reading Avoid Elastic Beanstalk to create security group for ELB