dokucama

User Tools

Site Tools

Trace: โ€ข azure
virtualization:cloud:aws

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
virtualization:cloud:aws [2023/10/19 13:22] โ€“ jotasandokuvirtualization:cloud:aws [2025/03/25 14:58] (current) โ€“ jotasandoku
Line 22: Line 22:
 Refreshing workaround for error "...The security token included in the request is expired": **disruptive** Refreshing workaround for error "...The security token included in the request is expired": **disruptive**
   mv .aws/credentials credentials.bak2   mv .aws/credentials credentials.bak2
-  aws configure --profile jaimecli+  aws configure
   ./refresh_aws_mfa.py jaimecli   ./refresh_aws_mfa.py jaimecli
  
 SIMPLER SETUP. remove credentials when done and set them up again when start working: SIMPLER SETUP. remove credentials when done and set them up again when start working:
 +  # or just keep credentials but gran/revoke 'AdministratorAccess' policy during works : 
 +  # https://us-east-1.console.aws.amazon.com/iamv2/home?region=us-east-1#/groups/details/gr2?section=permissions
   rm /home/pi/.aws/credentials*   rm /home/pi/.aws/credentials*
   aws configure    aws configure 
-  # aws --profile jaimecli sts get-caller-identity 
   aws sts get-caller-identity   aws sts get-caller-identity
   ! when logging off   ! when logging off
Line 114: Line 115:
     * An example, rtb for a vpc endpoint: destination: pl-7ba54012(com.amazonaws.us-est-2.s3) (this represents the subnet of the service) + target: vpce-aa852c     * An example, rtb for a vpc endpoint: destination: pl-7ba54012(com.amazonaws.us-est-2.s3) (this represents the subnet of the service) + target: vpce-aa852c
       * vrf ~= multiple rts/subnets. Which is not ๐Ÿ’ฏ true because different subnets/rts can talk to each other by default       * vrf ~= multiple rts/subnets. Which is not ๐Ÿ’ฏ true because different subnets/rts can talk to each other by default
 +    * VIRTUAL PRIVATE GATEWAY [vpw]: AWS network service component that serves as the AWS-side endpoint for connecting external networks to a VPC. (can be used with dx or s2s vpn).
 +    * AWS GLOBAL ACCELERATOR: For those applications that cannot use DNS for optimally routing; Traffic hits an Anycast address and then goes through AWS internal network. AWS internal network uses public IP space. Your endpoint needs to have public IP, eg ALB or NLB; Another use case is the ''accelerated VPN'' where we use the nearest global accelerator edge-location so it traverses the internal AWS network (instead of Internet) on its route to the remote VPC.
  
  
Line 295: Line 298:
     *  Is rspan with VXLAN udp-4789 as transport. Target doesn't need to filter vxlan but we need to consider the 60B added by vxlan so we don't get over the mtu.     *  Is rspan with VXLAN udp-4789 as transport. Target doesn't need to filter vxlan but we need to consider the 60B added by vxlan so we don't get over the mtu.
     * In reality the nitro nic (hypervisor's smart nic) does acl does sg does rspan and cloudwatch metrics(review this))     * In reality the nitro nic (hypervisor's smart nic) does acl does sg does rspan and cloudwatch metrics(review this))
- 
----- 
-Aws global accelerator: 
-for those applications that cannot spell dns. \\ 
-Traffic hits an Anycast address and then goes through Aws internal network.\\  
-Aws internal network uses public space.\\ 
-Your endpoint needs to have public IP, eg alb or nlb 
  
 ---- ----
Line 363: Line 359:
 AWS autoescaling features only deal with EKS (workers) or EC2 instances. If we want to dynamically allocate other resources like, subnets, directconnects, vpc peerings ans so on, we can use: AWS autoescaling features only deal with EKS (workers) or EC2 instances. If we want to dynamically allocate other resources like, subnets, directconnects, vpc peerings ans so on, we can use:
   * [[https://networktocode.com/nautobot/nautobot-cloud/]]   * [[https://networktocode.com/nautobot/nautobot-cloud/]]
 +
 +
 +----
 +Amazon VPC Flow Logs - TODO
virtualization/cloud/aws.1697721725.txt.gz ยท Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki