I'm currently trying to create a component in a tenant account using the artifact packaged in a central account S3 bucket. The tenant account and central account are in the same AWS Organization. I've tried the following settings to enable the tenant accounts to access the S3 bucket: 1. On the central account S3 bucket (I wasn't sure what Principal Service/User was trying to test this access, so I just "shotgunned" it): ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "greengrass.amazonaws.com", "iot.amazonaws.com", "credentials.iot.amazonaws.com" ] }, "Action": [ "s3:GetObject", "s3:GetObjectVersion" ], "Resource": "arn:aws:s3:::MY-CENTRAL-ACCOUNT-BUCKET/*" }, { "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:GetObjectTorrent", "s3:GetObjectVersionAcl", "s3:GetObjectAcl" ], "Resource": "arn:aws:s3:::MY-CENTRAL-ACCOUNT-BUCKET/*", "Condition": { "StringEquals": { "aws:PrincipalOrgID": "o-abc123def456" } } }, ... ] } ``` 2. On the `GreengrassV2TokenExchangeRole` in the tenant account, I've added the `AmazonS3FullAccess` AWS Managed policy (just to see if I could eliminate this Role as the blocker) I've verified that, as a User in the tenant account, I have access to the object in S3 and can do `aws s3 cp` as a tenant User (so the bucket policy doesn't seem to be blocking things). Whenever I try creating the Component in the tenant account, I'm met with: ``` Invalid Input: Encountered following errors in Artifacts: {s3://MY-CENTRAL-ACCOUNT-BUCKET/com.example.my-component-name/1.0.0-dev.0/application.zip = Specified artifact resource cannot be accessed} ``` ... using either the AWS IoT Greengrass Console and the AWS CLI. What am I missing? Is there a different service-linked role, I should be allowing in the S3 Bucket Resource Policy? It just seems like an access-test during Component creation and not an actual attempt to access the resource. I'm fairly certain if I assumed the Greengrass-TES role, I'd be able to download the artifact too (although I haven't explicitly done that yet).

I created a Data Catalog with a table that I manually defined. I run my ETL job and all works well. I added partitions to both the table in the Data Catalog, as well as the ETL job. it creates the partitions and I see the folders being created in S3 as well. But my table data types change. I originally had: | column | data type | | --- | --- | | vid | string | | altid | string | | vtype | string | | time | timestamp | | timegmt | timestamp | | value | float | | filename | string | | year | int | | month | int | | day | int | But now after the ETL job with partitions, my table ends up like so: | column | data type | | --- | --- | | vid | string | | altid | string | | vtype | string | | time | bigint | | timegmt | bigint | | value | float | | filename | string | | year | bigint | | month | bigint | | day | bigint | Before this change of data types, I could do queries in Athena. Including a query like this: ``` SELECT * FROM "gp550-load-database"."gp550-load-table-beta" WHERE vid IN ('F_NORTH', 'F_EAST', 'F_WEST', 'F_SOUTH', 'F_SEAST') AND vtype='LOAD' AND time BETWEEN TIMESTAMP '2021-05-13 06:00:00' and TIMESTAMP '2022-05-13 06:00:00' ``` But now with the data types change, I get an error when trying to do a query like above ``` "SYNTAX_ERROR: line 1:154: Cannot check if bigint is BETWEEN timestamp and timestamp This query ran against the "gp550-load-database" database, unless qualified by the query. Please post the error message on our forum or contact customer support with Query Id: 2a5287bc-7ac2-43a8-b617-bf01c63b00d5" ``` So then if I go into the the table and change the data type back to "timestamp", I then run the query and get a different error: ``` "HIVE_PARTITION_SCHEMA_MISMATCH: There is a mismatch between the table and partition schemas. The types are incompatible and cannot be coerced. The column 'time' in table 'gp550-load-database.gp550-load-table-beta' is declared as type 'timestamp', but partition 'year=2022/month=2/day=2' declared column 'time' as type 'bigint'. This query ran against the "gp550-load-database" database, unless qualified by the query. Please post the error message on our forum or contact customer support with Query Id: f788ea2b-e274-43fe-a3d9-22d80a2bbbab" ``` Does anyone know what is happening?

I'm using Free Tier account. I have created a EC2 instance (using IAM user) and terminated that instance and deleted IAM user as well. Not sure what's happening, when I check my Billing (in root user account) I see 5 active services namely * Amazon Elastic Compute Cloud(1 GB of Amazon Elastic Block Storage snapshot storage ) * Amazon Elastic Compute Cloud(30 GB of Amazon Elastic Block Storage in any combination of General Purpose (SSD) or Magnetic) * Amazon Simple Storage Service(2,000 Put, Copy, Post or List Requests of Amazon S3) * Amazon Elastic Compute Cloud(750 hours per month of Amazon EC2 Linux, RHEL, or SLES t2.micro or t3.micro instance dependent on region) * AWS Key Management Service( 20,000 free requests per month for AWS Key Management Service) * AWS Data Transfer Out of these Amazon Elastic Compute Cloud(1 GB of Amazon Elastic Block Storage snapshot storage ) is reaching my 1GB limit. When I click on EC2 and check its showing 0 EC2 instance running | 0 Volumes | 0 Snapshots everything is 0. Not sure how to find them and what's happening. This looks scary , I just started learning & no clue what needs to be done. Any help would be appreciated.

**Gentlefolks, why is the the token exchange service (TES) failing to fetch credentials?** I have greengrass installed on Ubuntu 20.x.x running on a virtual machine. At the end of the numbered items is an error log (truncated) obtained from `/greengrass/v2/logs/greengrass.log`. Thank you What I've done or what I think you should know: 1. There exist `GreenGrassServiceRole` which contains `AWSGreengrassResourceAccessRolePolicy`, and every other policy containing the word "greengrass" in its name. It also has a trust relationship as below. This was created when I installed Greengrass, but I added additional policies. ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "greengrass.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "<MY_ACCOUNT_NUMBER>" }, "ArnLike": { "aws:SourceArn": "<ARN_THAT_SHOWS_MY_REGION_AND_ACC_NUMBER>:*" } } }, { "Effect": "Allow", "Principal": { "Service": "credentials.iot.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } ``` 2. `aws.greengrass.Nucleus` component is deployed with the following configuration update. The alias also exists. ``` { "reset": [], "merge": { "ComponentConfiguration": { "DefaultConfiguration": { "iotRoleAlias": "GreengrassV2TokenExchangeRoleAlias", "awsRegion": "us-east-1", "iotCredEndpoint": "https://sts.us-east-1.amazonaws.com", "iotDataEndpoint": "<ENDPOINT_OBTAINED_FROM_IOT_CORE_SETTINGS>" } } } } ``` 3. `aws.greengrass.TokenExchangeService` is deployed. 4. There's a custom component that uses the Greengrass SDK to publish to IoT Core. It has the following configuration update. ``` { "reset": [], "merge": { "ComponentDependencies": { "aws.greengrass.TokenExchangeService": { "VersionRequirement": "^2.0.0", "DependencyType": "HARD" } } } } ``` 5. There is an IoT policy from a previous exercise which attached to the core device (Ubuntu on virtual machine) certificate. It allows **all** actions. There's also another `GreengrassTESCertificatePolicyGreengrassV2TokenExchangeRoleAlias` which is associated with the thing's certificate. The policy allows `iot:AssumeRoleWithCertificate` **ERROR LOG BELOW** ``` 2022-05-21T21:07:39.592Z [ERROR] (pool-2-thread-28) com.aws.greengrass.tes.CredentialRequestHandler: Error in retrieving AwsCredentials from TES. {iotCredentialsPath=/role-aliases/GreengrassV2TokenExchangeRoleAlias/credentials, credentialData=Failed to get connection} 2022-05-21T21:08:38.071Z [WARN] (pool-2-thread-28) com.aws.greengrass.tes.CredentialRequestHandler: Encountered error while fetching credentials. {iotCredentialsPath=/role-aliases/GreengrassV2TokenExchangeRoleAlias/credentials} com.aws.greengrass.deployment.exceptions.AWSIotException: Unable to get response at com.aws.greengrass.iot.IotCloudHelper.getHttpResponse(IotCloudHelper.java:95) at com.aws.greengrass.iot.IotCloudHelper.lambda$sendHttpRequest$1(IotCloudHelper.java:80) at com.aws.greengrass.util.BaseRetryableAccessor.retry(BaseRetryableAccessor.java:32) at com.aws.greengrass.iot.IotCloudHelper.sendHttpRequest(IotCloudHelper.java:81) at com.aws.greengrass.tes.CredentialRequestHandler.getCredentialsBypassCache(CredentialRequestHandler.java:207) at com.aws.greengrass.tes.CredentialRequestHandler.getCredentials(CredentialRequestHandler.java:328) at com.aws.greengrass.tes.CredentialRequestHandler.getAwsCredentials(CredentialRequestHandler.java:337) at com.aws.greengrass.tes.LazyCredentialProvider.resolveCredentials(LazyCredentialProvider.java:24) at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.resolveCredentials(AwsExecutionContextBuilder.java:165) at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:102) at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:69) at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:78) at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:175) at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:76) at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45) at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:56) at software.amazon.awssdk.services.s3.DefaultS3Client.getBucketLocation(DefaultS3Client.java:3382) at com.aws.greengrass.componentmanager.builtins.S3Downloader.lambda$getRegionClientForBucket$2(S3Downloader.java:134) at com.aws.greengrass.util.RetryUtils.runWithRetry(RetryUtils.java:50) at com.aws.greengrass.componentmanager.builtins.S3Downloader.getRegionClientForBucket(S3Downloader.java:133) at com.aws.greengrass.componentmanager.builtins.S3Downloader.getDownloadSize(S3Downloader.java:115) at com.aws.greengrass.componentmanager.ComponentManager.prepareArtifacts(ComponentManager.java:420) at com.aws.greengrass.componentmanager.ComponentManager.preparePackage(ComponentManager.java:377) at com.aws.greengrass.componentmanager.ComponentManager.lambda$preparePackages$1(ComponentManager.java:338) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:829) Caused by: java.net.UnknownHostException: https at java.base/java.net.InetAddress$CachedAddresses.get(InetAddress.java:797) at java.base/java.net.InetAddress.getAllByName0(InetAddress.java:1509) at java.base/java.net.InetAddress.getAllByName(InetAddress.java:1368) at java.base/java.net.InetAddress.getAllByName(InetAddress.java:1302) at org.apache.http.impl.conn.SystemDefaultDnsResolver.resolve(SystemDefaultDnsResolver.java:45) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:112) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) at jdk.internal.reflect.GeneratedMethodAccessor51.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at software.amazon.awssdk.http.apache.internal.conn.ClientConnectionManagerFactory$Handler.invoke(ClientConnectionManagerFactory.java:80) at com.sun.proxy.$Proxy15.connect(Unknown Source) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) at software.amazon.awssdk.http.apache.internal.impl.ApacheSdkHttpClient.execute(ApacheSdkHttpClient.java:72) at software.amazon.awssdk.http.apache.ApacheHttpClient.execute(ApacheHttpClient.java:253) at software.amazon.awssdk.http.apache.ApacheHttpClient.access$500(ApacheHttpClient.java:106) at software.amazon.awssdk.http.apache.ApacheHttpClient$1.call(ApacheHttpClient.java:232) at com.aws.greengrass.iot.IotCloudHelper.getHttpResponse(IotCloudHelper.java:88) ... 27 more 2022-05-21T21:08:38.073Z [ERROR] (pool-2-thread-28) com.aws.greengrass.tes.CredentialRequestHandler: Error in retrieving AwsCredentials from TES. {iotCredentialsPath=/role-aliases/GreengrassV2TokenExchangeRoleAlias/credentials, credentialData=Failed to get connection} ```

I launched the fully managed video on demand template from here https://aws.amazon.com/solutions/implementations/video-on-demand-on-aws/?did=sl_card&trk=sl_card. I have a bunch of questions on how to tailor this service to my use case. I will each separate questions for each. Firstly, is possible to use my own GUID as an identifier for the mediaconvert jobs and outputs. The default GUID tagged onto the videos in this workflow are independent of my application server. So it's difficult for the server to track who owns what video on the destination s3 bucket. Secondly, I would like to compress the video input for cases where the resolution is higher than 1080p. For my service i don't want to process any videos higher than 1080p. Is there a way i can achieve this without adding a lamda during the ingestion stage to compress it? I know it can by compressed on the client, i am hoping this can be achieved on this workflow, perhaps using mediaconvert? Thirdly, based on some of the materials i came across about this service, aside from the hls files mediaconvert generates, its supposed to generate an mp4 version of my video for cases where a client wants to download the full video as opposed to streaming. That is not the default behaviour, how do i achieve this? Lastly, how do i add watermarks to my videos in this workflow. Forgive me if some of these questions feel like things i could have easily researched on and gotten solutions. I did do some research, but i failed to grasp a clear understanding on anything

I'm in a cognito user pool configuration, and I tried to change the MFA requirement on the pool to allow TOTP. It gave me this error: > [AccessDeniedException] Failed to update MFA configuration for us-east-1_FLnPt9UKE > requestId: 0660fb15-2cc4-4f63-9c8f-657b71b320d9 > time: Sat May 21 2022 16:16:18 GMT-0400 (Eastern Daylight Time) > code: AccessDeniedException > message: User: arn:aws:iam::384426254369:root is not authorized to perform: iam:PassRole on resource: > arn:aws:iam::745623467555:role/cognito_sms_role because no resource-based policy allows the iam:PassRole > action I'm confused because I am logged into the console as the root user, which should have permission to EVERYTHING. I do not, however, really have a role named "cognito_sms_role." Is that the problem? If so, how do I fix it?

I get a reference error saying event is not defined. So I'm trying to take event and get the attributes from it and save them into dynamo. If i hard code the data, it inputs it into my database. so I know i'm getting the data input. ``` const AWS = require('aws-sdk'); const docClient = new AWS.DynamoDB.DocumentClient(); exports.handler = async (event) => { try { await createItem() return { body: 'Successfully created item!' } } catch (err) { return { error: err } } } const params = { TableName: 'serverlessrepo-AestheticsFormDB-FormDataTable-1M0ZV9SXX6E4S', Item: { formId : event.formId, CreditApp : event.creditApp, FollowUp : event.followUp, Injectables : event.injectables, Marketing : event.marketing, MeetAgain :"event.meetAgain, MeetingRating :"event.scale, NoOfPatients : event.patientCount, ReachOut : event.reachOut, SoloOwner : event.soloOwner } } async function createItem(){ try { await docClient.put(params).promise(); } catch (err) { return err; } ```

I wrote a really simple post-auth lambda for cognito like this: ```go func HandleRequest(ctx context.Context, e events.CognitoEventUserPoolsPostAuthentication ) error { eventJson, _ := json.MarshalIndent(e, "", " ") eventString := strings.ReplaceAll(string(eventJson), "\n", "\r") log.Printf("EVENT: %s", eventString) return nil } func main() { lambda.Start(HandleRequest) } ``` It's only there - for now - to log activity. But when I actually attach it to the user pool as a post-authentication trigger it makes OAuth2 not work. The error message is "contact administrator." I'm thinking that I need to actually do something besides return error = nil. I'm not having much luck finding any examples of this in go, though. The javascript example ends with: ``` // Return to Amazon Cognito callback(null, event); ``` Is that what the expectation is in 'go' as well - that I return `(events.CognitoEventUserPoolsPostAuthentication, error)` and just send it back the original event?

Hey, I have a webhook endpoint where our service provider send a payload which I have to respond to within 2 seconds. I've been getting way too many timeout errors from the service provider, meaning I wasn't able to respond within 2 seconds. I did some digging as to when the Fargate Server gets the payload vs when the ALB receives it. I went through some of the access logs from the ALB and found that it takes about a second or so to pass the payload from ALB to the fargate server. Here's the timestamp at which the request arrived to the ALB - 15:19:20.01 and my server recieved it at - 15:19:21.69. There's over a second of difference, I wanna know how to reduce it. One of the solution I thought of was that instead of registering my domain + the URI to the service provider to send webhook to, I set my IP + the URI so there's no need of forwarding done by ALB. Let me know what you guys think. EDIT - The solution I thought of was pretty stupid because fargate provides a new IP everytime a new task is deployed (as far as I know). Also the ALB forwards the request / payload to the ECS Target Group, just throwing this fact in as well.

My instance stopped working today, below is the error screenshot https://www.awesomescreenshot.com/image/27512128?key=cf489becde63f6a3f0e8456af2fa5af0 After i saw the above php error instance completly stopped, below is the current version https://www.awesomescreenshot.com/image/27512128?key=cf489becde63f6a3f0e8456af2fa5af0 Domain > https://app.spinadeal.co/ Plz help Thanks

We are trying to create a webapp for project. We chose react as library for building the front end. We came across amplify studio to create UI React code from Figma file. This looks like a game changer and reduces lot of effort for engineers. While evaluating UI libraries Amplify UI library provides less components compared to others ui component libraries. We found ant design and material ui as alternate choice. We found ant design figma file is not working well with amplify studio. Can some one provide guidance on which ui component figma file is compatible with amplify studio to generate the react code ?

I have an EC2 instance (Ubuntu 20) I took management over. It has been fine for the last year or so. There is an S3 bucket mounted in fstab like so : `s3fs#bucket-name /path/to/mount fuse _netdev,url=https://s3-ca-central-1.amazonaws.com,endpoint=ca-central-1,allow_other 0 0` The instance had this mounted and was working fine. Yesterday, the instance stooped responding, I had to restart the instance using the EC2 console. After that, the bucket (in fact both of them) don't mount. When I issue a command like df or mount, I get : df: /path/to/mount: Transport endpoint is not connected. I tried mounting the bucket manually with s3fs in debug : s3fs -d -d -f -o url="https://s3-ca-central-1.amazonaws.com" -o endpoint=ca-central-1 -o allow_other bucket-name /path/to/mount I get : `[CRT] s3fs.cpp:set_s3fs_log_level(297): change debug level from [CRT] to [INF]` `[INF] s3fs.cpp:set_mountpoint_attribute(4400): PROC(uid=0, gid=0) - MountPoint(uid=0, gid=0, mode=40775)` And then it sits there indefinitively with no output. The instance has also an IAM role that grants permission to that bucket. Doing "aws s3" commands on it works fine. /etc/passwd-s3fs has the correct credentials and permissions. Launching a new instance with ubuntu 20, installing s3fs and creating /etc/passwd-s3fs file with the same content works just fine. Any hint on how to debug this ?

Hi, We have a manual setup redis ec2 instance that is maxing out the baseline bandwidth allocated for the instance, but we do not need higher CPU/Mem for the instance, what are our options? We aren't able to use ElasticCache it does fit our budget range. ``` ubuntu@ip-10-0-0-98:~$ ethtool -S ens5 NIC statistics: tx_timeout: 0 suspend: 0 resume: 0 wd_expired: 0 interface_up: 2 interface_down: 1 admin_q_pause: 0 bw_in_allowance_exceeded: 333 bw_out_allowance_exceeded: 303473 ```

Memory error occurs in amazon sagemaker when preprocessing 400 mb of data which is stored in s3. No problem in loading the data. Dimension of data is 8-9 million rows and 4 columns, but I get 7000 columns after applying One hot encoding. One tying to train de model I get the following memory error: MemoryError: Unable to allocate 946. MiB for an array with shape (123962752,) and data type float64 Notebook instance is ml.t2.medium. How to solve this issue?

HI, If I have a business process that include several events that trigger each other is there any tool I can use to see a chart of this chain so it will be easy to manage and understand the flow ? Thanks

Neptune can use openCypher.. Neo4j GraphQL? Is this Library in use? https://neo4j.com/product/graphql-library/

We have created a VPC to connect to the on prime database using AWS DMS. I am able to ping the on prime database server and connect my mssql database using Azure data studio from the VPC but my DMS is not able to connect to my mssql database on private ip. Except captured while testing the connection in following: """Test Endpoint failed: Application-Status: 1020912, Application-Message: Failed to connect Network error has occurred, Application-Detailed-Message: RetCode: SQL_ERROR SqlState: HYT00 NativeError: 0 Message: [unixODBC][Microsoft][ODBC Driver 17 for SQL Server]Login timeout expired"""

As active mq classic will not be supported by upcoming spring boot 3. Any plan to support Artemis in MQ in near future?

I am going through the AWS IoT tutorial for Building Demos, using Raspberry Pi. I was able to successfully carry out steps till https://docs.aws.amazon.com/iot/latest/developerguide/iot-dc-install-configure.html whereas when I run the following commands from the turorial: cd ~/aws-iot-device-client/build ./aws-iot-device-client --config-file ~/dc-configs/dc-testconn-config.json I get the following error: 2022-05-18T06:21:41.735Z [DEBUG] {Config.cpp}: Did not find a runtime configuration file, assuming Fleet Provisioning has not run for this device 2022-05-18T06:21:41.735Z [DEBUG] {EnvUtils.cpp}: Updated PATH environment variable to: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games:/home/pi/.local/bin:/home/pi/.aws-iot-device-client:/home/pi/.aws-iot-device-client/jobs:/home/pi/aws-iot-device-client/build:/home/pi/aws-iot-device-client/build/jobs 2022-05-18T06:21:41.736Z [INFO] {Main.cpp}: Now running AWS IoT Device Client version v1.6.7-532a710 2022-05-18T06:21:41.749Z [ERROR] {FileUtils.cpp}: Failed to create directory /var/log/aws-iot-device-client/ 2022-05-18T06:21:41.749Z [ERROR] {Main.cpp}: *** AWS IOT DEVICE CLIENT FATAL ERROR: Failed to initialize AWS CRT SDK. AWS IoT Device Client must abort execution, reason: Failed to initialize AWS CRT SDK Please check the AWS IoT Device Client logs for more information

Hi! I am doing a longitudinal study and am trying to prevent previous workers from taking the second part of my survey. In order to do this, I have been following instructions on the MTurk blog [https://blog.mturk.com/tutorial-best-practices-for-managing-workers-in-follow-up-surveys-or-longitudinal-studies-4d0732a7319b] but am still unable to add workers to the qualification I created called "completed my survey already" even when I add all 1's in the column next to each worker ID. When I upload the new CVS file with only the worker ID column, the qualification column, and the update Blockstatus, I keep getting the message that I requested 0 qualification scores. Is there any way I can fix this?

I am running my Unity (2021.3.1f1) servers on ECS using Fargate. When I test the game, I run a single task with 1vCPU and 2GB of memory and I connect 2 clients to the server. The server tends to lag about every 3 seconds, making the game far less enjoyable. I have enabled Container Insights and I found that the CPU and memory usage was nowhere near the 50% mark and the task's network usage seemed fine to me as well. I am now wondering if this issue could be related to the AWS services I use and the way I have set them up or if I should be looking for the issue inside my network code.

This post is both a bug report and a question. We are trying to use SageMaker to train a model and everything is quite standard. Since we have a lot of images, we'll suffer from a super long image downloading time if we don't change the input_mode to FastFile. Then I struggled to successfully load image in the container. In my dataset there are a lot of samples whose name contains Chinese. When I started debugging because I could not properly load files, I found that when sagemaker mounts the data from s3, it didn't take care of the encoding correctly. Here is an image name and the image path inside the training container: `七年级上_第10章分式_七年级上_第10章分式_1077759_title_0-0_4_mathjax` `/opt/ml/input/data/validation/\u4E03\u5E74\u7EA7\u4E0A_\u7B2C10\u7AE0\u5206\u5F0F_\u4E03\u5E74\u7EA7\u4E0A_\u7B2C10\u7AE0\u5206\u5F0F_1077759_title_0-0_4_mathjax.png` This is not neat but still I can have the right path in the container. The problem is that I'm not able to read the file even though the path exists: what I mean is `os.path.exists('/opt/ml/input/data/validation/\u4E03\u5E74\u7EA7\u4E0A_\u7B2C10\u7AE0\u5206\u5F0F_\u4E03\u5E74\u7EA7\u4E0A_\u7B2C10\u7AE0\u5206\u5F0F_1077759_title_0-0_4_mathjax.png')` gives true but `cv2.imread('/opt/ml/input/data/validation/\u4E03\u5E74\u7EA7\u4E0A_\u7B2C10\u7AE0\u5206\u5F0F_\u4E03\u5E74\u7EA7\u4E0A_\u7B2C10\u7AE0\u5206\u5F0F_1077759_title_0-0_4_mathjax.png')` returns None. Then I tried to open the file and fortunately it gives an error The code is `with open('/opt/ml/input/data/validation/\u4E03\u5E74\u7EA7\u4E0A_\u7B2C10\u7AE0\u5206\u5F0F_\u4E03\u5E74\u7EA7\u4E0A_\u7B2C10\u7AE0\u5206\u5F0F_1077759_title_0-0_4_mathjax.png', 'rb') as f: a = f.read() ` and it gives me the error `OSError: [Errno 107] Transport endpoint is not connected` I tried to load a file in the same folder whose name doesn't contain any Chinese. Everything works well in this case so I'm sure that the Chinese characters in the filenames are causing problems. I wonder if there is a quick walk around so I don't need to rename maybe 80% of the data in s3.

Hi- I’m using WZone plug-in for Amazon Associates with the remote images option on. My side has around 500 products now and the site has become super slow, with products taking up to 30 to 60 seconds to load! I’ve been told that using remote images is the main issue causing such slow site speed. Does anyone know if the Amazon Associates rules require use of remote images or can the images be stored on my server? Do you think adding products with remote images off will speed up the site significantly? I’ve tried almost everything so far & this issue has persisted for many months! Any feedback would be greatly appreciated! Thanks!!!

I've got a CloudWatch Dashboard with several widgets on it. I'm currently using Text widgets to define "sections" of the dashboard. I would like to create a hyperlink to a specific Text widget. Is that possible? If I create a Text widget with the following markup: ``` # Registrations ``` ...it results in the following HTML: ``` <div class="cwdb-text-container-content"> <h1 id="registrations">Registrations</h1> </div> ``` Ordinarily I would expect to be able to append `#registrations` to the end of the URL and the browser would scroll me to the corresponding HTML element with that `id`. Unfortunately, I see that the URL for my specific dashboard already has a `#`-fragment in the URL (presumably used by the client-side JavaScript app). I've tried adding `#registrations` to different part of the URL (along with appending `;id=registrations`) and nothing seems to work. Got any suggestions?

Hi All, We are trying to cache large (~320MB) MP4 files that get requested from an S3 bucket. We have already set the Cache-Control to public, "max-age=31536000". All JPG's that we set the cache to this are acting fine with this setting, but each time the MP4 is requested, the browser will request the download again, and buffer/download as the play head progresses in the timeline. Is there something that I am missing that will make the video files play from local browser Cache, and not re-download the MP4 file each time? These are my response headers: " Accept-Ranges: bytes Cache-Control: public, max-age=31536000 Content-Length: 279422208 Content-Range: bytes 0-279422207/279422208 Content-Type: video/mp4 Date: Fri, 20 May 2022 19:36:27 GMT ETag: "8179e6aa4fe*********************75724604407-17" Last-Modified: Fri, 20 May 2022 19:28:03 GMT Server: AmazonS3 x-amz-id-2: sdfsdfsdfsdfsdfsdfsdfsdfsdfsdf= x-amz-request-id: sdfsdfsdfsdfsdfsdfsdfsdf x-amz-server-side-encryption: AES256 x-amz-version-id: sdfsdfsdfsdfsdfsdfsdfsdf " Thank you in advance.

I want to return the resource/instance ID of a specific instance matching two tags: `$awsEx = (Get-EC2Tag -Filter @{name='tag:Status';values=""},@{name='tag:Site';values="SITENAME"}).ResourceId` `$awsEx` returns nothing. Running this: `$awsExIpv4 = (Get-EC2Instance -InstanceId $awsEx).Instances.PrivateIpAddress` `$awsExIpv4 `returns a list of instance IP addresses. The IPs I've crosschecked have matched the Site value. So it's simply returning instances that only match the Site tag and not the Status tag. If it did match both tags, it would return only one instance. The instance that contains no value in Status tag *and* is tagged with SITENAME in the Site tag. When I run: `$awsEx = (Get-EC2Tag -Filter @{name='tag:Status';values=""}).ResourceId` `$awsEx` returns the instance Id I need. **How do I run this query to return results only matching both tags? ** While this works now to return only the instance I need, in the future there could be other instances with no value in the Status tag but differing values in the site tag that should not be returned, as the returned instance Id in the script I am running will be terminated.

I am setting up the resolver for the DCV Connection gateway and in the documentation for the URL, can I specify a path as part of the url? So that it can use `https://myhostname/api/resolveSession` or does it have to be `https://myhostname/resolveSession `? For example can I specify in the `dcv-connection-gateway.conf`: ``` [resolver] url = "https://myhostname/api/" ```

Hi, I'm working with the AmazonFreeRTS library for iOS. The app I'm writing only needs to perform the function of connecting the device to a Wifi network. I'm able to successfully establish a Bluetooth connection to my device, and I'm able to retrieve a list of nearby Wifi networks. I'm also able to connect to my Wifi network by providing its password with the SaveNetworkRequest. I can tell that it worked because I can see that the device in my router's DNS table. The problem is that once the device is connected to Wifi, I can no longer get a list of Wifi networks in order to either see which network is connected or potentially let the user connect to a different network. When I issue the command to list networks, I get no response back from the device, not even an error. Thinking the problem might be in my code, I completely wiped out and reset my device (it's an ESP32 dev board, so I'm able to do this using esptool) and I repeated the procedure using the demo app provided by Amazon (AmazonFreeRTSDemo). The result is the same, once I connect, I can no longer see a list of networks. Is there some command I need to give in order to either disconnect my device from Wifi or otherwise put it in a state where it is able to scan Wifi networks again? I can see that the demo app starts the scan process by writing a 1 to the NetworkConfigControl address, and I've done the same, but it doesn't appear to help. Thanks, Frank

Hi While using the AWS Console to create an EC2 Spot instance request, I fill in all the details and set an IAM instance profile but when the spot request is created in the instance details section the IAM role is empty and the EC2 instance launched also has an empty IAM role. This issue did not happen the last time we launched a new Spot fleet request 24 days ago, so it seems like a new bug, can anyone confirm if the issue is present on their console also? I have also tried doing it via CLI but again the IamInstanceProfile parameter in the json: "IamInstanceProfile": { "Arn": "arn:aws:iam::xxx" } is ignored when the spot fleet is created. There is no error in the history log for the spot fleet request regarding failure to apply IAM role, so im not sure what seems to be the problem? Here is trusted entities for that IAM role ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com", "codedeploy.eu-west-1.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] } ``` thanks Wasim

A new cluster with 3 brokers having EBS storage of 2 GB each was created which worked fine for a day . on the second day, the producer stopped sending messages and while checking the logs, found this error in the logs - '**Give up sending metadata request since no node is available**'. We even tried to connect to the cluster but was receiving this exception. **kafka.errors.NoBrokersAvailable: NoBrokersAvailable**. Checked the Cloudwatch metrics and found that the storage capacity has reached a maximum limit. changed the values of configuration to retention.ms to 86400000 ms (24 hours) and retention.bytes to 500000000 bytes (500 MB) in order to release memory and also increased the EBS storage to 15 GB but the brokers were still not available.

I have a multi region AWS Managed Microsoft AD Enterprise directory set up in Directory Service. The primary region is us-east-1 and the secondary region is us-west-2. I need to downgrade from Enterprise to Standard (separate topic) but before I do so, I need to change the Primary Region from us-east-1 to us-west-2. I don't see any way to do this in the documentation or in the management console. Is it possible to change the Primary Region in Managed AD Enterprise? If so, how? Thanks!

The DNS entries for custom App Runner domains are CNAME entries. This is not specified anywhere on the Custom Domain page DNS list for the domains, which makes it challenging to implement (especially for folk without much DNS experience that may think they are TXT records or something).

Hi, I have set up a crawler to run against an s3 bucket and set crawler configurations as follows: Schema updates in the data store: Ignore the change and don't update the table in the data catalog, Inherit schema from table: Update all new and existing partitions with metadata from the table, Object deletion in the data store: Delete tables and partitions from the data catalog Updation of partition is taking place but deletion of partitions from catalog for the partitions deleted from s3 bucket is not taking place. It is not throwing any errors as well.

Hi all, We were checking the new UI for ECS and notice that the option "Value from" on environment variables inside Task definition is missing. the options available are import from S3 and individual value that refers to Value as a literal String. also options like entry point or command are missing too. will this old features be added again? "value from" option is critical as this is the only way to add the values that will call parameter store or secret via ARN from console. thank you in advance for your time best regards

I have S3 files that are uploaded to a single bucket. There is no folders or anything like that, its just 1 file per hour uploaded to this bucket. I run a Glue ETL job on these files, do some transformations, and insert the data into a Glue Data Catalog stored in a different bucket. I can then query that Glue Data Catalog with Athena, and that works. What I would like to do is store the files in the S3 folder of the Data Catalog as YEAR/MONTH/DAY, using partitions. Even though the SOURCE data is just files uploaded every hour with no partitions, I want to store them in the Data Catalog WITH partitions. So I extracted the YEAR, MONTH, DAY from the files during Glue ETL, and created columns in my Data Catalog table accordingly and marked them as partitions: Partition 1 YEAR Partition 2 MONTH Partition 3 DAY The proper values are in these columns, and I have verified that. After creating the partitions I rand MSCK REPAIR TABLE on the table, and it came back with "Query Ok." I then ran my Glue ETL job. When I look in the S3 bucket I do not see folders created. I just see regular r-part files. When I click on the Table Schema it shows the columns YEAR, MONTH, DAY marked as partitions, but when I click on View Partitions it just shows: year month day No partitions found What do I need to do? These are just CSV files. I can't control the process that is uploading the raw data to S3, it is just going to store hourly files in a bucket. I can control the ETL job and the Data Catalog. When I try to query after creating the partitions and running MSCK REPAIR TABLE, there is no data returned. Yet I can go into the Data Catalog bucket and pull up one of the r-part files and the data is there.

Hello AWSome folks! I am trying to do the "Build a serverless web application" workshop and I'm on the User Management part. I am on to initialize Amplify CLI by executing the command "`amplify init`" and it is supposed to initialize the project but I am getting this error: `RangeError: Array buffer allocation failed at new ArrayBuffer (<anonymous>) at new Uint8Array (<anonymous>) at new FastBuffer (node:internal/buffer:959:5) at createUnsafeBuffer (node:internal/buffer:1062:12) at allocate (node:buffer:410:10) at Function.allocUnsafe (node:buffer:375:10) at Function.concat (node:buffer:553:25) at Extract.<anonymous> (/home/ec2- user/.nvm/versions/node/v16.15.0/lib/node_modules/@aws-amplify/cli/lib/binary.js:127:37) at Extract.emit (node:events:539:35) at finishMaybe (/home/ec2-user/.nvm/versions/node/v16.15.0/lib/node_modules/@aws-amplify/cli/node_modules/readable-stream/lib/_stream_writable.js:624:14)` What could be causing this?

Morning all, moving from Nagios to Cloudwatch and have a few test cases, but I am sure once I know how I can do it all, so for this one, I have a server farm of 7 servers. They write a JSON log file every minute, and the basic output I look for today is either a status_ok, status_warning or status_critical. I have my dev server setup, logs going into cloudwatch group and into the dev stream. I setup a filter to look for that status_ok, if it doesn't see it in 5 minutes, alert and that worked perfect. The problem is I put up my next server, same log group, different stream [server-1] for example. The alert fired and of course said dev as I didn't realize the mettric filter is on the group not the stream. So, basically I want the team to know if server-2 has an issue, let them get the alert that server is the one that didn't have the check. So, what is the best way to search, filter and alert based on the stream and not whole group? Thanks!

Is Aurora PostgreSQL 11 for Amazon Aurora Serverless v1 already available? Where can the document to update from 10.x to 11 can be found?

As on topic, I have created a new service catalog Portfolios > Products with two version. 1.) First version with the below cloudformation template. 2.) Launch the product using the below template is ok. EC2 launched successfully. 3.) Create a second version and modify the cloudformation template for BlockDeviceMapping > DeviceName /dev/xda > Ebs VolumeType to gp3. 4.) It create a new EC2 with EBS VolumeType gp3 instead of modifying the existing EC2 EBS VolumeType launched from first version. 5.) When checking from Provisioned products > provisioned product plan, the replacement is set to True. I believe this is the issue. How can I make it to use the existing EC2 launched from first version and modify the EBS VolumeType from gp2 to gp3? Thank you for help. AWSTemplateFormatVersion: "2010-09-09" Description: "Create EC2 instance" Resources: EC2Instance: DeletionPolicy: Retain Properties: BlockDeviceMappings: - DeviceName: /dev/xvda Ebs: VolumeType: gp2 VolumeSize: 10 IamInstanceProfile: roletest ImageId: ami-123456 InstanceType: t2.micro SecurityGroupIds: - sg-123456 SubnetId: 123456 Tags: - Key: Name Value: ec2test Type: "AWS::EC2::Instance"

Hi, I have an ActimeMQ cluster with the RabbitMQ engine on AWS, that cluster is on a private network in the VPC. I need to generate an event based on the S3 PutObject call and send a message to the RabbitMQ cluster. I thought I could do it with S3-> EventBridge Events-> Rule-> API Endpoint and send the transformed message to the RabbitMQ API (https://ID.mq.eu-west-1.amazonaws.com/api/exchanges/%2f/amq.default/publish). Despite configuring all this and seeing in the API Destinations: Status Active and Connections: Authorized, I see the following message from the events: Unable to invoke ApiDestination endpoint: Timeout calling endpoint for API Destination: socket closed. What I want to do is allowed by EventBridge? i.e. make a call to the RabbitMQ API of a private cluster that is in the same account. Regards!

Unfortunately I didn't see or skipped over the fact that the user portal URL is permanent. I'm not sure why AWS decided this was a good idea but regardless, does anyone know if AWS support can reset this or are we forced to setup a brand new tenant? Thanks for your assistance.

Hello folks, I have been translating manually more than 3 million words and I just wanted to use that to accelerate my translations. I guess AWS translation, and the parallel feature, is just what I need but when I tried to input my files I discovered that you can only upload CSV, Memory Translations and another format that is new to me. I only have the translations in 2 websites, each one in a different format, and with some patience I can create Word files, but, How can I transform it to CSV? Or, What can I do? The problem with CSV is that sometimes I join 2 English sentences in just 1 Spanish sentence, so it is not a 1 to 1 correlation. Any ideas? Thanks

I am trying to send an email by using a gmail account, where Im using a Verified identities (DNS) - a non aws host. Is it possible to send an email following an external DNS provider, with a different email address than the DNS host?

I'm doing the Hello World tutorial in RoboMaker and I want to visualize my simulation application in Gazebo, and after having runned both the robot application and the simulation application I have typed the following commands: > $ export DISPLAY=:0 > $ xhost + > $ docker container ls > $ docker exec -it elegant_ardinghelli bash > $ rosrun gazebo_ros gzclient where "elegant_ardinghelli" is the container name that contains the docker image of the simulation application, but when I run the last command the following error pops up: "bash: rosrun: command not found". Do you know what could be the source of the error?

I'm unit testing the process using [S3's SelectObjectContent](https://docs.aws.amazon.com/sdk-for-go/api/service/s3/#S3.SelectObjectContent). Replace SelectObjectContent with a mock of [s3iface](https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3iface/). But I don't know how to create a mock response to get the `e.Payload`. Please tell me how to get `e.Payload` by the SelectObjectContent mock. **process** ``` resp, err := svc.SelectObjectContent(params) if err != nil { return err } defer resp.EventStream.Close() for event := range resp.EventStream.Events() { switch e := event.(type) { case *s3.RecordsEvent: fmt.Println(string(e.Payload)) } } ``` ** Mock ** ``` type mockS3Client struct { s3iface.S3API } func (m *mockS3Client) SelectObjectContent(input *s3.SelectObjectContentInput) (*s3.SelectObjectContentOutput, error) { // mock response/functionality } ```

I have a flask application that needs to access some configuration files stored in s3 and I don't want to stored these in my git repo as there are sensitive information. I want to use boto3 to read in these files into the ec2 instance. **I need to know how I will be able to access those files on s3 using boto3**. The **ec2 instance is authorized to access the s3 bucket** and since the application will be running on the ec2 (that is authorized) is it safe to say that any code run on that instance will also have these access. Note that I am going to run these script to read in these "**config files**" from my **codedeploy "appspec.yml"**. In summary will my codeploy instance be able to use the authorization on my ec2 instance to access the said s3 bucket or **I need to give the codedeploy instance access too**? I am aware I can add my **access keys** in my **environment** on my computer to run this script but how does it work on codedeploy?

I am export a NextJS static web and host it by CloudFormation distribution. However, I always need to type cloudformation-domain.net/index.html. I want to access **without index.html ** ``` https://www.cloudformation-domain-net/ ``` When I host the NextJS with Amplify, it also use CloudFront and working without the "index.html"

I'm using the following AWS services:: AMI 2 Linux EC2, Load Balancers, SecurityHub, Guard Duty, Lambda, RDS, S3, SES, Route53, CloudWatch, CloudTrail, CloudFront, SNS, VPC, ACL, WAF, IAM. Sometimes, the packages we install and the application we set up, and their dependencies may have security and vulnerability issues. The security and vulnerability issues can either be in a file or the packages we install and can be injected through the websites. To overcome such a scenario we need it in our system. Can anyone suggest to me any antivirus software available for AWS AMI 2 Linux EC2 instance? also, is there any documentation on how to install the AV on the AWS Linux 2 Linux system?

Hi, we are in the process of migrating our pyspark jobs from EMR classic (EC2-based) to EMR on EKS virtual cluster. We have come across a strange failure in one job where we are reading some avro data from s3 and saving them straight back in parquet format. Example code: ``` df = spark.read.format("avro").load(input_path) df \ .withColumnRenamed("my_col", "my_new_col") \ .repartition(60) \ .write \ .mode("append") \ .partitionBy("my_new_col", "date") \ .format("parquet") \ .option("compression", "gzip") \ .save(output_path) ``` This fails with the following message at the .save() call (We can tell from the Python traceback, not included here for brevity): > Job aborted due to stage failure: Task 1 in stage 0.0 failed 4 times, most recent failure: Lost task 1.3 in stage 0.0 (TID 17) (10.0.3.174 executor 4): java.lang.ClassCastException: cannot assign instance of java.lang.invoke.SerializedLambda to field org.apache.spark.sql.execution.datasources.FileFormat$$anon$1.dataReader$1 of type scala.Function1 in instance of org.apache.spark.sql.execution.datasources.FileFormat$$anon$1 We are running this with `--packages org.apache.spark:spark-avro_2.12:3.1.1` in sparkSubmitParameters. Exact same code ran fine in a normal EMR cluster. Comparing the environments, both have Spark 3.1.1, Scala version version 2.12.10, only the Java version is different: 1.8.0_332 (EMR classic) vs 1.8.0_302 (EMR on EKS). We should also mention that we were able to run another job successfuly on EMR on EKS, that job doesn't have this avro-to-parquet step (the input is already in parquet format). So we suspect it has something to do with the extra org.apache.spark:spark-avro_2.12:3.1.1 package we are importing. We searched the web for the java.lang.ClassCastException and found a couple of issues [here](https://issues.apache.org/jira/browse/SPARK-29497) and [here](https://issues.apache.org/jira/browse/SPARK-25047), but they are not particularly helpful to us since our code is in Python. Any hints what might be the cause? Thanks and regards, Nikos

I am trying to make a call to `describeContact` operation using the `AWSJavaScriptSDK`. I am following the [documentation][1] but somehow the call is not working. Below is my code. const params = { ContactId: 'some_value', InstanceId: 'some_value' }; const attributes = await connect.describeContact(params).promise(); I receive - connect.describeContact is not a function Interestingly, when I replace `describeContact` with `getContactAttributes` in the call, I no longer receive "not a function" error and it works just fine (after I change the params). Both the operations have exactly the same signature. Can someone please guide me here ? Connect api version = 2017-08-08 Upgrading to the latest version of aws-sdk didn't help either. [1]: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Connect.html#describeContact-property

Hi all, I'm currently working with Redshift. Why the metrics for Query duration, Query throughput, Query duration per WLM queue, Query throughput per WLM queue, Concurrency scaling usage, and Usage limit for concurrency scaling dashboard; are showing "No data available" ? May i know why ? and how to solve this issue. Thank you all.

I have added AWS RUM to an Angular app by using TS snippet. In the config I'm using this telemetry config telemetries: [ "performance", "errors", [ 'http', { recordAllRequests: true } ] ], I can see in my app dev tools network tab that request are being sent with http_events type: "com.amazon.rum.http_event" with details containing http method type call etc.. The problem is in AWS console in RUM module Requests tab I see only requests for scripts, css files. Is there any extra config needed to see GET/POST requests in aws console?

I have got to know that Amazon Connect sessions (cookies) expire 10 hours after a user logs in. I just want to know the exact duration of expiration from my browser's cookies e.g. max-age of my cookie!!

For example, 1. https://d2u87yfqb01lll.cloudfront.net/test/ Returns AccessDenied error. But the URL below is done responding successfully. https://d2u87yfqb01lll.cloudfront.net/test/index.html 2. https://d12dcz4jiki7qg.cloudfront.net/%e2%80%aabitcoin-straight-up-gave-me-the-middle-finger-today%e2%80%ac-reddit-bitcoin/ Returns NoSuchKey error. But the URL below is done responding successfully. https://d12dcz4jiki7qg.cloudfront.net/%e2%80%aabitcoin-straight-up-gave-me-the-middle-finger-today%e2%80%ac-reddit-bitcoin/index.html Both are setup correctly. I enbaled S3 hosting for the contents(index.html as the default page is setup). Made the bucket and all the objects under the bucket public access. ACL are both enabled. Cloudfront has default root object. Please let me know which steps I might have missed. Many thanks.

Hi, in my organization root account, i have delegated admin to a security account and enabled the access analyser When i go to my security account and try to enable access analyzer with the org setting. i get the error: ``` Access Analyzer Service Linked Role is not in the organizational management account ```

Hi, I have an issue with an Origin Request Lambda@Edge lambda. After it returns the modified request object the request throws an error and returns a 400. (I checked the requests never reached the Origin) and also the x-cache header of the response is "Error from CloudFront". Now I have a suspicion that the reason for that behavior is that the uri field is the following - "uri": "/cohesionapi/entity-preview/[media-reference:media:e44cf764-a581-4e26-903d-fc0ef5369738]" - do you think that the [ would break CloudFront, or is it a valid response/request to make? Thanks Sandor

I'm following the Hello World tutorial in the RoboMaker developer guide and I have runned the robot application with the following command: > $ docker run -it -v /tmp/.X11-unix/:/tmp/.X11-unix/ \-u robomaker -e ROBOMAKER_GAZEBO_MASTER_URI=http://localhost:5555 \-e ROBOMAKER_ROS_MASTER_URI=http://localhost:11311 \robomaker-helloworld-robot-app:latest roslaunch hello_world_robot rotate.launch ad the simulation application in this way: >$ export DISPLAY=:0 >$ docker run -it -e DISPLAY -v /tmp/.X11-unix/:/tmp/.X11-unix/ \-u robomaker -e ROBOMAKER_GAZEBO_MASTER_URI=http://localhost:5555 \-e ROBOMAKER_ROS_MASTER_URI=http://localhost:11311 \robomaker-helloworld-sim-app:latest roslaunch hello_world_simulation empty_world.launch gui:=true I get now the following errors > [[Err]] [ [ModelDatabase.cc:235]] No <database> tag in the model database database.config found here[[http://gazebosim.org/models/]] > [[Err]] [[ModelDatabase.cc:294]] Unable to download model manifests >[[Err]] [[REST.cc:205]] Error in REST request and the Turtlebot inside Gazebo stands still instead rotating around the z axis as the code of the helloworld tutorial says. Do you know what are the causes of these errors?

I have created a new Redshift using `CfnCluster` construct with [`snapshotIdentifier` specified](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_redshift.CfnCluster.html#snapshotidentifier). The snapshot contains one table and some data in it. However, the newly-created cluster does not contain the table or data. Do I miss something to restore a cluster from a snapshot ?

I'm wondering is this even possible and how it should be configured? Do you have some ideas? I know how i will trigger that lambda function but I'm not sure for the rest.

We are attempt to update our IaC code base to CDK v2. Prior to that we're deploy entire stacks of our system in another test environment. One part of a stack creates a TLS certificate for use with our load balancer. ``` var hostedZone = HostedZone.FromLookup(this, $"{config.ProductName}-dns-zone", new HostedZoneProviderProps { DomainName = config.RootDomainName }); DnsValidatedCertificate certificate = new DnsValidatedCertificate(this, $"{config.ProductName}-webELBCertificate-{config.Environment}", new DnsValidatedCertificateProps { HostedZone = hostedZone, DomainName = config.AppDomainName, // Used to implement ValidationMethod = ValidationMethod.DNS Validation = CertificateValidation.FromDns(hostedZone) }); ``` For some reason, the synthesised template defines the hosted zone ID for that AWS::CloudFormation::CustomResource has *something else other than the actual zone ID* in that account. That causes the certificate request validation process to fail - thus the whole cdk deploy - since it cannot find the real zone to place the validation records in. If looking at the individual pending certificate requests in Certificate Manager page, they can be approved by manually pressing the [[Create records in Route 53]] button, which finds the correct zone to do so. Not sure where exactly CDK is finding this mysterious zone ID that does not belong to us? ``` "AppwebELBCertificatetestCertificateRequestorResource68D095F7": { "Type": "AWS::CloudFormation::CustomResource", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "AppwebELBCertificatetestCertificateRequestorFunctionCFE32764", "Arn" ] }, "DomainName": "root.domain", "HostedZoneId": "NON-EXISTENT ZONE ID" }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "App-webELBStack-test/App-webELBCertificate-test/CertificateRequestorResource/Default" } } ```

Hi, this is the second time when I have tried to resize the redshift cluster using "classic" resize from node type ra3.xlplus(12nodes) to ra3.4xlarge(2nodes) and the process get stuck after transferring 97% of data. It is stuck for the last 22hrs (by the time I am writing this question). The targeted resize cluster is getting restarted every 2mins. Did anyone face such a problem before?

Sagemaker Studio Lab has stopped working. First, all kernels fail with unknown error and can't restart. OR get stuck in a loop restarting themselves. I am unable to make a new kernel. Second, this error keeps popping up: "Unexpected error while saving file: aws/notebooks/MLA-TAB-DAY3-AUTOML.ipynb [Errno 28] No space left on device: '" And when checking resources it shows that 100% of storage is used at /hom/studio-lab-user but I am unable to delete any of the files in that directory or the directory itself. > /dev/nvme0n1p1 50G 17G 34G 33% /opt/.sagemakerinternal > /dev/nvme1n1 25G 25G 36K 100% /home/studio-lab-user How can I just reset the entire Sagemaker Studio Lab profile to default, erase all data that's clogging up storage/memory, and start fresh?

We have members that use multiple workspaces in N.Virginia (us-east-1) region. The base configuration includes Simple AD. Initially, workspaces were created in this region, yet staff can be working from other regions. This leads to performance/lag problems. I'd like to clone workspaces to other regions (both preserving the installed apps and user profile on D drive). I've followed the best practices to create an image. Image Checker did not report any problems. Then I used this image, and copied it to another region (Let's say eu-west-1). I created a new bundle with the image. So far no errors. Then, attempting to launch a new WS by using the bundle, I am prompted to create a new directory. If I create a new directory, I'm required to create a new user. (Because directories are different original user is not listed in Show All Users section). Upon launching the new WS using the settings above, indeed I see an emtpy/fresh Workspace with both installed apps lost and user profile does not retain changes in the image. Based on the info above, what could be wrong? Do I need to switch to Active Directory setup? Do we have to use external tools to make a true clone? Please kindly share your knowledge. Thank you for reading. If needed I can provide additional information.

We deployed a LighGBM Regression model and endpoint using Sagemaker Jumpstart. We have attempted to configure this endpoint as 'asynchronous' via the console. Receiving Error: ValidationException-Network Isolation is not supported when specifying an AsyncInferenceConfig. Looking at the model's network details the model has Enable Network Isolation set as 'True'. This was default output setting set by JumpStart. How can we diasble Network Isolation to in order to make this endpoint asynchronous?

Cloudformation create-stack generates an Athena access denied while writing error. The problem is generated when writing to the athena-results bucket. I'm logged in with a SSO role with AdministratorAccess access via CLI. I can create the specified object from the command line via "aws s3 cp" and I'm able to execute "aws athena start-query-execution" without trouble. It's only via cloudformation. Bellow the specific error: ResourceStatus: CREATE_FAILED ResourceStatusReason: 'Resource handler returned message: "[Simba][AthenaJDBC](100071) An error has been thrown from the AWS Athena client. Access denied when writing to location: s3://cost-athena-results-123456789012/8fefd451-2a3f-4bc9-881e-84061de8db91.csv [Execution ID: 8fefd451-2a3f-4bc9-881e-84061de8db91]" (RequestToken: b0d4b7d5-998b-6ca8-22c6-657fa2433fe8, HandlerErrorCode: null)' ResourceType: AWS::QuickSight::DataSource

I'm sending with ajax, a payload of data and then i have a lambda setup to take that data and parse it into attributes to store into my dynamoDB. this is my github showing my index.js(lambda function) and my jque.js(file that is sending the data to the lambda via api gateway). https://github.com/dbaldw10/DynamoDWLambdaAWS is there a way to achieve this?

Hi there, Could someone assist me with the MX record required to use www.whfg.nl I would like to add them to my website. Many thanks in advance

Hi, I'm using MGN to migrate a windows 2019 with 2 disks (100G + 800 G) Replication is OK. When I try to launch a test instance the converter instance start and stop very rapidly and the instance never launch I can't find any log to debug, only the log in the job history "Launching of test/ cutover instance failed" Replication Server is in private subnet, connection with on prem thru VPN What can I check to debug ? Regards

Under *Guardduty > Settings* there's an option to export findings to an S3 Bucket. It requires KMS and a KMS key that has been configured. I consistently get the following error: "Failed to configure export options because GuardDuty does not have permission to the KMS key, the S3 bucket, or the specified location in the bucket." To fix this I've tried: * Changing the ACL for the S3 bucket * Regenerating the Key Created the key following these instructions: (see Step 3) https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html

I'm working with very large matrices for QUBO problems, and I'm currently using QBsolv from D-Wave. However, given that Qbsolv is being discontinued, I identified that D-wave has 2 solutions for this type of problem: Leap's and Hybrid solver. Would it be possible for me to use these D-Wave solutions within Amazon Braket? If the Amazon Braket does not accept using it without a specific D-wave account, what could I use from Braket itself to solve QUBO problems with extremely large matrices in a more efficient way?

``` 05-19-2022 09:29:04 PM [AppRunner] Health check on port '8080' failed. Service is rolling back. Check your configured port number. For more information, read the application logs. 05-19-2022 09:22:49 PM [AppRunner] Performing health check on port '8080'. 05-19-2022 09:22:39 PM [AppRunner] Provisioning instances and deploying image. 05-19-2022 09:22:27 PM [AppRunner] Successfully pulled image from ECR. 05-19-2022 09:19:34 PM [AppRunner] Successfully created pipeline for automatic deployments. 05-19-2022 09:19:23 PM [AppRunner] Service status is set to OPERATION_IN_PROGRESS. 05-19-2022 09:19:22 PM [AppRunner] Service creation started. ``` I try to setup a new AppRunner service, I use ecr to upload my docker image. on my local pc the docker image is running fine on http://localhost:8080/ but when I try to upload it to AppRunner it always fails. I searched online for a solution but could find something that helped me. Is there ant possibility that the issue is on aws side?

We have several API Gateway WebSocket APIs, all regional. As their usage has gone up, the most used one has started getting LimitExceededException when we send data from Lambda, through the socket, to the connected browsers. We are using the javascript sdk's [postToConnection](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/ApiGatewayManagementApi.html#postToConnection-property) function. The usual behavior is we will not get this error at all, then we will get several hundred spread out over 2-4 minutes. The only documentation we've been able to find that may be related to this limit is the [account level quota](https://docs.aws.amazon.com/apigateway/latest/developerguide/limits.html#apigateway-account-level-limits-table) of 10,000 per second (and we're not sure if that's the actual limit we should be looking at). If that is the limit, the problem then is that we are nowhere near it. For a single deployed API we're hitting a maximum of 3000 messages sent through the socket **per minute** with an overall account total of about 5000 per minute. So nowhere near the 10,000 per second. The only thing we think may be causing it is we have a "large" number messages going through the socket relative to the number of connected clients. For the api that's maxing at about 3000 messages per minute, we usually have 2-8 connected clients. Our only guess is there may be a lower limit to number of messages per second we can send to a specific socket connection, however we cannot find any docs on this. Thanks for any help anyone can provide

Xshell cannot be linked due to system damage. There are important data in it. How to deal with it The status check failure in the indicator chart is displayed as 1

Other DNS providers allow this option to happen. Why does Route 53 refuse to let me do this? Are my DNS rights being oppressed? As an example, other DNS providers let me do the following; CNAME: test.example.com -> www.anotherexample.com TXT: test.example.com -> "dnjsakdnjasnkdsanj"

Hi Team, we are currently using the postgrest api (https://postgrest.org/en/stable/) in AWS EC2 instance . Do we have any service offered by AWS. Please do let me know which service have to used ? we are planning to use it on Production not sure which service is reliable and provided by AWS.

My AWS Linux 2 instance boot drive is snapshotted daily. I'd like to mount one of the snapshots to my instance to review changes I've made in /etc. I created a volume based on the snapshot, attached to my instance and tried to mount it. I used df -T to determine my existing boot drive filesystem is xfs. I presume my snapshot is xfs. I can't seem to mount it. I tried with several of the snapshots. Am I trying to do something weird, adding a second bootable drive to my instance? mount /dev/xvdi1 /mnt/tmp mount /dev/xvdi1 /mnt/tmp -t xfs mount -t xfs /dev/xvdi1 /mnt/tmp **mount: /mnt/tmp: wrong fs type, bad option, bad superblock on /dev/xvdi1, missing codepage or helper program, or other error.** **from fdisk -l:** Disk /dev/xvdi: 16 GiB, 17179869184 bytes, 33554432 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: EB7656A9-A5D7-4AAF-B8A8-67A3FBEC56BA Device Start End Sectors Size Type /dev/xvdi1 4096 33554398 33550303 16G Linux filesystem /dev/xvdi128 2048 4095 2048 1M BIOS boot

We are using the 'Multi-container Docker running on 64bit Amazon Linux/2.27.7' on Beanstalk. We received an e-mail from AWS that 'Elastic Beanstalk Amazon Linux AMI (AL1) Platform Branches Retire on June 30, 2022'. [1] How long time to support these existing environments? That e-mail said 'Customers can continue to operate existing environments running on retired platform branches but these branches will no longer be managed and supported by Elastic Beanstalk' As far as I can read, we can use this environment continuously. I want to know : - We can use our 'Multi-container Docker running on 64bit Amazon Linux/2.27.7' environment after June 30,200 or not. - We can deploy our environment after retire date or not, [1] https://docs.aws.amazon.com/elasticbeanstalk/latest/platforms/platforms-retiring.html#platforms-retiring.mcdocker

My Amazon WorkMail suddenly quit working for incoming email, but I can still use it for outgoing. I've changed nothing in my configuration. Ideas? Here is the returned mailer message: Delivery has failed to these recipients or groups: scotto@chateausylvania.com Your message couldn't be delivered. Try to send it again later. If the problem continues, please contact your email admin. Diagnostic information for administrators: Generating server: inbound-smtp.us-east-1.amazonaws.com scotto@chateausylvania.com Remote Server returned '554 4.3.0 < #4.3.0 smtp; 451 4.3.0 This message could not be delivered due to a recipient error. Please try again later.>' Original message headers: ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bzjaz1W5uxMoLF20bGq9quqYq3SUCdYY8zHQvIZkxkKBZReq/GveJE2eHCLx3/EPuliLfs5JdpiZkxTe/ur1qoRa7RLSsG7iXxubjBq17iCbyL6tFzqLBCyJd9jceYjYZX5BGh9+f+A/I7hwlGXstl4ULASappMmQr0JyswAa/bN6MfdzkeP0FYBgrJ8EFV6kcv3kQDgHZKSFBZ4iViTfpEhuMhJdrehQDKfMmLW0I0wDcfAS9cIhVIYeM1G/5e8yBB90r33GtS/8Zy4y/27q7oCEsaQzIvtEObLJuGBuRJMT/i5hSizQhmMxlepA1fh4adgGQHoJYJSOf/kRs8sww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=s35c/OROCcjbeBjcoYUwp/dnu7aWJa2K/ryNVo0lP4U=; b=KqkJSovayntDz6z7RPZ58aKFWBlY99JTfmz3zLKbb1wrJuaovJtBEAtQvKSFW4JgBTQQn3aJRMgSHVpn9pvw8QG36bz2lPfbhoKKK6nYOHUNyQbbyMm+WLSz5CraKvp5evw1FMXWre0KauOLUGUKH37bKa48l3HHtVEIBWAsgDlVNeG+V51XIgIGiN9a0yt9C/CEbFhaCZplHUTTyZMLqg4/bch/mtOoc78h3pv0kIykcTVIBlS9Iqt+q+LbjAJ0x/pVyUqATZG6ZZ53MYsv2e4BmLYTuXdvstcKuCzGXIh8XwTgd4kcgmNpVp/fkPRbrMF/9Adu0KUxQINiZgvlrw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=snhu.edu; dmarc=pass action=none header.from=snhu.edu; dkim=pass header.d=snhu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=snhu.onmicrosoft.com; s=selector2-snhu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s35c/OROCcjbeBjcoYUwp/dnu7aWJa2K/ryNVo0lP4U=; b=Tvg81lMP2ozEoNwxrvbfUUqTWhcRUWnlFvCf1SfglUfYp9P+zGnSFkKe91d9zODak7pqC0hUYEnMyvJfyr+fnk+GxqX+9qvNS3Y5L+ct/dRa7fyQKqKDvotpklmLXKO6sRlKNNV0TjtjRv8B05srfHZriNwyQhQpo+BP9O1C/vw= Received: from DS7PR05MB7221.namprd05.prod.outlook.com (2603:10b6:5:2d2::15) by SN6PR05MB4592.namprd05.prod.outlook.com (2603:10b6:805:2d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5273.5; Thu, 19 May 2022 17:10:43 +0000 Received: from DS7PR05MB7221.namprd05.prod.outlook.com ([fe80::ecd9:ac0c:f727:5e56]) by DS7PR05MB7221.namprd05.prod.outlook.com ([fe80::ecd9:ac0c:f727:5e56%6]) with mapi id 15.20.5293.007; Thu, 19 May 2022 17:10:43 +0000 From: "Overmyer, Scott" <s.overmyer@snhu.edu> To: Scott Overmyer <scotto@chateausylvania.com> Subject: test Thread-Topic: test Thread-Index: Adhro15u0LBfykd7SgaL9p5aouINYA== Date: Thu, 19 May 2022 17:10:43 +0000 Message-ID: <DS7PR05MB7221CE8A476BEF42974937E7F0D09@DS7PR05MB7221.namprd05.prod.outlook.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=snhu.edu; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 50542666-a20f-45b1-df02-08da39ba821e x-ms-traffictypediagnostic: SN6PR05MB4592:EE_ x-microsoft-antispam-prvs: <SN6PR05MB45924EE5A772D0AD7C8E3243F0D09@SN6PR05MB4592.namprd05.prod.outlook.com> x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: fBHCNffMfOg74jdoRWCXZbnZyXxk6PLx94+EfCtuUsXEDSNtvA2dseHjnE60faJ69gpvjf4uyY6JO/vIJp7R0awpKj1njRLWRj/DwYhEBsKJGg8dNvh/pxSqwjuy+m55aFF1jZCBBxYLRVFMZJqaxX5OJpC1gyZx32EXMYqHWKEunuovRlndw556D7Yj/pdcF+xupXQ1ys/i52f66ftkLcAJwjCnKbssgq3l4RP5pXP9J4/7KgewoNSAzWoUzL4G82bWSQyE0NTg6Atdlbyl/tUezLRTS3R/hJR+Nl68SPfPglD5b0DTr15jOQLME2Xg4PYmCveud60lLWeyoH3MUNjcjrtFsBpA5GwfMfg3pnpNDknv/Yy77Yx+79pVjlL21D9263bgWRy4HnU72kc5kHIZJvgMgKVRMhLFQq3j7pzDg6eQpn6Jp8TtkIEJGtcbE8XdWU/1lTDaUSPqdxs+M8u/MdvYVzmVk7phgIXiedd4GCW1/jNV3ymqb7y+w4HdJccm++M6VGDyQXazU2Wm8uuzp0cD98gZIOYwEiT9SkiJ6aUJ5Frqxvuiwj10leRbxA/nuvrJK2ucTq5hYU2qyAL4fXjPFpg66f1OxZ++KA7gO17HGZMt0ruK1PDrl78YvT821UGXP8mdx+W1qlSeEQoLe/LJIVd4diodmps/LemX28TkCpqL7Z3tTLKrvRWq0qmlJK3Go5pMC3JBxIC9tH9RsxifDPzZO1B8EWLM3323p3WwVmJ/E4ndpeLUCst2Vh2vV9JknVJOewLJugVkCnYMnl1Xs21yR2jsTk06oCo0IJ4m6lC0j81C4+7CHx8x x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS7PR05MB7221.namprd05.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(166002)(76116006)(558084003)(52536014)(508600001)(38070700005)(38100700002)(66946007)(3480700007)(5660300002)(55016003)(9686003)(66446008)(99936003)(186003)(40140700001)(6916009)(26005)(122000001)(64756008)(86362001)(2906002)(66476007)(66556008)(8936002)(786003)(33656002)(316002)(8676002)(71200400001)(75432002)(6506007)(7696005)(7116003)(220243001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?V3aqiDRPfbsGmlisQSai32OKp+rxjEr8esL1n4noEP5MrQqli9C+eIDVdVtl?= =?us-ascii?Q?1zx2VITVOht5Wj4qx2eBBICHjscujvB+FhPfwHTdZ+GK28zOWNMS1r0o0hVQ?= =?us-ascii?Q?pUfGBrmuYPiMVAGTvVoioHlVBxljvxo3ojb/F2tTDfNth2egLnzMk8eUXff9?= =?us-ascii?Q?EoAnyq0m5WK3AcxI8jyjmqWiRiNyLYOfkxznvJrXEQLbGSwAZ8+Gx9SRG6Zu?= =?us-ascii?Q?uvogp3x6rngtbbeEFKu5+LTNtX9PaIllhvxdBlDXZDIiVvv4R8YG67W/17MM?= =?us-ascii?Q?xw+KnsXIwuHFSuhmazqDcZwiH+KMQDvlmBDoKFqXtzrCCImcF37I/EFrgrOr?= =?us-ascii?Q?tdNFZpN7rI1ZsMwXnIs70B29S0PTAQ7Bh/oW2idswVL6rttm/ZHF88zNhCDf?= =?us-ascii?Q?HbVHly4OskRUbCCNoqvPlkPqHOAFgkaCZ6vnNc7W2J6ulsbgZg3/Im03TX+/?= =?us-ascii?Q?5u/AiEpLo7RQ+Bkm5sZ7YqVs1DvvD1agH8t+qiiz6di6Iseqne+uKFPOG3+0?= =?us-ascii?Q?ZWF0npZothAn70v0iBFENDuFvcBMw/fQsOsPX0zeOiSXRI9St/3SRW6cKB+g?= =?us-ascii?Q?JBp1EQIw64rR0HJlRAcMJPOnp3CwtMN3gj7jeqTVFii/fop0VElmnmAYAaNN?= =?us-ascii?Q?tJ2/FS/I1fx/yKEpA6X9qhkrJzh0pmGvw9bLnZXA3nTg2qvGxsUqYANTM5Rh?= =?us-ascii?Q?WUR56O4ypRkeQke1v+8z67PHG1EtAMpNoWVccmc7Q4f9/Z+YN1QBb6X4gk55?= =?us-ascii?Q?Eug92owBSPT3ZJ6tccxZC1bLCIQp98us01NYjvD/uNoYMjewOvZpi21usHcA?= =?us-ascii?Q?4YPxJcB/k2YGkYgskBvtLMZdvugnXYAvFr9jd8ixCBajdrKQTCFvsrru89L/?= =?us-ascii?Q?ezIrrUgSbwSquWYw3rJIQ/Fo6h/Vs2zFVd9ESiYZuglQRen5hch2NOycWZuT?= =?us-ascii?Q?LO/aex+4bug4sQ1cBPX7nZpjINLWr8e5Y06dRYhUUfz0IRklCTDFZ9/nYcc/?= =?us-ascii?Q?r4e0SjaRetd2Z6ex8defjWVOrguxQxcwL7Xw1OsIbdUc2eKzN1gWswdF75qp?= =?us-ascii?Q?e0EwmecXLXxhwHfam/GIVNemSoR1bdRH6GpHoTSVkk1xCEH9Gni+no4gV74d?= =?us-ascii?Q?Xnjr1wacPmWPrRoPfG624JHr6tHNzhtpQiGxqbPMsHpGDk2JxSnq67f6ejSd?= =?us-ascii?Q?TX/BRmOmQiTX+9X0OpZNe9BUD/pSy5qC35MXOAeYbZLPfUS7QngFrouhhNge?= =?us-ascii?Q?f4p19jP7VDedE+TuKIZJ6dk+doEdPtuhLVv7utdXOYKPm/b8yKDzZEgL6bGB?= =?us-ascii?Q?bWcINrxuG5+ICRISU4HqJCeuiVnJdiuAq6yN5zr25Azq5kZy0NrE1n3yhYnj?= =?us-ascii?Q?/F7x4+B5OTvor9X2URQ1O23e0VRPr7Z8lXkvvtf/6AYba2gHn55lwP+ueK1z?= =?us-ascii?Q?6DRHZ5WbdOmeDexB7KQOeOuVsAvbBbjSWHI5LWtrUKDLaHcTDVO9CoCnxkVT?= =?us-ascii?Q?pQiaoRSWhMUh3Pb3qHv7NcyVwVMyouPAbvKVAHUfLbaRJvGi3RRG6gfzJ5S8?= =?us-ascii?Q?RQNc7m8Pl04dW9q2LnPUvaUMPFkCog2tIO2/6sWLlHHLgGBfxYZFAVg+sRim?= =?us-ascii?Q?OWfJCqKURvnsFYu7JhY126JUt+GQ+bllzzHN7/Q3MKRJVHuWjtpan+OnUCZK?= =?us-ascii?Q?iXOnNSaKEMO82R1OBfGy5cUfDz9AStaASaYjqdAfvyDKJBXdjsSA9rcvq9ur?= =?us-ascii?Q?7vYEGMSPKA=3D=3D?= Content-Type: text/plain MIME-Version: 1.0 X-OriginatorOrg: snhu.edu X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DS7PR05MB7221.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 50542666-a20f-45b1-df02-08da39ba821e X-MS-Exchange-CrossTenant-originalarrivaltime: 19 May 2022 17:10:43.5639 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2baef15b-b8de-423f-9d8a-46f3686d8848 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: IhGbTbzXOf0CGwcGuV42T2fNAJH6jT2SUqYcepRCBIu5u1+M0zXC1RtOaCwLkdv2CzxWp7RHHGd+MunOgDX3hw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR05MB4592

Hi, I am trying to setup an airflow application in ECS using EC2 launch type using teraform. Now I get error for webserver (saying task failed loadbalancer health check).I have tried various solutions but still it isint working. With the same code using Fargate launch type I am not receiving this error. Can you please help solve the issue

When to propose AWS Network Firewall vs 3rd party such as Paloalto VM Series for network inspection, IDP/IPS etc. In which scenarios native soltuion will not work?

I know we can use AWS console to add PTR if I have an A records in AWS Route 53 hosted zone. But my situation is: my domain name is managed by another DNS service provider rather than AWS, so I cannot create the A record for my domain in AWS Route 53. Got the error saying "update reverse DNS failed". Any thought?

Is their a simple way to search across all hosted zones looking for records either by name or IP address. We have more than 1200 zones in Route 53. I would like to be able to search for all a records that have a specific ip IE i want to see all records that match 200.200.200.12 or iwant to search for any resource records across all zones that have txt record called verify-service. currently the only way i see to do that would be to write a script that first gets a list of all zones then search each zone individually and concatonate those in to a single response. I dont see any way to make that work quickly if it have to make a separate API call for each zone. With the api limit of 5 requests per second it would take a least 4 minutes per search and we plan on adding at least another 600 zones in the next 12 months..

Dear AWS, We need to create greengrass deployments and are using following cli command https://awscli.amazonaws.com/v2/documentation/api/latest/reference/greengrassv2/create-deployment.html. It looks like this option is missing from the command, could you please add it if it's indeed missing or advise on how to add it? Thank you in advance. With best regards

**Steps to reproduce:** 1. Add 300 email templates in us-east-1 region 2. Try to [listEmailTemplates](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/SESV2.html#listEmailTemplates-property) with AWSJavaScriptSDK in a loop with 10 value page size. **Expected result:** All emails are listed **Current result:** Error while pagination: ``` Invalid PageToken <AAAAAAA.... ``` Everything works fine in `us-west-2` region

Hi everyone, I need to create a backup for AWS MSK, and I found this article https://aws.amazon.com/en/blogs/big-data/back-up-and-restore-kafka-topic-data - using-amazon-msk-connect/ but the problem is that we have too many topics and new topics are created every day. How do I use this MSK backup solution in disaster recovery cases?

Hi, I have set up a MSK cluster with SASL/SCRAM authentication. I have stored the username and password in a secret using AWS Secrets Manager. Now I am trying to set the topic in the MSK cluster as an event source to a Lambda function. In order to do so, I am following this documentation: https://aws.amazon.com/blogs/compute/using-amazon-msk-as-an-event-source-for-aws-lambda/ However the above documentation is for unauthenticated protocol. So I tried to add the authentication and the secret. I also added a policy in the execution role of the Lambda function that lets it read the secret value: "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:*" ], "Resource": [ "arn:aws:secretsmanager:****:*******:secret:*" ] }, { "Effect": "Allow", "Action": "secretsmanager:ListSecrets", "Resource": "*" } ]} When I am trying to add the trigger, I am getting the error: An error occurred when creating the trigger: Cannot access secret manager value arn:aws:secretsmanager:*****:*****:secret:*******. Please ensure the role can perform the 'secretsmanager:GetSecretValue' action on your broker in IAM. (Service: AWSLambda; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: ****; Proxy: null) I am not able to understand this error since I have included in the policy all the Actions from "secretsmanager" on all the Resources in my account. Can someone help?

No streaming resources are available for your session. Try again in a few minutes. If this problem continues, contact your administrator. When I generate 4 streaming url, I am getting above issue. Could please help on this? Auto Scaling Instance type :stream.standard.medium Fleet type:On-demand Disconnect timeout 15 Minutes Idle Disconnect Timeout 5 Minutes Stream view App Maximum session duration 960 Minutes Minimum capacity 2 Maximum capacity 5 IAM role None Desired Capacity 2 Scale In Policies default-scale-in: If Capacity Utilization <= 25 % then remove 1 instance(s) Scale Out Policies default-scale-out: If Capacity Utilization >= 75 % then add 2 instance(s)

I use AWS S3 API to upload files to some buckets, however, I need to create a new user that only has permission to upload to certain buckets and only through restricted IPs, other IPs should be blocked. Another permission I need is to delete objects, but only from an allowed IP. Regarding the download, anyone on the internet can access this file (if they have the link). The problem is that I think I found some articles that would help me with this issue, but they don't tell me exactly which menu within the AWS Console I should access to be able to perform these actions. For example, this link ([https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-language-overview.html]()) seems to talk about how to restrict the access to a bucket, but it doesn't tell me exactly which location/menu in the console I use to access this setting. TLDR: What is the path/menu in the Console to set Policies and Permissions in Amazon S3 on a bucket in S3?

Hello. One of my environments is using a Classic Load Balancer. Sometimes, the queries I run in our database take more than just one minute, so I needed to increase the idle timeout of the Load Balancer (which is one minute by default). We followed the instructions and changed it to 3600 (s). However, I'm still getting the "connection closed" message after just one minute, so the new value of the idle timeout seems to have no consequence. Is there anything else I should be doing?

Hi community, When launching AWS Client VPN on Ubuntu 22.04, it briefly opens but suddenly crashes. Do you guys plan to support the client in Ubuntu 22.04? Thanks in advance.