I am currently using an AWS Lightsail with a Bitnami image to host a website for searching donors. I would like to enable logging of the IP addresses of users that use the website. I am not sure how to connect to existing AWS services like Cloudwatch to log these accesses, however. Is there a way to integrate the logs or will I need to manually read the server logs via ssh from the Lightsail instance itself?
I would say you would have to manually read it from application logs. This is not available via cloudwatch.
Related
I have several servers in other service providers and want to use amp and amazon managed grafana to do monitoring/alerting. But fail to find how to access amp remote write endpoint ouside aws environment. Is it impossible?
I have 7 Spring microservices with Eureka Server which I would like to deploy into AWS Elastic Beanstalk. Every time when I redeploy microservice I see that the url address is changed. Is it possible to use internal static IP for every AWS service?
I was also facing this problem with managing EB instances remotely, I have fixed this in two ways:
For myself I use eb ssh from EB CLI to remotely access instances. As the CLI gives you an option to select which instance you want to connect to if there are more than one. If your microservices are in a private subnet you need a bastion to connect to your instances remotely.
using AWS System manager / Session Manager
You can install a System manager agent on your elastic beanstalk environment using ebextensions. Using Systems managers; Session manager you can start a session towards your microservice and all your commands will be logged towards S3 (can be usefull for change management / complaincy)
As I want straight to these two options; I never fixed the issue where private IP's changed.
I have an Elastic Beanstalk instance that is running a Flask app. I want to know if there is any way through AWS to automatically block IP addresses that are doing unusual activity on my site.
This could be a range of things, for example:
Send several GET requests over and over
Trying to POST without a CSRF
And more. Any ideas? Thanks.
Generally, for that you would front your EB with application load balancer and AWS Web Application Firewall.
This setup is documented in the recent AWS blog and other sources:
How do I protect my Elastic Beanstalk environment against attacks from known unwanted hosts?
Setting up AWS Web Application Firewall (WAF) with Elastic Beanstalk
Guidelines for Implementing AWS WAF
I want to connect to a database running in different cloud provider and it is exposed publicly.
I need to connect to that database from sagemaker notebook instance.
But the public ip of the sagemaker notebook instance needs to be whitelisted on the other side.
Is it possible to attach elastic ip to sagemaker notebook instance as I don't see any option to attach eip to sagemaker notebook instance?
No, it is not possible to assign a SageMaker notebook an Elastic IP, which is a disappointment. This missing feature makes the SageMaker product a lot more difficult to use with many sources of data, limiting its utility.
Official Amazon Answer
From the AWS SageMaker product forums on Dec 12, 2019: Possible to attach Elastic IP to sagemaker notebook instance?
Question> Is it possible to attach elastic ip to sagemaker notebook instance?
Answer> We are always re-evaluating our backlog of features based on customer requests,
so we appreciate the feedback on this feature.
You might want to start a new thread or chime in on that one if you want them to add this feature.
Possible Solutions
A general strategy for using a particular IP to access a resource would be to setup a proxy machine and authorize its IP and use it as a proxy to access your service. How hard this is depends on what you are doing - for S3 it doesn't seem possible - but for web-based requests this shouldn't be too hard. For AWS services you can use a proxy.
Personally I am trying to access Algoseek's requestor-pays S3 buckets directly from SageMaker notebooks and this isn't possible. I looked at setting up a proxy but can't figure out how. Instead I will copy the S3 data each time they add a day into our own S3 bucket.
In my case, I have whitelisted the NAT Gateway's IP in the external database.
EDIT: This works only for private subnets.
We have hosted node js application in elastic beanstalk on AWS environment. We want to check the historical console log of node js. So that we are downloading the logs from Elastic beanstalk application, but it's not containing the historical console log. As we AWS environment hosting is new to us can anybody guide me how to retrieve those historical logs from aws?
When you recycle your instances all the content of the instances is deleted. For that reason you need to copy the logs out of your instance. Amazon has cloudwatch logs where you can feed all the logs from all your servers. http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html
I find a bit confusing the process to set it up with beanstalk. I wrote a post on how to do it for a php application: http://www.albertsola.pro/store-aws-beanstalk-symfony-and-apache-logs-in-cloudwatch-logs/