Is AWS Elasticsearch a fully managed service or is it simply an Elasticsearch installation on a set of ec2 instances?

I want to understand the difference between the AWS Elasticsearch service and the on-premises version. Does AWS provide a fully managed service for Elasticsearch (such as DynamoDB, SQS, etc.) Should we manage at the node level and ensure that Elasticsearch has a configuration appropriate for the type of node? production environment?
Enjoy your comments about it.

Thank you

amazon – WordPress hosted on AWS EC2

This type of question is not accepted on Stack Exchange of WordPress. Please check the accepted topics. Below some information for you.

If the client's WordPress site is running on an Amazon EC2 instance, you have nothing to do. WordPress Core, Plugin and Themes can be updated from the WordPress admin dashboard without having to do anything with the instance.

But if the client site has been deployed with the help of Amazon RDS and Elastic Beanstalk for high availability, then you will need to deploy WordPress on another instance of Elastic Beanstalk by backing up first your original WordPress site. You'll find the steps in the topic Deploying a High Availability WordPress Web Site with an External Amazon RDS Database on Elastic Beanstalk.

If you want to switch to a new instance of EC2 for whatever reason and install WordPress, I recommend you follow the WordPress Setup Guide on Ubuntu 18.04 from Digital Ocean after creating the EC2 instance and then have inserted SSH-ed. . You can also find the guide to various other versions of Linux on this page.

If you want everything to be automatically configured for you, launch WordPress with OpenLiteSpeed ​​on AWS. The market has the script built and will launch everything for you. Simply point your domain name to the IP obtained for the instance, open the site, follow WordPress for 1 minute (Setting up the first user.You do not have to add database information.), Then export what you want. WordPress Core updates, plugins and themes are done from the WordPress admin dashboard.

Difficulty activating SSL on an old EC2 instance running Apache and Amazon Linux 1

Hello. I had trouble understanding why my Amazon Linux EC2 instance (1) does not serve my site at the https:// address, although I confirmed that the SSL protocol is configured, see https://www.ssllabs.com/ssltest/. I've been browsing the web looking for answers and I'm always running out. I've got the following header information from two site queries; one with and one without https://. www.example.net and the nonwww work but only without https://. Much of this is alien to me, though.

GET / HTTP/1.1
Host: example.net
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 5949
Content-Type: text/html; charset=utf-8
Date: Fri, 18 Oct 2019 19:18:46 GMT
Keep-Alive: timeout=5, max=99
Server: Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40
Vary: X-Requested-With,Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Powered-By: Nette Framework
GET / HTTP/1.1
Host: example.net:443
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

HTTP/1.1 301 Moved Permanently
Content-Length: 98
Content-Type: text/html; charset=utf-8
Date: Fri, 18 Oct 2019 19:09:13 GMT
Location: http://example.net/
Server: Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40
Vary: X-Requested-With
X-Frame-Options: SAMEORIGIN
X-Powered-By: Nette Framework

Can someone confirm what could be wrong? My configuration files all seem to point to my certificate files (generated from Lets Encrypt after following this article: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-amazon-linux -2 .html). I also do not think I've seen anything confusing in the .htaccess, and when I redirect him to HTTPSyes, but the page she leads is empty.

What is the problem? Is there anything else that I can look at that might need to be updated? Thank you in advance.

amazon ec2 – What is the default Ubuntu EC2 password?

I'm trying to run the command systemctl enable mongod.service on an EC2 instance running Ubuntu, but it asks me for the password for the ubuntu user. I do not use a password to connect to the server and as far as I can remember, I never set it. When I try to run passwdI am prompted to enter the existing password of the user, but I do not have it (press Enter without entering anything fails).

What is the default password? Can I configure it using the root user? For some reason, the user of ubuntu had a password set by default, but root no?

python 3.x – ec2 – connect and download 1 table from sqlite3 database?

I have two large database (sqlite3), they are around 5.3 and 3.6 GB, on an ec2 instance.

I want to be able to access particular tables in these databases and perform calculations. If I try to select all entries on the instance itself using pandas I have a Memory error.

I can use paramiko to connect to the database but is it possible to download a single table from the database?

Charged for EC2 in the absence of running instance

I'm trying to figure out why I'm being charged for EC2 instances while none of my instances are running (and in fact I have not even stopped any of them!) 39; instances). See the screen shot below. Also please ask if there is more information that I should provide. Thank you!
enter the description of the image here

enter the description of the image here

ubuntu – the mysql data node does not connect to the node manager on AWS EC2

I'm trying to configure mySql Manager + Data Node + SQL Server (Server A) and another cluster of Data Nodes on (Server B). Both under Ubuntu 16.04 amd_64

Server A

/ etc / hosts also on server B

Both private ip
172.xx.xx.xx ip-172-xx-xx-xx-eu-west-1.compute.internal
172.xx.xx.xx ip-172-xx-xx-xx.eu-east-1.compute.internal

/config.ini

(ndbd default)
 NoOfReplicas=2  # Number of replicas

(ndb_mgmd)
hostname=ip-172-xx-xx-xx.eu-west-1.compute.internal <- Server A
datadir=/var/lib/mysql-cluster
NodeId=1

(ndbd)
hostname=ip-172-xx-xx-xx.eu-west-1.compute.internal <- Server A
NodeId=3
datadir=/usr/local/mysql/data

(ndbd)
hostname=ip-172-xx-xx-xx.eu-east-1.compute.internal <- Server B
NodeId=2
datadir=/usr/local/mysql/data

(mysqld)
hostname=ip-172-xx-xx-xx.eu-west-1.compute.internal <- Server A
/etc/my.cnf

(mysqld)
ndbcluster

(mysq_cluster)
ndb-connectstring = ip-172-xx-xx-xx.eu-west-1.compute.internal <- Server A

Server B

/etc/my.cnf

(mysqld)
ndbcluster

(mysql_cluster)
ndb-connectstring=172.xx.xx.xx <- Server A private ip

Server A error

running ndbd gives me this error

(ndbd) INFO     -- Angel connected to '172.xx.xx.xx:1186'
(ndbd) ERROR    -- Failed to allocate nodeid, error: 'Error: Could not alloc node id at 172.xx.xx.xx port 1186: Connection done from wrong host ip 172.xx.xx.xx.'

Server B error

running ndbd gives me this error

Unable to connect with connect string: nodeid=0,172.xx.xx.xx:1186
Retrying every 5 seconds. Attempts left: 12

ndb_mgm

-- NDB Cluster -- Management Client --
ndb_mgm> show
Connected to Management Server at: 172.xx.xx.xx:1186 <- A
Cluster Configuration
---------------------
(ndbd(NDB)) 1 node(s)
id=2 (not connected, accepting connect from 172.xx.xx.xx) <- B

(ndb_mgmd(MGM)) 1 node(s)
id=1    @172.x.x.x  (mysql-5.7.22 ndb-7.6.6)

(mysqld(API))   1 node(s)
id=3 (not connected, accepting connect from 172.xx.xx.xx) <- A

I do not know how I would connect to mysqld (API) for it to work properly after installing the server / client cluster.

In addition, I entered both instances A and B to accept all traffic between all port ranges 1000-60000, just in case I miss something, and the outbound traffic is open to everything.

I wonder what I miss, I am so tired today trying to find out what is happening with the installation.

Any help would be appreciated!

attack prevention – How to defend against the theft of identification information in EC2 via the API http://169.254.169.254?

AWS has a feature called instance metadata, which on EC2 gives you access to AWS credentials through HTTP calls:

curl http://169.254.169.254/latest/meta-data/iam/security-credentials/

The functionality itself is intentional, so technically not a vulnerability. The risk is also indicated in the documentation:

If you use services that use instance metadata with IAM roles, be careful not to expose your credentials when the services are making HTTP calls on your behalf. The types of services that might expose your credentials include HTTP proxies, HTML / CSS validation services, and XML processors that support XML inclusion.

As long as an application can not be deceived by an attacker to make such a request and to produce its response, it is certainly a practical feature. Unfortunately, it is a common source of attacks.

Of course, a server must first correctly check all URLs, but in the spirit of defense in depth, I wonder if it is possible to disable it, or to allow it only at startup (before opening ports).

Questions:

  • Is it technically possible to disable this feature? In other words, how can I make sure that the requests for http://169.254.169.254/ are blocked?
  • If this is technically possible, are there any disadvantages to blocking it?
  • Is there a way to always have access to the safe parts of the API, but not the critical elements? Maybe by whitelisting specific paths? For example, I see the point of allowing /meta-data/spot/instance-action, which tells you if your point instance EC2 has been programmed for termination.

"Initial login" very slow on EC2 via SSL

I'm using Bitnami + WordPress on Ubuntu 16.04 provided by AWS.
When I access my website, it takes too long to wait from time to time. Although I have found that sometimes it takes about 20 seconds for an "initial connection", I do not know why. Could someone tell me what can be the solution?

System configuration
– ALB with a single instance
– The ALB transfers all access to the instance
– The instance only accepts access from ALB

My assumption is that the SSL connection between ALB and the instance is causing the problem, but it is not certain.
(In the error log: minto-chan.com:443:0 the server certificate does NOT include the ID corresponding to the server.)

Thank you in advance.

Amazon Web Services – How to Measure Go-Seconds for AWS EC2

We are studying the possibilities of transferring our application from an EC2-based implementation to AWS lambda. We try to predict how much we will save if we do it. The lambda rate indicates that it gives 400,000 free GB-seconds per month and a tiny amount for each GB-second after. How do I know from my AWS console how many Go-seconds I use per month now?