I want to terminate my AWS Elastic Beanstalk environment, but I would like to keep a snapshot of the RDS database instance associated with the environment.
I have successfully created a snapshot of the concerned RDS database, but when I go to terminate the Elastic Beanstalk environment, it says that doing so will:
Terminate database-in-question with snapshot.
Does this mean that the snapshot I created will be deleted as well as the database instance? If so, how can I avoid the snapshot being deleted?
Elastic Beanstalk uses CloudFormation in the background to provision your environment. CloudFormation works so that it has a stack that contains all the resources that it has created, and once you delete your Beanstalk environment, said stack is removed. Thus, it will remove all the resources which are part of your stack. You can go to CloudFormation in console, and check it out.
If you created a DB Snapshot manually, it will be outside of the CloudFormation stack, and thus it won't be removed.
However, as part of Beanstalk environment setup, there will be some automated backups of your DB. These are removed, when you terminate your environment.
Here's my test environment stack:
$ aws cloudformation describe-stack-resources --stack-name awseb-e-jjqgv3nwgp-stack --profile=personal
{
"StackResources": [
[...],
{
"StackName": "awseb-e-jjqgv3nwgp-stack",
"StackId": "arn:aws:cloudformation:eu-central-1:[my_account]:stack/awseb-e-jjqgv3nwgp-stack/f21c2e00-ea6d-11eb-9f61-02ad9e7e97f6",
"LogicalResourceId": "AWSEBRDSDBSecurityGroup",
"PhysicalResourceId": "awseb-e-jjqgv3nwgp-stack-AWSEBRDSDBSecurityGroup-1SDABJ60VF7G8",
"ResourceType": "AWS::EC2::SecurityGroup",
"Timestamp": "2021-07-21T21:52:52.931000+00:00",
"ResourceStatus": "CREATE_COMPLETE",
"DriftInformation": {
"StackResourceDriftStatus": "NOT_CHECKED"
}
},
{
"StackName": "awseb-e-jjqgv3nwgp-stack",
"StackId": "arn:aws:cloudformation:eu-central-1:[my_account]:stack/awseb-e-jjqgv3nwgp-stack/f21c2e00-ea6d-11eb-9f61-02ad9e7e97f6",
"LogicalResourceId": "AWSEBRDSDatabase",
"PhysicalResourceId": "aa1v9kyuepq8x1c",
"ResourceType": "AWS::RDS::DBInstance",
"Timestamp": "2021-07-21T21:59:24.817000+00:00",
"ResourceStatus": "CREATE_COMPLETE",
"DriftInformation": {
"StackResourceDriftStatus": "NOT_CHECKED"
}
},
[...]
]
}
Here are my RDS snapshots:
$ aws rds describe-db-snapshots --profile=personal
{
"DBSnapshots": [
{
"DBSnapshotIdentifier": "foobar-snapshot-test",
"DBInstanceIdentifier": "aa1v9kyuepq8x1c",
"SnapshotCreateTime": "2021-07-21T22:09:03.752000+00:00",
"Engine": "mysql",
"AllocatedStorage": 5,
"Status": "available",
"Port": 3306,
"AvailabilityZone": "eu-central-1a",
"VpcId": "vpc-128d5178",
"InstanceCreateTime": "2021-07-21T21:56:51.205000+00:00",
"MasterUsername": "foo",
"EngineVersion": "8.0.23",
"LicenseModel": "general-public-license",
"SnapshotType": "manual",
"OptionGroupName": "default:mysql-8-0",
"PercentProgress": 100,
"StorageType": "standard",
"Encrypted": false,
"DBSnapshotArn": "arn:aws:rds:eu-central-1:[my_account]:snapshot:foobar-snapshot-test",
"IAMDatabaseAuthenticationEnabled": false,
"ProcessorFeatures": [],
"DbiResourceId": "db-PFQFQBRFBELDWUQTONIPRJRVCU",
"TagList": []
},
{
"DBSnapshotIdentifier": "rds:aa1v9kyuepq8x1c-2021-07-21-21-57",
"DBInstanceIdentifier": "aa1v9kyuepq8x1c",
"SnapshotCreateTime": "2021-07-21T21:57:05.277000+00:00",
"Engine": "mysql",
"AllocatedStorage": 5,
"Status": "available",
"Port": 3306,
"AvailabilityZone": "eu-central-1a",
"VpcId": "vpc-128d5178",
"InstanceCreateTime": "2021-07-21T21:56:51.205000+00:00",
"MasterUsername": "foo",
"EngineVersion": "8.0.23",
"LicenseModel": "general-public-license",
"SnapshotType": "automated",
"OptionGroupName": "default:mysql-8-0",
"PercentProgress": 100,
"StorageType": "standard",
"Encrypted": false,
"DBSnapshotArn": "arn:aws:rds:eu-central-1:[my_account]:snapshot:rds:aa1v9kyuepq8x1c-2021-07-21-21-57",
"IAMDatabaseAuthenticationEnabled": false,
"ProcessorFeatures": [],
"DbiResourceId": "db-PFQFQBRFBELDWUQTONIPRJRVCU",
"TagList": []
}
]
}
So, we have one automated snapshot, and one manual.
After deleting the application, the CloudFormation stack was removed, and what's left is the manual snapshot, but the automated one has been deleted:
$ aws rds describe-db-snapshots --profile=personal
{
"DBSnapshots": [
{
"DBSnapshotIdentifier": "foobar-snapshot-test",
"DBInstanceIdentifier": "aa1v9kyuepq8x1c",
"SnapshotCreateTime": "2021-07-21T22:09:03.752000+00:00",
"Engine": "mysql",
"AllocatedStorage": 5,
"Status": "available",
"Port": 3306,
"AvailabilityZone": "eu-central-1a",
"VpcId": "vpc-128d5178",
"InstanceCreateTime": "2021-07-21T21:56:51.205000+00:00",
"MasterUsername": "foo",
"EngineVersion": "8.0.23",
"LicenseModel": "general-public-license",
"SnapshotType": "manual",
"OptionGroupName": "default:mysql-8-0",
"PercentProgress": 100,
"StorageType": "standard",
"Encrypted": false,
"DBSnapshotArn": "arn:aws:rds:eu-central-1:[my_account]:snapshot:foobar-snapshot-test",
"IAMDatabaseAuthenticationEnabled": false,
"ProcessorFeatures": [],
"DbiResourceId": "db-PFQFQBRFBELDWUQTONIPRJRVCU",
"TagList": []
}
]
}
You can always double check your RDS snapshots to be sure you have a manual one there, before terminating anything on Beanstalk.
Related
I need an EBS Volume ARN to specify it when creating a resource set with Route 53 Recovery Application Controller. But EBS Volumes don't have this attribute.
Here's an example description of an EBS Volume:
In:
aws ec2 describe-volumes --volume-ids vol-03303bf453f8d7ee5
Out:
{
"Volumes": [
{
"Attachments": [],
"AvailabilityZone": "ap-southeast-1a",
"CreateTime": "2021-11-03T15:43:40.087000+00:00",
"Encrypted": false,
"Size": 1,
"SnapshotId": "",
"State": "available",
"VolumeId": "vol-03303bf453f8d7ee5",
"Iops": 100,
"VolumeType": "gp2",
"MultiAttachEnabled": false
}
]
}
This is the format that worked for me:
arn:[partition]:ec2:[region]:[account-id]:volume/[volume-id]
For example:
arn:aws:ec2:ap-southeast-1:123456789123:volume/vol-03303bf453f8d7ee5
I am trying to get the Availability Zone ID out of either the AWS CLI or from boto3. However, despite the documentation showing it, the command only returns the AZ, not the id for the AZ. Am I missing a step or is this just bad documentation, etc?
aws ec2 describe-subnets --region us-east-1
{
"VpcId": "vpc-054c741523f481755",
"CidrBlock": "10.150.3.32/27",
"MapPublicIpOnLaunch": false,
"State": "available",
"Ipv6CidrBlockAssociationSet": [],
"AssignIpv6AddressOnCreation": false,
"SubnetId": "subnet-0a36ed4643fb511d1",
"AvailabilityZone": "us-east-1a",
"DefaultForAz": false,
"AvailableIpAddressCount": 27,
"Tags": [
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:186940489315:stack/dantooine-a-elastic-subnets/dc3f7500-7b39-11ea-a67d-0e763951b664"
},
{
"Key": "aws:cloudformation:stack-name",
"Value": "dantooine-a-elastic-subnets"
},
{
"Key": "Name",
"Value": "dantooine-a-elastic-subnets-endpointSubnet"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "endpointSubnet"
}
]
}
The documentation shows:
{
"Subnets": [
{
"AvailabilityZone": "us-east-2c",
"AvailabilityZoneId": "use2-az3",
"AvailableIpAddressCount": 251,
"CidrBlock": "10.0.2.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-0bb1c79de3EXAMPLE",
"VpcId": "vpc-0ee975135dEXAMPLE",
"OwnerId": "111122223333",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"SubnetArn": "arn:aws:ec2:us-east-2:111122223333:subnet/subnet-0bb1c79de3EXAMPLE"
},
If you wish to view the Availability Zone IDs, use:
aws ec2 describe-availability-zones --region us-east-1
It will output:
{
"AvailabilityZones": [
{
"State": "available",
"OptInStatus": "opt-in-not-required",
"Messages": [],
"RegionName": "us-east-1",
"ZoneName": "us-east-1a",
"ZoneId": "use1-az1",
"GroupName": "us-east-1",
"NetworkBorderGroup": "us-east-1"
},
...
You can then map this information to any subnets you have created.
This works fine for me with both the awscli and boto3. For example:
import boto3
client = boto3.client('ec2')
subnets = client.describe_subnets()
for subnet in subnets['Subnets']:
print(subnet['AvailabilityZone'], subnet['AvailabilityZoneId'])
Output is:
us-east-1b use1-az2
us-east-1e use1-az3
us-east-1d use1-az6
...
I think your installation of awscli and boto3 may be out of date.
Here is an example for boto3 in Python:
import json
import boto3
def lambda_handler(event, context):
ec2 = boto3.client('ec2', region_name="us-east-1")
azs = ec2.describe_availability_zones()["AvailabilityZones"]
for az in azs:
print (az['ZoneName'], az['ZoneId'])
This is the output:
us-east-1a use1-az4
us-east-1b use1-az6
us-east-1c use1-az1
us-east-1d use1-az2
us-east-1e use1-az3
us-east-1f use1-az5
I have created a simple ShellCommandActivity which echos some text. It runs on a plain ec2 (vpc) instance. I see that the host has spinned up but it never executes the tasks and the task remains in WAITING_FOR_RUNNER status. After all the retries I get this error
Resource is stalled. Associated tasks not able to make progress.
I followed this troubleshoot-link but it didn't resolve my problem.
Here is the json description of the pipeline:
{
"objects": [
{
"resourceRole": "DataPipelineDefaultResourceRole",
"role": "DataPipelineDefaultRole",
"name": "ec2-compute",
"id": "ResourceId_viWO9",
"type": "Ec2Resource"
},
{
"failureAndRerunMode": "CASCADE",
"resourceRole": "DataPipelineDefaultResourceRole",
"role": "DataPipelineDefaultRole",
"pipelineLogUri": "s3://xyz-logs/",
"scheduleType": "ONDEMAND",
"name": "Default",
"id": "Default"
},
{
"name": "EchoActivity",
"id": "ShellCommandActivityId_kc8xz",
"runsOn": {
"ref": "ResourceId_viWO9"
},
"type": "ShellCommandActivity",
"command": "echo HelloWorld"
}
],
"parameters": []
}
What could be the problem here?
Thanks in advance.
I figured this out. The routing table in the VPC subnets was not properly configured.
To be specific, in my case the routing table didn't have 0.0.0.0/0 mapped to an internet-gateway. When I added this mapping, everything started working.
Is it possible to detect if an attached EBS volume is using GP2 (SSD) or provisioned IOPS (io2)?
Is there a simple curl command I can issue to detect what is attached to my instance? I am on the instance that I want to run this command on.
I'd also like to do it without requiring the AWS credentials
There is no curl command that will let you know what is the volume type. You will either have check that through the console. Or another way is using a AWS CLI command. Also that is not possible without using AWS Credentials .
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-describing-volumes.html
Using CLI Command.
aws ec2 describe-volumes
Sample Output
{
"Volumes": [
{
"AvailabilityZone": "us-east-1a",
"Attachments": [
{
"AttachTime": "2013-12-18T22:35:00.000Z",
"InstanceId": "i-1234567890abcdef0",
"VolumeId": "vol-049df61146c4d7901",
"State": "attached",
"DeleteOnTermination": true,
"Device": "/dev/sda1"
}
],
"VolumeType": "standard",
"VolumeId": "vol-049df61146c4d7901",
"State": "in-use",
"SnapshotId": "snap-1234567890abcdef0",
"CreateTime": "2013-12-18T22:35:00.084Z",
"Size": 8
},
{
"AvailabilityZone": "us-east-1a",
"Attachments": [],
"VolumeType": "io1",
"VolumeId": "vol-1234567890abcdef0",
"State": "available",
"Iops": 1000,
"SnapshotId": null,
"CreateTime": "2014-02-27T00:02:41.791Z",
"Size": 100
}
]
}
I want to use below template generated from Cloud-former tool in my another AWS account but it gives me error each time.
It is simple template with VPC, Subnet, Routetables and IGW.
URL: https://s3.amazonaws.com/elasticbeanstalk-us-east-1-459239532405/cloudformer.template
Error: The following resource(s) failed to create: [rtb50d7b237, subnet3237ac6a, gw1, subnet47f0bd31]. . Rollback requested by user.
What am i doing wrong?
Just be sure you're in us-east-1
Each account has it's own set of AZ. You can look for yours
aws ec2 describe-availability-zones --region us-east-1
result for me:
{
"AvailabilityZones": [
{
"State": "available",
"RegionName": "us-east-1",
"Messages": [],
"ZoneName": "us-east-1a"
},
{
"State": "available",
"RegionName": "us-east-1",
"Messages": [],
"ZoneName": "us-east-1b"
},
{
"State": "available",
"RegionName": "us-east-1",
"Messages": [],
"ZoneName": "us-east-1d"
},
{
"State": "available",
"RegionName": "us-east-1",
"Messages": [],
"ZoneName": "us-east-1e"
}
]
}
I would try to change us-east-1c subnets to another zone in my template