AWS Well-Architected Framework

AWS Well-Architected helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads. Based on six pillars — operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability — AWS Well-Architected provides a consistent approach for customers and partners to evaluate architectures, and implement designs that can scale over time.

Recent questions

see all
1/18
  • Login request was received, the username and password were correctly extracted from the request body, and a user with ID 1 was found in the database. The form still 504 fails eventually. my index.js, db.js, users.js, and login.html all seem fine. I'm on Lightsail so unfortunately I've had to use SQL Workbench this whole time. Not sure if there's an issue with the Lightsail to DB communication? It's been a pain to try to figure out Lightsail with the 'module' stuff like databases. users.js : ``` const connection = require('./db'); const bcrypt = require('bcrypt'); const saltRounds = 10; class User { constructor(id, username, password, email, createdAt, updatedAt) { this.id = id; this.username = username; this.password = password; this.email = email; this.createdAt = createdAt; this.updatedAt = updatedAt; } static create(username, password, email) { const now = new Date().toISOString(); const sql = `INSERT INTO loginserver (username, password, email, created_at, updated_at) VALUES (?, ?, ?, ?, ?)`; bcrypt.hash(password, saltRounds, (err, hash) => { if (err) { console.error('Error hashing password:', err); return; } const values = [username, hash, email, now, now]; connection.query(sql, values, (err, result) => { if (err) { console.error('Error creating user:', err); return; } console.log('User created with ID', result.insertId); const user = new User(result.insertId, username, hash, email, now, now); return user; }); }); } static getByUsername(username) { const sql = `SELECT * FROM loginserver WHERE username = ?`; connection.query(sql, [username], (err, results) => { if (err) { console.error('Error getting user by username:', err); return; } if (results.length === 0) { console.log('User not found'); return null; } const { id, username, password, email, created_at, updated_at } = results[0]; console.log('User found with ID', id); const user = new User(id, username, password, email, created_at, updated_at); return user; }); } checkPassword(password) { return new Promise((resolve, reject) => { bcrypt.compare(password, this.password, (err, isMatch) => { if (err) { console.error('Error checking password:', err); reject(err); } else { resolve(isMatch); } }); }); } update() { const now = new Date().toISOString(); const sql = `UPDATE loginserver SET username = ?, password = ?, email = ?, updated_at = ? WHERE id = ?`; const values = [this.username, this.password, this.email, now, this.id]; connection.query(sql, values, (err) => { if (err) { console.error('Error updating user:', err); return; } console.log('User updated with ID', this.id); this.updatedAt = now; return this; }); } delete() { const sql = `DELETE FROM loginserver WHERE id = ?`; connection.query(sql, [this.id], (err) => { if (err) { console.error('Error deleting user:', err); return; } console.log('User deleted with ID', this.id); return; }); } } module.exports = User; ``` index.js : ``` const express = require('express'); const https = require('https'); const socketIO = require('socket.io'); const path = require('path'); const fs = require('fs'); const mysql = require('mysql'); const User = require('./server/users'); const bodyParser = require('body-parser'); const app = express(); const server = https.createServer({ key: fs.readFileSync('/etc/letsencrypt/live/ispeedrun.tv/privkey.pem'), cert: fs.readFileSync('/etc/letsencrypt/live/ispeedrun.tv/fullchain.pem') }, app); const io = socketIO(server); // Add this before the routes app.use((req, res, next) => { console.log('Request received'); next(); }); app.use(express.static(path.join(__dirname, 'views', 'public'))); app.use(bodyParser.urlencoded({ extended: false })); app.use(bodyParser.json()); app.get('/', (req, res) => { res.sendFile(path.join(__dirname, 'views', 'index.html')); }); app.get('/live', (req, res) => { res.sendFile(path.join(__dirname, 'views', 'live.html')); }); const connection = mysql.createConnection({ host: 'ls-7f5846c26112d5a110aa9ce17f20838297ce7c51.cdnunzehdfq0.us-east-2.rds.amazonaws.com', port: '3306', user: 'dbmasteruser', password: '', database: '' }); connection.connect((err) => { if (err) { console.error('Failed to connect to MySQL:', err); return; } console.log('Connected to MySQL database'); }); io.on('connection', (socket) => { console.log('WebSocket connection established'); socket.on('message', (msg) => { console.log('message: ' + msg); io.emit('message', msg); }); socket.on('disconnect', () => { console.log('WebSocket connection closed'); }); }); // add this route to handle form submission app.post('/login', (req, res) => { console.log('Received login request'); console.log('Login request received:', req.body); // Log the received request const { username, password } = req.body; User.getByUsername(username, (err, user) => { if (err) { console.error('Error getting user:', err); res.status(500).send('Internal server error'); return; } if (!user) { res.status(401).send('Invalid username or password'); return; } user.checkPassword(password, (err, isMatch) => { if (err) { console.error('Error checking password:', err); res.status(500).send('Internal server error'); return; } if (!isMatch) { res.status(401).send('Invalid username or password'); return; } res.status(200).send(); // Send a 200 status code to indicate a successful login }); }); }); // Add this after the routes app.use((req, res, next) => { console.log('Response sent'); next(); }); const PORT = process.env.PORT || 6611; server.listen(PORT, () => { console.log(`Server running on port ${PORT}`); }); ``` login.html : ``` <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>iSpeedrun.TV - Login</title> <link rel="stylesheet" href="styles.css"> <style> /* Keep the same styles as index.html */ .main-container { display: flex; flex-direction: row; } .video-container { width: 1280px; height: 720px; margin-right: 20px; } .video-container iframe { width: 100%; height: 100%; } .sidebar { width: 300px; height: 720px; display: flex; flex-direction: column; justify-content: space-between; } .sidebar-item { display: flex; align-items: center; padding: 10px; background-color: #222; color: #fff; font-size: 14px; } .sidebar-item img { width: 60px; height: 60px; margin-right: 10px; } header { display: flex; justify-content: space-between; align-items: center; background-color: #222; color: #fff; padding: 10px; } nav ul { display: flex; list-style: none; padding: 0; margin: 0; } nav li { margin-right: 20px; } nav a { color: #fff; text-decoration: none; font-weight: bold; font-size: 16px; text-transform: uppercase; } nav a:hover { color: #ff0000; } .login-container { background-color: #fff; padding: 40px; border-radius: 10px; width: 70%; margin: 20px auto; box-shadow: 0 0 20px rgba(0, 0, 0, 0.5); } .login-container label { font-size: 20px; margin-bottom: 20px; } .login-container input[type="text"], .login-container input[type="password"] { width: 100%; height: 40px; margin-bottom: 30px; padding: 10px; font-size: 16px; border-radius: 5px; border: none; box-shadow: 1px 1px 5px rgba(0, 0, 0, 0.3); } .login-container button[type="submit"] { display: block; width: 100%; height: 50px; background-color: #e74c3c; color: #fff; border: none; border-radius: 5px; font-size: 18px; cursor: pointer; transition: background-color 0.2s; } .login-container button[type="submit"]:hover { background-color: #c0392b; } #message { font-size: 18px; color: red; margin-bottom: 15px; } </style> </head> <body> <header> <h1>iSpeedrun.TV - Login</h1> <nav> <ul> <li><a href="index.html">Home</a></li> <li><a href="livestream.html">Live Streams</a></li> <li><a href="about.html">About Us</a></li> <li><a href="contact.html">Contact</a></li> <li><a href="login.html">Login</a></li> </ul> </nav> </header> <main class="main-container"> <div class="sidebar"> <div class="sidebar-item"> <img src="https://via.placeholder.com/60x60.png?text=User+1" alt="User 1"> <p>User 1</p> </div> <div class="sidebar-item"> <img src="https://via.placeholder.com/60x60.png?text=User+2" alt="User 2"> <p>User 2</p> </div> <div class="sidebar-item"> <img src="https://via.placeholder.com/60x60.png?text=User+3" alt="User 3"> <p>User 3</p> </div> <div class="sidebar-item"> <img src="https://via.placeholder.com/60x60.png?text=User+4" alt="User 4"> <p>User 4</p> </div> </div> <div class="video-container"> <form class="login-container" action="/login" method="post" id="login-form"> <label for="username">Username:</label> <input type="text" id="username" name="username"> <label for="password">Password:</label> <input type="password" id="password" name="password"> <div id="message"></div> <button type="submit">Login</button> </form> </div> </main> <script> const form = document.getElementById('login-form'); const message = document.getElementById('message'); form.addEventListener('submit', async function(event) { console.log('Form submitted'); event.preventDefault(); // Prevent the form from submitting normally const username = document.getElementById('username').value; const password = document.getElementById('password').value; try { console.log('Sending request to server'); const response = await fetch('/login', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ username, password }), }); console.log('Server responded with status:', response.status); if (response.status === 200) { localStorage.setItem('loggedIn', 'true'); window.location.href = 'index.html'; } else { const error = await response.json(); message.textContent = error.message; } } catch (error) { console.error('Error:', error); message.textContent = 'An error occurred. Please try again.'; } }); </script> </body> </html> ```
    0
    answers
    0
    votes
    11
    views
    asked 5 hours ago
  • MY VPS DOES NOT WORK, WHEN I OPEN IT IT TAKES 2 MINUTES TO JUST OPEN AND WHEN I DOES I GET A BLACK SCREEN AND AFTER A FEW SECONDS IT JUST TURNS OFF AND RETURNS ME TO MY DESKTOP. TO SUM IT ALL UP YOUR VPS DOES NOT WORK AT ALL, I DONT HAVE A PROBLEM INDISE THE VPS I HAVE A PROBLEM WITH THE VPS IT SELF ,IT DOES NOT RESPOND TO ANYTING ITS COMPLETELY USELSS AND I HAVE LEFT MY TRADING EA ON YOUR VPS TO RUN , AND IT DOES BUT NOW I NEED TO GO INSIDE THE VPS TO TURN IT OFF BECUASE IM CURRENTLY LOSING MONEY BECAUSE OF YOUR SHITTY PRODUCT. PLEASE TURN OF MY VPS AND CANCEL MY SUBSCRIPTION IMEDDIATELY!!!!!!!!!
    0
    answers
    0
    votes
    20
    views
    Karlo
    asked 8 hours ago
  • How do I report a suspected fraudulent account? I opened an Abuse case only to have the Trust & Safety Team bot reply that my question needed to go to Billing. I opened a Billing case only to have that bot tell me I needed to be able to login to the fraudulent account before I could discuss the account. It should not be this difficult to report fraud activity, or has it not occurred to anyone at AWS that fraud exists?
    2
    answers
    0
    votes
    15
    views
    asked a day ago
  • i have attached private subnet 1c to public application load balancer. what would happen with the server which is in public subnet 1c. will the traffic reach to that server ?
    1
    answers
    0
    votes
    14
    views
    Cfr
    asked a day ago
  • Hi All, is there anyone tried to configure CloudTrail for Redshift? we are trying to do this to get the IAM user activity who run the query in query editor v2. We have found few docs and followed the steps to configure the CloudTrail, we cant get the logs we are looking forward. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-tutorial.html https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.html This is the docs we have found to show us CloudTrail can integrate with Redshift. And it can get the log result for the query editor v2. https://docs.aws.amazon.com/redshift/latest/mgmt/logging-with-cloudtrail.html But it doesn't show the steps that how to logging the calls with CloudTrail. Looking forward the guidance from you all, so that we can learn together. Thanks.
    0
    answers
    0
    votes
    11
    views
    asked 2 days ago
  • I'm new to AWS and I'm trying to set up an Express server on Beanstalk and I'm logging to Cloudwatch. I just set it up and got all the HTTPS stuff going and I'm able to use it on my app, but I noticed there were some weird logs in the `nginx/error.log` and `nginx/access.log` **nginx/access.log** ``` xxx.xx.xx.xxx - - [27/Mar/2023:19:40:40 +0000] "\x16\x03\x01\x00\xA7\x01\x00\x00\xA3\x03\x03\x9E\xF3D\x02\x03\xD0R\xAAW\xA6\x7F]*U\x8A\xAC\x10\x22P \x8E\xA6\x10\x1F" 400 150 "-" "-" "-" ``` **nginx/error.log** ``` 19:58:56 [warn] 9004#9004: *143823 using uninitialized "year" variable while logging request, client: xxx.xx.xx.xxx, server: , request: "��[�) �!▴�0��햱�HX��6�]$w_�z� � ���xB��}{�p+�1l3~�G��>��n�&�+�/�#�'� ��,�0�$�(��" 19:58:56 [warn] 9004#9004: *143823 using uninitialized "month" variable while logging request, client: xxx.xx.xx.xxx, server: , request: "��[�) �!▴�0��햱�HX��6�]$w_�z� � ���xB��}{�p+�1l3~�G��>��n�&�+�/�#�'� ��,�0�$�(��" 19:58:56 [warn] 9004#9004: *143823 using uninitialized "day" variable while logging request, client: xxx.xx.xx.xxx, server: , request: "��[�) �!▴�0��햱�HX��6�]$w_�z� � ���xB��}{�p+�1l3~�G��>��n�&�+�/�#�'� ��,�0�$�(��" ``` I tried looking it up and all I got was someone else saying someone was trying to constantly ping me. Is this something I need to worry about? If not, is there a way to get rid of these logs so it doesn't clutter my logs? Would I just have to block these IP addresses? Let me know if I need to provide more information, thank you!
    0
    answers
    0
    votes
    13
    views
    asked 2 days ago
  • Hi everyone, I have a question about if i need make a setting or configuration to previse any afectation by summer time change, that as we know, it should not be done anymore Im interesting on RDS, however is good knows if any another service have this problem and need to be configured Thanks in advance.
    0
    answers
    0
    votes
    7
    views
    Erick
    asked 2 days ago
  • I added an Inbound Rule to a Security Group, temporarily. After I was done with it, I attempt to remove it. When I try I get the following error... There was an error modifying your security group inbound rules The specified rule does not exist in this security group. It is still listed as a rule, but I cannot delete it. Advice? thx
    1
    answers
    0
    votes
    22
    views
    asked 2 days ago
  • Hi all, I'm using the AWS Transfer Family service to transfer files using the AS2 protocol, and I'm having trouble whitelisting an IP or URL for the connector used by the service. Specifically, the connector does not have a static IP address, so I'm not sure what IP or URL I should whitelist on my partner's AS2 server. I found a list of all the IP ranges used by AWS services at https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html, but I'm not sure which IP ranges I should put on the whitelist for the Transfer Family AS2 service connector. Is there a specific IP range or URL that I should whitellist for this purpose? Or is there a different approach I should take to configure network security rules for the connector? Any help or guidance would be greatly appreciated! Thanks in advance for your help!
    1
    answers
    0
    votes
    34
    views
    Max_H
    asked 3 days ago
  • I want to add range of IPs in outbound rules in security group. How can I do that ?
    2
    answers
    0
    votes
    23
    views
    asked 3 days ago
  • When we start with control tower, 2 accounts within security OU, i.e. log archive and audit accounts are created. On this structure I have a few questions: 1) I read detective guardrails are implemented by AWS config. But why can't I see those under config rules of AWS Config service. 2) I understand that Audit account has power to access other accounts programmatically. I thought this is the reason why security services like security hub, aws config and other security related services are hosted here. But in my project, security services are hosted in a separate account rather than audit account. If so, what is the purpose of audit account. Also, is it necessary for the account which holds centralized aws config aggregator, security hub etc. to have a programmatic access on other accounts? 3) By default, does log archive account just collects cloudtrails from all other accounts. Under AWS best practices, I see that audit account holds all the security services and also acts as a AWS config aggregator. At the same time, all logging (including DNS, VPC etc.) happens under Log archive account. If so, do we need to explicitly send aggregator logs in audit account to centralized s3 bucket under archive account.
    1
    answers
    0
    votes
    22
    views
    nishan
    asked 3 days ago
  • Hello everyone, I think you have also experienced this problem. I deleted the google authenticator app on my old phone and didn't move the account. On my new phone, I can't get the verification code. How can I re-enable 2fa app for my root account. I looked at many articles and progressed by marking troubleshooting, but it keeps looping. As a result, how can you disable and re-enable 2fa in your root accounts without entering the console? Best regards
    2
    answers
    0
    votes
    36
    views
    asked 4 days ago
  • I'm trying to modify the networking configuration for my ECS cluster. During the creation process, I was able to specify the VPC and subnets, but I did not see an option to specify a security group. How can I specify a security group for my ECS cluster, and how can I add additional security groups to the cluster after it has been created? Thank you.
    2
    answers
    0
    votes
    24
    views
    asked 5 days ago
  • I want to be able to implement Attribute Based Access Controls on a complex data system. To implement this, I want to use a dynamic verification ideally completely in IAM to preserve performance. For example: Person A has been given permissions to see objects with Green, Purple and Blue categories, but cannot see objects that have a Vehicle category. Person B can see Purple and Vehicle but cannot see Green or Blue. Object A is stored in the Vehicle category S3 and is also contains Blue data. We initially looked at tags, but the customer currently manages thousands of tags and that equates to billions of potential tag combinations - and this number is always growing. I am looking for a clean way to implement this access control that would meet these requirements.
    1
    answers
    0
    votes
    18
    views
    Rob
    asked 5 days ago
  • As a part of increasing the AWS security score, I wish to set up a log metric filter and alarm for the following actions :- 1. Changes to network gateways 2. Route table changes 3. Changes to Network Access Control Lists (NACL) 4. Security group changes 5. VPC changes 6. Unauthorized API calls 7. Management Console sign-in without MFA 8. AWS Management Console authentication failures 9. CloudTrail configuration changes 10. IAM policy changes 11. S3 bucket policy changes 12. Disabling or scheduled deletion of customer-created CMKs There is just one root user. I wish to estimate the cost of this operation. [PFA screenshot of failed controls](/media/postImages/original/IMLIP77JscTuCyktECxGF3sg)
    0
    answers
    0
    votes
    32
    views
    asked 6 days ago
  • Why is Fail2Ban completely missing from AL2023 repos? Are there instructions, including dependencies for hand installation on AL2023? Why would Amazon leave this standard component of basic hacker prevention and security out of the stack?
    1
    answers
    0
    votes
    13
    views
    ChrisK
    asked 6 days ago
  • I have securityAudit permission for a given account, I want to programmatically obtain the account alias/name for the target account? Closest I can find information is related to "Organizations" api (describe-account), but that can only be used on the target account itself (and only on root organization/delegated account). Is there any other API that I can call to get this information?
    1
    answers
    0
    votes
    16
    views
    asked 6 days ago
  • I am following the link:- https://docs.snowflake.com/en/user-guide/admin-security-privatelink This is to set up the private link between AWS and Snowflake. The first command is aws sts get-federation-token --name sam Here i am replacing the name Sam with Root user and executing in Cloudshell. error occurred (AccessDenied) when calling the GetFederationToken operation: Cannot call GetFederationToken with session credentials Not sure if it has to do with permissions. Please advise
    2
    answers
    0
    votes
    24
    views
    asked 6 days ago

Recent articles

see all
1/4

Popular users

see all
1/18