In the past two days, we can't create a new working MWAA environment. We started with Terraform - after apply, the environment is indicated as "Available" in the console, but when I click on the "Open UI" link, the UI never comes up. Then we manually created a couple environments, but with the same outcome. For us, MWAA as a service is practically down.
Here is what we are seeing when we click on "Open Airflow UI":
This page isn’t working
zxxcvbnm-6666-4516-935b-bb9701f525e5-vpce.c20.us-west-2.airflow.amazonaws.com
didn’t send any data.
ERR_EMPTY_RESPONSE
Any insight/tip is appreciated!
So - it turns out some subnet combinations work, some don't. I believe it's a bug in MWAA.
Another possibility that I just ran into when trying to create an MWAA environment is that the security group wasn't allowing HTTPS connections.
To adjust that:
Click into your environment to view the configuration and scroll down to the "Networking" section.
Click into "VPC security group(s)"
Click on the "Inbound Rules" tab
Click on the "Edit Inbound Rules" button
Click on the "Add Rule" button
In the "Type" dropdown, select "HTTPS"
Under the "Source" dropdown you will probably want "Custom" along with your desired CIDR block.
Click on "Save Rules", and your new rules should be applied.
Related
I'm hoping I can get some help with this deployment issue that I'm facing:
I have created an RDS instance and can see it is "Available" by looking at the dashboard. I then use the Elastic Beanstalk CLI to deploy my application and the deployment is successful.
However, when I access the endpoint I am getting a 502 Bad Gateway from nginx. After checking the logs I can see the following error from my Node.js app:
Error: connect ETIMEDOUT x.x.x.x:5432 (ip ommitted)
As per the AWS documentation on this I have tried to assign the auto generated security group from my Elastic Beanstalk instance to my RDS instance, but I am still getting the same error.
Is there something I have misunderstood in the documentation here? I would be very grateful if anyone can point me in the right direction here.
Thank you in advance.
Managed to figure this out after a lot of trial and error. Turns out that it wasn't too tricky.
Go to your EB environment -> Configuration
Click "Edit" next to "Instances"
Note down the security group ID that is selected at the bottom
Create a new security group e.g. "my-eb-instance-rds-access"
Under "Inbound rules" select "Add rule". Choose whichever DB service you are using and it should automatically fill the port. Set source to "Custom" and then click in the search box. Select the security group that your EB instance has that you noted down earlier.
Click "Create security group"
Find your RDS instance and click "Modify"
Scroll down and find "Connectivity". Then select the security group that you just created from the drop down box.
Scroll all the way to the bottom and hit continue. Here I found there to be two options: one that updates the changes immediately and the other that waits for regular scheduled maintenance. I'm no expert but I selected the "immediately" option since the database is not being used in production yet so some downtime was not a problem.
Your EB instance should now be able to connect! This worked for me even after re-deploying.
Disclaimer: I am by no means an expert. This was done purely by trial and error. If anyone has any tips or improvements I'd be happy to hear them and edit the answer.
I got this kind of error when I tried to restore from s3 bucket
--error message
Msg 50000, Level 16, State 0, Procedure msdb.dbo.rds_restore_database,
Line 49 [Batch Start Line 0]
Database backup/restore option is not
enabled yet or is in the process of being enabled. Please try again
later. USAGE: EXECUTE msdb.dbo.rds_restore_database #restore_db_name,
#S3_arn_to_restore_from, [#KMS_master_key_arn] #restore_db_name : Name
of the database being restored. #S3_arn_to_restore_from : S3 ARN of
the backup file used to restore database from. #KMS_master_key_arn :
KMS customer master key ARN to decrypt the backup file with.
--executed code
exec msdb.dbo.rds_restore_database
#restore_db_name='C2',
#s3_arn_to_restore_from='arn:aws:s3:::slkk/31_May_2019_C2.bak';
I am using aws free account. How do I enable backup restore?
Go to IAM and crete new Role with Permissions as follow:
AWSBackupServiceRolePolicyForRestores
AWSBackupServiceRolePolicyForBackup
Go to RDS > Option groups
Create group (Name: SqlServerBackupRestore, Description: xxx, Engine: Select your DB engine, Major Engine Version: Select version of your DB instance.
Click Create
Once group is created, click the name of created group to Edit.
Click Add option
Select option: SQLSERVER_BACKUP_RESTORE
Select IAM role you created in previous steps
Select Immediately to schedule instant change
Back to RDS > Databases and select your instance
Click Modify
Select Option group you created in previous step
Click Next
Select Apply immediately (it should not cause service downtime)
Apply changes by clicking Modify DB instance
If you have connection to DB from SQL Management Studio please close and connect again.
I know this is old, but I ran into the same error and was able to resolve it so I thought I'd share since this was unanswered.
First, this article details what you need, so make sure you follow these steps:
https://aws.amazon.com/premiumsupport/knowledge-center/native-backup-rds-sql-server/
I had setup the Options Group and everything initially. The steps I missed were these two:
Associate the option group with the DB instance by choosing Databases in the navigation pane, and then choose the instance to back up. Choose Actions, and then choose Modify.
Under Database Options, choose the option group that you created, and then choose Apply Immediately and Continue. Review the information, and then choose Modify DB Instance. This option group modification has no downtime because instance reboot is not required.
In other words, you have to modify the actual database instance with the new Option Group that was setup in those steps. Then once you login to your instance via SSMS, you can execute the restore by executing (taken from the article):
exec msdb.dbo.rds_restore_database
#restore_db_name='database_name',
#s3_arn_to_restore_from='arn:aws:s3:::bucket_name/file_name_and_extension';
For some reason choosing 'SQLSERVER_AUDIT' in the option group solved it for me, as opposed to the seemingly logical 'SQLSERVER_BACKUP_RESTORE'
For creating the IAM role first and then adding that to options not working for some reason, I tried with admin policy in that role also doesn't work for me.
rather than creating the IAM role ourselves first, In the RDS Add Option for choosing the role, there is an option to creating a new role use this option and select the s3 bucket name this will create the correct policy and IAM role for us, It works perfectly also helped this youtube video https://www.youtube.com/watch?v=tbJvyQEjZ8k.
Folowed few tutorials:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/SQLServer.Procedural.Importing.html
https://aws.amazon.com/premiumsupport/knowledge-center/native-backup-rds-sql-server/
Here is what solved my case:
I added below to my IAM role created while instance was built:
Also setting new password for Master username seems to have did the trick as after that msdb.dbo.rds_restore_database started to work.
I have an Alibaba Cloud ECS and want to migrate across my Dedicated Host (DDH).
How can I do the same and Is there any limitation on the ECS.
I appreciate any assistance with this.
I think this documentation clarify how to do it enter link description here
Log on to the ECS console.
In the left-side navigation pane, click Instances.
Select a region.
Optional. In the upper-right corner of the instance list, click the Set Display Items icon, and on the dialog box, click Dedicated Host,and then click OK.
You can view the Dedicated Host column in the table, which helps you locate the DDH that an ECS instance is hosted on.
Find an ECS instance, and in the Actions column, select More >Instance Status > Stop to stop the instance.
When the instance is in the Stopped status, in the Actions column, select More > Instance Settings > Modify DDH Deployment.
On the dialog box, select a DDH and click OK.
Procedure to migrate ECS Instance across Dedicated Host is as follows:
Log on to the ECS console.
Navigate to Instances List
Select the region
Click Settings Icon and enable dedicated host column view, Locate DDH where the ECS is Hosted On
Stop the instance
Click Actions--> More --> Instance Settings --> Modify DDH Deployment, dialog box will appear, select the DDH and then click Ok.
Note: Refresh the instance list until the Dedicated Host information is updated. The instance starts automatically.
I am running a ubuntu 18.04 VM on google cloud platform. I have had it working but now when I try to connect I get this error:
I am unsure what to do about this problem.
You need to add a firewall rule that allows tcp:22
Since you already tried using gcloud, double checked firewall rule and I suspect you did not change anything in the VM configuration, the easiest approach that you can do now is create a snapshot and move it to a new VM instance:
Go to Compute Engine section.
Then select “Snapshots” in the left menu.
Click “Create Snapshot”.
In “source disk” select your current VM instance, Encryption: automatic and provide the required information in the other fields.
Click “Create”.
After the snapshot is created you can go and use it to create a new VM. In the “Create instance” section do the following:
In “Boot Disk” click the “Change” button.
Click the “Snapshots” tab (upper right).
Select the previously created snapshot.
Click “select” and then “Create”.
You should be able to SSH into the new instance.
On one of the last steps here on the Beanstalk TVM tutorial for mobile...
http://aws.amazon.com/code/7351543942956566
It goes through how to setup Access/Private keys at the end. However, there is no 'Edit Configuration' in the UI, only Save & Load options, and the load option doesn't have any fields for Access/Private keys. How do I set up those for a Beanstalk based TVM?
Would indeed be nice if that tutorial could be updated for the new Elastic Beanstalk UI - you can edit the configuration after clicking the cog icon in the top right of the Software Configuration tile in section Web Tier of tab Configuration within the dashboard (I currently seem to be unable to drag and drop a screenshot, sorry).
There you'll find section Environment Properties which lists all property names including AWS_ACCESS_KEY_ID and AWS_SECRET_KEY.