Difference between revisions of "Short Notes on AWS"

From PaskvilWiki
Jump to: navigation, search
Line 37: Line 37:
  
 
* you need policy AmazonRDSReadOnlyAccess for your IAM to be able to list RDS instances
 
* you need policy AmazonRDSReadOnlyAccess for your IAM to be able to list RDS instances
 +
 +
== AWS Lambda (Py) Notes ==
 +
 +
For <tt>handler(event, context)</tt> function, parameters are in:
 +
 +
* GET parameters in <tt>event["multiValueQueryStringParameters"]</tt>
 +
* path parameters in <tt>event["pathParameters"]</tt>
 +
* POST/PUT body in <tt>event["body"]</tt>

Revision as of 08:58, 5 November 2019

Can't connect to EC2 instance

The obvious 2 problems with incoming requests, that are outside of AWS's scope:

  • check the instance's firewall
  • check that the app is listening to all incoming (0.0.0.0/0 or your IP, not just 127.0.0.1)

On the AWS side, check the following:

  • make sure the Elastic IP is associated with the instance
    • find the instance in the EC2 > Instances
    • look under Description tab, Elastic IP
    • if it's not, go to EC2 > Elastic IPs
    • choose Elastic IP from the list (or, allocate new on) that is not associated with any instance
    • choose Actions > Associate address, and associate it with the instance
  • make sure Security group permissions allow the connection
    • go to EC2 > Security Groups
    • select the security group (you can find which security group instance is in in the list on EC2 > Instances page, last column)
    • on the Inbound tab, check that your protocol is enabled for Source 0.0.0.0/0 (or from your IP)
  • make sure your Internet Gateway is connected to your VPC
    • make sure the Internet Gateway is attached to your VPC, under VPC > Internet Gateways > Summary tab
    • go to VPC > Route Tables, select route table for your VPC
    • under Routes tab, make sure that route with destination 0.0.0.0/0, with Target being your internet gateway, exists and is Active

Authorization header being removed by ElasticBeanstalk

By default, AWS ElasticBeanstalk's WSGI server strips Authorization header from requests.

To get these back, just plug your wsgi config file through .ebextensions, adding a wsgi.authorization.config file, with the following content:

files:
    "/etc/httpd/conf.d/wsgiauth.conf":
        mode: "000644"
        owner: root
        group: root
        content: |
            WSGIPassAuthorization On

IAM Notes

  • you need policy AmazonRDSReadOnlyAccess for your IAM to be able to list RDS instances

AWS Lambda (Py) Notes

For handler(event, context) function, parameters are in:

  • GET parameters in event["multiValueQueryStringParameters"]
  • path parameters in event["pathParameters"]
  • POST/PUT body in event["body"]