Skip to main content

My notes on aws


Note while I work with AWS





Cross-regions working: This is an interesting topic that I should write a separated one on this. However some brief information including:









SQS (queue-owner) subscribes to SNS (topic-owner) in another account: When it is within one account it sounds more simple, but when cross-accounts things get more complicated. And it boils down to SQS and SNS policies. It can be done in two ways: from SQS and from SNS. I experience the later case:





  • Imagine you have an existing SQS queue in one account and want to send information from different services (SNS, lambda...) to that queue. In this case you want to add a subscription from services to SQS. SQS must confirms the subscriptions before SNS can send the message.
    • SQS policy always should allow sqs:SendMessage from the subscription account.
    • In case of lambda service, lambda role needs to allow ...
    • In case of SNS service, SNS needs to create subscription. This subscription message will be sent to SQS queue for confirmation. Until SQS confirms the subscription, SNS can't send the message to the queue. This document from AWS explains it https://docs.aws.amazon.com/sns/latest/dg/sns-send-message-to-sqs-cross-account.html. The confirmation is more like click on the link in SubscribeURL of the sent message. One can do it automatically in code by getting SubscribeURL and do requests.get(SubscribeURL) --python.
      • For SNS to send msg to SQS queue (even subscription or other message), SQS queue must have permission for SNS. To do so, SQS policy needs to update with allowing principal " Service:SNS", resource SNS topic, action sns:sendmessage
      • SNS also needs to allow SQS to subscribe to it
  • The second way is in case you are the owner of SQS and want to subscribe it to SNS in another account. In this case, the initiation is from SQS queue-owner, and no-one needs to confirm subscription
    • Before SQS can subscribe, SNS topic must allow SQS subscription. SNS policy must add a statement to allow Principal SQS owner to SNS:Subscribe to SNS topic.
    • After this, SQS can add subscribe to the topic




I found this link which can also explain better the second way of doing: https://aws.amazon.com/blogs/compute/cross-account-integration-with-amazon-sns/









Network Load Balancer (NLB)





1 NLB can forward traffic to " Target Groups" - which are instances. A NLB doesn't have a security group, therefore the security to which traffic is allowed must be done on the security group (sg) of instances and Access Control Policy (ACL).





  • To allow traffic from NLB to an instance, the sg of an instance should allow NLB EIP (check Network Interfaces - search for NLB name to get its IP)
  • NLB forwards traffic from the source -> target instance, sg of the target must allow source IP as well

Labels:

Comments

Post a Comment

Popular posts from this blog

A zoo experience

 Recently, I got interested in Coral reefs after reading a report on how coral reefs affects the biodiveristy . I read that the Burgers's zoo in Arnhem   has successfully bred tropical coral reefs , so we have to visit it. We arrived a little bit late so we had only 3h before it closed (at 5pm) to explore. It was a cold winter day, yet the sun was shining, which made it nicer to see the zoo view. The penguins welcomed us right after the entrance, they look so funny and chill. And it smelled very fishy - from the fishes that they ate. As we thought we didn't have enough time, so we head straight direction of the Ocean's part. We however got attracted by another experience - the tropical forest. Entering it was warm, and i felt immediately like I'm in Vietnam. They managed to mimic the warm humid tropical climate in such a nice cold country. Now I've already think my 29e zoo ticket worth its price :). I heard a lot of births chirping with different sounds and tone...
Post a Comment
Read more

Cuộc dạo chơi cùng em mèo béo

Today is quite a sunny day.  After the recent cloudy, foggy and cold days, getting some nice sun is a treasure. After lunch, we decided to go for a walk around the house and to run some errands. I left Nam outside just at lunch time so he was still around at the front door when we got out. Should he be in our out? I'm always more cautious and want him to be inside while we are not home. But he, probably just like us, missing the sun, didn't get in the house. We said, well, let's go, he will be fine. But...Nam started following us. He's like 2 or 3 meters behind us, not so close, but not so far. He was actually running quite happily.  Nam- close to home, more confident, and at the big road more careful It's one block from my house, and Nam was still following. He's a bit careful, from time to time looked around and looked back, maybe to check where he was. He actually looked a bit like detective dog following us. I was still scared, asked J. if he could catch Nam...
Post a Comment
Read more

Norway 3: Kayaking, glacier hiking and us

It felt like a movie when I woke up in the morning and opening the cabin’s door. In front of me was a large and beautiful lake, next to it was a huge and wide mountain. Some early sunlight got through the water just created a perfect scene. We had a typical roadtrip’s breakfast with slides bread, ham & cheese on a picnic table chair on the grass in-between the cabin and lake but it felt like eating wonderful food because of the view. “Meal with a view” is a common phase we used in our trip. Just stopped by somewhere, took the sandwich out, and you’ve got an amazing view to accompany your meal. Back to our breakfast, while we were silently admiring the nature, an active lady was kayaking on the lake. The view of her, the water tail created by the kayaking and the kayaking itself made a perfect morning picture. This is the first time I stayed in a cabin so its completely a new experience. Later on the trip we stayed over 3 more cabins and they were also different. But I would describ...
Post a Comment
Read more