Attach AWS IAM Role to Existing EC2

Posted: February 10, 2017 in Cloud
Tags: , , ,

It has always been one of my pet-peeves that I had to attach an IAM role to an EC2 instance just in case I’d need it in the future. The reason was you couldn’t attach one later.

Attaching a role allows API access to AWS from your instance w/o having to inject API keys, which reduces security and maintainability (you’d have to remember to change out the keys when rotating keys).

AWS has now announced that you can attach an IAM role to an exiting EC2 instance.

  1. Create an IAM role
  2. Attach the IAM role to an existing EC2 instance that was originally launched without an IAM role.
  3. Replace the attached IAM role.

https://aws.amazon.com/blogs/security/new-attach-an-aws-iam-role-to-an-existing-amazon-ec2-instance-by-using-the-aws-cli/

AWS Reduced Redundancy S3 Depreciated

Posted: February 8, 2017 in Cloud
Tags: ,

Stop using Reduced Redundancy S3 storage (RRS) on AWS now. Starting price for RRS is now $0.024 where as standard S3  starts at $0.023.

This caught me off guard today as I use RRS for backups due to what used to be an approximate 33% savings over standard S3.

For me using Glacier for backups is out of the question due to the waiting period necessary to get files.

There is also the newer “Standard – Infrequent Access” storage type for S3. This is a good option for storing perhaps a system image when doing backups, however for what I normally backup, which are small website files, this likely won’t be a good fit either. Each file has a minimum storage bill of 128KB. The math and gamble required likely won’t be worth the effort.

So for now I’ll likely be switching to all standard S3 storage for backups. I don’t use S3 for much else other than EC2 snapshots and temporary file storage for migrations.

hp27erI recently replacing my aging monitor setup at the office with a few HP 27er monitor displays. I run these on a MSI Gaming 3 motherboard running Windows 10 Pro. They look amazing, but unless they are functional they are worthless right?

I noticed what seemed to be random flickering to a black screen for a second. After a process of elimination it seemed it was a specific power brick, likely not supplying enough voltage/amps. I even got HP to send me a new power brick (that was a nightmare).

However today broke that theory. I then was able to reproduce the issue by scrolling through Facebook quickly using the scroll wheel on my mouse. I then installed the specific drivers from the HP site, which still didn’t fix the issue.

After some further research I found the issue lied in Google Chrome’s Hardware Acceleration feature. This appears to happen to a number of HP displays such as the 27xw as well.

To resolve my issue I took these steps:

  1. Open Google Chrome
  2. Click the three circle dots in the upper-right
  3. Click settings
  4. Click “Show advanced settings”
  5. Turn off System > “Use hardware acceleration when available”

Now while scrolling through Facebook quickly the issue is no longer reproducible.

Not sure if this is a Chrome issue, video card issue or monitor issue, but I wish HP would figure out a fix with Google.

We have a ColdFusion 11 server hosted on Amazon’s Web Service (AWS) Elastic Compute Cloud (EC2). We subscribe to the Adobe ColdFusion 11 license on a monthly basis using the Amazon Machine Image (AMI) Store.

We are still migrating sites to the EC2 instance and it is still in its infancy. What we noticed was that the log files were getting large quite fast with these entries:

License Error.You tried to access the Developer Edition from IP address (0.0.0.0). Already two IP addresses are accessing ColdFusion concurrently. The Developer Edition supports access by any IP address, but only two at a time, apart from the localhost. The additional IP addresses accessing ColdFusion are: 0.0.0.0,0.0.0.0 The specific sequence of files included or processed is: C:\ColdFusion11\Main\wwwroot\CFIDE\administrator\templates\secure_profile_error.cfm”

This meant that only two distinct visitors would be able to view our production sites at any given time. The license is supposed to be a Enterprise level license which can support very large traffic. But instead the license reverted to developer edition without warning.

The way I was able to resolve this issue was to send an email to CFsup@adobe.com. I included my AWS Account number. I also ran this issue by the “Adobe” CFML Slack Channel. Here was the timeline (Central Time):

8:12 PM: Posted issue on CFML Adobe Slack channel
8:21 PM: Emailed CFsup@adobe.com
11:15 PM: Anit Kumar responds to Slack from home
12:10 AM: Anit Kumar responds via email with new .jar file
12:38 AM: Server now on Enterprise license correctly

Here were the steps taken to apply patch:

  1. Navigate to the \ColdFusion11\cfusion\lib and search for “cfusion-req.jar”.
  2. Stop the ColdFusion Service.
  3. Take a backup of this original jar file and delete it. Renaming the jar file, will not help.
  4. Rename the enclosed cfusion-req.jar.123 to cfusion-req.jar and save it on the location mentioned in Step 1.
  5. Start the ColdFusion Service.
  6. Check the Edition by clicking on the System Information (“I” icon on right hand side top).

Anit said we could just apply the patch to the cfusion instance, however we ended up applying it to it and another CF instance while waiting for a response.

When we asked Anit what the issue was, this was his reply:

This was an issue with Amazon side and is very sporadic in nature. We have fixed and merged this in CF2016 AMIs on Amazon.

I see more and more ads out there that say “Your business needs a mobile app” usually indicating your company will die without one.

But lets think about this for a second. Look at the apps installed on your smartphone’s home screens right now. The list may look something like this:

  • Email
  • Social Media
  • Chat
  • Security (MFA, passwords, etc)
  • Health tracking
  • Music
  • Calendar Widget
  • Weather
  • Game
  • Map / Navigation

All of these you likely use on an hourly and daily basis. Many provide functionality that a browser is not suited for, though not all. And many provide alerts and access sensors constantly.

But, let’s say for example, yesterday you wanted to see how late your favorite restaurant was open. You may have said “Okay Google, how late is Smoking Jay’s open?” or opened a browser and searched for “Smoking Jay’s”. Where did both land you? Google’s search results that happened to be smart enough to know that answer.

Or another example, today you wanted to know where to find a DeWalt Cordless drill. So you either asked Google or Apple via voice or opened a browser to search.

In neither case did you open the app store or Google Play and search for an app that searched for power tools or restaurant times.

So if you’re running a Law Firm, do you really think anyone is going to look for your app and install it? Lets say I ran that law firm and think I want a mobile app. Now I need someone to write 3 apps for Microsoft, Android and Apple and maybe more. I would need to make it useful enough to warrant such expense. And I would need it to make sense enough for many of my clients to install.

Lets say that I make the law firm app present agendas, a calendar and and confirm receipt of documents. How would spending time developing 3 platform specific apps benefit me rather than working on just a single, responsive, secure web site? I can’t think of any reasons in this example.

So before you go app crazy, consider that it may be best to just improve your likely existing web site to be mobile and user friendly. For one thing, I guarantee you it’ll cost less, be more efficient and likely used more.

I recently bought a pair of Bose SoundLink around-ear wireless headphones II. After a number of hours troubleshooting what I call “monitor effect”. Basically I could hear my headset mic through the headphone speakers when no other sounds were playing on the computer. I would also hear the “dead air static” that you hear when you increase the gain on a microphone.

When I’m at my desk I have my headphones on much of the day. I use them for phone calls, Skype, Internet sound and some music. That monitor sound just wouldn’t do.

What we ended up finding, just by a slim recollection that the tech remembered was that the Windows 10 “Hey Cortana” feature may be causing this. Sure enough, I turned that feature off and the issue was gone. Read the rest of this entry »

If you create a snapshot of a Windows volume in AWS (Amazon Web Services) EC2 and create an AMI from that you’ll notice that the platform column says it’s “Other Linux”. You then can’t launch that AMI.

Instead of creating an AMI from a snapshot, you will need to create an image from the instances screen. Right-click instance, click “Image” then “Create Image”. This will work fine.