If I want to pub/sub to Amazon MQ from an EC2 instance, do I need to attach a specific IAM policy to the instance? I didn't see anything of the sort in the documentation I read about MQ but it feels off not to.
Related
I am a kafka newbie. I've to list the topics in the MSK(https://console.aws.amazon.com/msk/home) . I login to msk but there is no console there to run the relevant commands to list the topics. So I am trying to figure out on which EC2 is the MSK running so I can log in that machine. But I've not been able to figure out how to map the relevant EC2 instance to my current running MSK.
MSK is a managed service, which means Amazon manages the servers for you. You don't get access to the underlying servers of managed services on Amazon. If they even use EC2 instances behind the scenes (they probably do) those EC2 servers won't be visible to you.
To list the topics on your MSK cluster, you would need to do something like this from an EC2 server in the same VPC:
bin/kafka-topics.sh --list --zookeeper <zookeeper endpoint>
Where <zookeeper endpoint> is the ZooKeeper endpoint of your MSK cluster.
See the official documentation on this subject here.
I have setup one project in AWS Cloud Service. There I was using EC2 Instance, AMI, Elastic IP, Internet Gate Way, NACL, Route Table, Security Group, custom VPC, Private and Public Sub net, Elastic Load Balance, Auto scaling, Launch Configuration, KMS-key, Lambda, RDS Aurora Instance, S3 Bucket, Simple Email Service, Simple Queue Service, Simple Notification Service, Cloud watch logs. Now My client asking to migrate all services from existing AWS account to New AWS Account.
How to achieve this?
Just contact AWS support. If you are doing a migration not a copy, then the account can be changed with no interruption of service directly by AWS. Open a case in the AWS support center. See docs
If you need a copy of those services into a different account, is a more complicated task as your will have to create different physical resources. For that I would recommend using CloudFormation.
Google failed me again or may be I wasnt too clear in my question.
Is there an easy way or rather how do we determine what services are VPC bound and what services are non-vpc ?
For example - EC2, RDS require a VPC setup
Lambda, S3 are publicly available services and doesn't need a VPC setup.
The basic services that require an Amazon VPC are all related to Amazon EC2 instances, such as:
Amazon RDS
Amazon EMR
Amazon Redshift
Amazon Elasticsearch
AWS Elastic Beanstalk
etc
These resources run "on top" of Amazon EC2 and therefore connect to a VPC.
There are also other services that use a VPC, but you would only use them if you are using some of the above services, such as:
Elastic Load Balancer
NAT Gateway
So, if you wish to run "completely non-vpc", then avoid services that are "deployed". It means you would use AWS Lambda for compute, probably DynamoDB for database, Amazon S3 for object storage, etc. This is otherwise referred to as going "serverless".
I am using a Lambda function which uses boto library to perform actions over EMR such as describe-cluster. I would like to know which ports are being used to restrict outbound Lambda security group for this communication. I do not find this information in AWS documentation.
All AWS endpoints are HTTPS.
See AWS Regions and Endpoints - Amazon EMR
I wanted to migrate my EC2 instance which is in a VPC to a classic EC2 instance.
Is this possible?
What are the steps I need to follow?
Per the Amazon Documentation
If your account supports EC2 Classic you can make an AMI of the existing instance, and launch that AMI into EC2 Classic.
To find out whether your account supports EC2 Classic look under AWS Management Console -> EC2 Service, under Supported Platforms.