I needed to create a wildcard SSL certificate and upload it to AWS CloudFront today.
First, generate a 2048-bit private key. This will prompt you for a passphrase:
$ openssl genrsa -des3 -out example.key 2048
Check which signature algorithm was used (SHA-256 is recommended):
$ openssl req -in example.csr -noout -text
Transform the private key to PEM format:
$ openssl rsa -outform PEM -in example.key -out example.pem
Generate a Certificate Signing Request. Note the * in the server FQDN:
$ openssl req -new -key example.key -out example.csr
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Washington
Locality Name (eg, city) :Seattle
Organization Name (eg, company) [Internet Widgits Pty …continue.
Many of us are guilty of saying “database” when we mean a database server or a DBMS.
A database is a collection of tables storing related data,
schemas, stored procs, and permissions.
Most database servers are capable of managing many databases simultaneously.
I needed to create a new PostgreSQL database at Amazon's RDS last week.
I already had an RDS instance; I needed a new database on that instance.
My Google searches turned up various recipes for creating a new RDS instance.
The following worked for me:
SSH to an EC2 instance inside our VPC,
so that I could connect to the RDS instance using psql.
psql --host=SOME-DBMS-HOST --dbname …continue.
I complained yesterday about my difficulties in deploying Docker containers on AWS.
I have since succeeded in getting my app to deploy on ElasticBeanstalk,
though I have not quite ironed out all the problems.
I found several problems:
- I had to revert from a Multi-Container Docker environment
to a Single-Container Docker environment
because ECS wasn't starting in the multi-container environment.
That meant I had to revert to a v1 Dockerrun.aws.json.
- I had to ensure that the Instance Profile had the
AmazonEC2ContainerRegistryReadOnly policy attached,
so that I could pull from the EC2 Container Repository.
I complained a few weeks ago about how hard it was to deploy Docker containers on AWS.
This week has been nothing but container-related frustration.
We have two apps running in Kubernetes clusters on top of AWS.
This is not a well-supported scenario and we have a fragile script
that spends a lot of time sitting in polling loops,
waiting for various things to happen like DNS updates taking effect,
the new cluster being available, and so on.
One of the apps has decided to stop deploying.
I do not know why.
I've been trying to get a new app deployed on ECS, the EC2 Container Service.
The way to …continue.
I spent a couple of frustrating hours this evening
trying to figure out an easy way to deploy a Docker container on AWS.
I tried out the EC2 Container Service and got lost
in a sea of Clusters, Tasks, and Services.
I couldn't connect to the EC2 instance where my container supposedly lived.
I tried Elastic Beanstalk and gave up in exasperation.
When you create a new Docker environment,
there's no way to pull an existing image from an external repo
that I could see.
We have some tools for deploying a Docker image to Elastic Beanstalk,
but they were so cryptic that I didn't want to pursue that.
Eventually I …continue.