Daily assign all Application Load Balancers to WAF - amazon-web-services

In my development environment, we constantly create and destroy applications for testing. I would like all Application Load Balancers (ALB) to be placed behind our single AWS Web Application Firewall (WAF) daily through a Lambda script. I want a trigger to run a script that finds all ALBs and then assigns them to the WAF. I can't seem to figure out which boto3 client I should be using to execute this in Python 3.8. Any guidance? Thanks

I suggest use cloudtrail event, using lambda look for elb creation event and connect them to waf.
And I assume you are using SAM or serverless for lambda deployment.
Some usefull link
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudtrail-logs.html
https://docs.aws.amazon.com/lambda/latest/dg/with-cloudtrail-example.html

Related

Remotely start (trigger) an EC2 amazon windows server with an URL

My server is stopped when idle (no more charge from aws), but I'm trying to figure out an easy way to send a command via the web to the AWS control to start my Windows EC2 server. I look everywhere and can't find anything easy to implement.
Based on the comments. API gateway with lambda proxy integration. The lambda will start the instance. A good tutorial on the lambda and api gateway setup is here:
Build an API Gateway API with Lambda Integration

How can I set up Web Sockets on AWS and log incoming messages to s3 (elastic beanstalk project) mysql db

I have an existing LAMP project on AWS (Elastic-beanstalk). I now what to set up web sockets on AWS too. According to AWS documentation, the way to do that is via AWS API Gateway. I don't know how this all works but there's documentation I found for setting up WebSockets.
Does the Gateway API connect to another service? If so, what service is this? What am I missing?
I mostly just want to make a Web Socket service to look incoming messages to the MySQL database on my Elastic-beanstalk project. I am totally confused about how to do this. Can anyone advise me about what steps I need to take?
Just because api gateway supports web sockets, doesn't mean you need to use it. ALBs do as well and are a more exact fit for elastic beanstalk.
Does an Application Load Balancer support WebSockets?
AWS doesn't support PHP (Ratchet) Web Sockets

Service discovery on aws ECS with Application Load Balancer

I would like to ask you if you have an microservice architecture (based on Spring Boot) involving Amazon Elastic Container Service (ECS) with Application Load Balancer(ALB), service discovery is performed automatically by the platform, or do you need a special mechanism (such as Eureka or Consul)?
From the documentation (ECS and ALB) is not clear you have this feature provided.
I have talked this with the Amazon support team and they respond the following:
"...using Service Discovery on AWS ECS[..] just with ALBs.
So, there could be three options here:
1) Using ALB/ELB as service endpoints (Target groups for ALBs, separate ELBs if using ELBs)
2) Using Route53 and DNS for Service Discovery
3) Using a 3rd Party product like Consul.io in combination with Nginx.
Let me speak about each of these options.
Using ALBs/ELBs
For this option the idea is to use the ELBs or ALB Target groups in front of each service.
We define an Amazon CloudWatch Events filter which listens to all ECS service creation messages from AWS CloudTrail and triggers an Amazon Lambda function.
This function identifies which Elastic Load Balancing load balancer (or an ALB Target group) is used by the new service and inserts a DNS resource record (CNAME) pointing to it, using Amazon Route 53.
The Lambda function also handles service deletion to make sure that the DNS records reflect the current state of applications running in your cluster.
The down side here is that it can incur higher costs if you are using ELBs - as you need an ELB for each service. And it might not be the simplest solution out there.
If you wish to read more on this you can do so here[1]
Using Route53
This approach involves the use of Route53 and running a simple agent[2] on your ECS container instances.
As your containers stop/start the agent will update the Route53 DNS records. It creates a SRV record. Likewise it will delete said records once the container is stopped.
Another part of this method is a Lambda function that performs health checks on ECS container instances - and removes them from R53 in case of a failure.
You can read up more on this method, on our blog post here[3].
Using a 3rd Party tool like Consul.io Using tools like Consul.io on ECS, will work - but is not supported by AWS. So you are free to use it, but we - unfortunately - do not offer support for it.
So, in conclusion - there are a few ways of implementing service discovery on AWS ECS - the two ways I showed here that use AWS resources, and of course the way of using 3rd party applications.
"
you dont have an out-of-the-box solution in AWS, although it is possible with some effort as described in https://aws.amazon.com/es/blogs/compute/service-discovery-an-amazon-ecs-reference-architecture/
You may also install Zuul + Ribbon + Eureka or Nginx + Consul and use ALB to distribute traffic among Zuul or Nginx

AWS, ELB, EC2 - How to enable detailed request logging for EC2 instances using ELB

ASP.NET MVC and WebApi application being deployed using the Visual Studio deployment tools via the AWS SDK.
I want to enable detailed request logging on IIS on all instances when deployed under ELB.
I think this is in the file "systeminfo.xml" and in this node.
However, I don't know where this file live, nor how to impact change on it when deploying.
Is there a setting somewhere in the AWS console that will make this change and new deployments will honor it?
Thank you in advance for any assistance.
From the AWS Console, you can only control logging for ELB. You can
enable detailed ELB logging and configure an S3 bucket for what goes
in and goes out.
Any logging within an EC2 instance must be configured from within
the instance. I know little about IIS and cannot comment on it's
configuration. But based on your question, you need to find where
the systeminfo.xml resides in the IIS installation, configure it to
enable logging.
You can further enhance your implementation by deploying an AWS
CloudWatch Logs agent to publish your logs to AWS Cloud Watch.

AWS get ELB Name

I created one ELB and attached a few instances to this ELB. So when I login into one of these instance, I would like to type a command or run a nodejs script that can return me the its ELB name, is it possible? I know I can look up on AWS console but I'm looking for a way to look it up programmatically. If possible, I would like to see how it is done in AWS Nodejs SDK
You do not run nodejs on an elb instance. elb is proxy to load balance client requests to your app server where you run nodejs.
You could use the aws command line tools (http://aws.amazon.com/cli/):
aws elb describe-load-balancers
Parse the JSON output for the instance ID (which you can get using this answer: Find out the instance id from within an ec2 machine) and look for whatever ELB it's attached too.