Frecuentes preguntas que necesito responder a menudo sobre AWS. Post en continua actualización.



¿cómo miro el output de un deploy reciente de ElasticBeanstalk en la EC2?

[root@ip-10-0-101-48 ~]# tail -f /var/log/cfn-init.log
 2019-08-13 15:55:54,905 [INFO] -----------------------Build complete-----------------------
 2019-08-13 15:55:57,509 [INFO] -----------------------Starting build-----------------------
 2019-08-13 15:55:57,517 [INFO] Running configSets: Infra-EmbeddedPostBuild
 2019-08-13 15:55:57,520 [INFO] Running configSet Infra-EmbeddedPostBuild
 2019-08-13 15:55:57,523 [INFO] Running config postbuild_0_rubendobwp
 2019-08-13 15:55:58,879 [INFO] Command 10-download_ssl_file_key succeeded
 2019-08-13 15:56:00,291 [INFO] Command 20-download_ssl_file_crt succeeded
 2019-08-13 15:56:01,737 [INFO] Command 30-download_ssl_file_crt-ca succeeded
 2019-08-13 15:56:01,738 [INFO] ConfigSets completed
 2019-08-13 15:56:01,739 [INFO] -----------------------Build complete-----------------------
 2019-08-13 16:04:56,233 [INFO] -----------------------Starting build-----------------------
 2019-08-13 16:04:56,241 [INFO] Running configSets: Infra-EmbeddedPreBuild
 2019-08-13 16:04:56,244 [INFO] Running configSet Infra-EmbeddedPreBuild
 2019-08-13 16:04:56,247 [INFO] Running config prebuild_0_rubendobwp
 2019-08-13 16:04:56,587 [INFO] ConfigSets completed
 2019-08-13 16:04:56,587 [INFO] -----------------------Build complete-----------------------
 2019-08-13 16:04:59,262 [INFO] -----------------------Starting build-----------------------
 2019-08-13 16:04:59,269 [INFO] Running configSets: Infra-EmbeddedPostBuild
 2019-08-13 16:04:59,272 [INFO] Running configSet Infra-EmbeddedPostBuild
 2019-08-13 16:04:59,276 [INFO] Running config postbuild_0_rubendobwp
 2019-08-13 16:05:00,680 [INFO] Command 10-download_ssl_file_key succeeded
 2019-08-13 16:05:02,155 [INFO] Command 20-download_ssl_file_crt succeeded
 2019-08-13 16:05:03,596 [INFO] Command 30-download_ssl_file_crt-ca succeeded
 2019-08-13 16:05:03,597 [INFO] ConfigSets completed
 2019-08-13 16:05:03,598 [INFO] -----------------------Build complete-----------------------


¿Cuáles son los tipos de encriptación disponibles?

There are these options available:
  • Client-side encryption, I encrypt in my laptop and then upload.
  • Server-side encryption
    • SSE-S3: AWS manages both data key and master key, cheaper than SS3-KMS. Every object is encrypted and there is an additional safeguard: Amazon encrypts the key itself with the master key and regularly rotate the master key. Amazon handles all the keys for you. You don’t worry about it.
    • SSE-KMS: AWS manages data key and you manage the master key, more expensive than SS3-S3
      • An additional level of the trail, whom, when, where uses the key
      •  An additional level of transparency, who is decrypting what and when
      • Default key or you can generate a new one
    • SSE-C: You manage both data key and master key



¿Si tengo MultiAZ y hago un upgrade del motor de MySQL tengo downtime?

One other caveat about upgrade downtime is how Multi-AZ fits into the picture. One common fallacy is that Multi-AZ configurations prevent downtime during an upgrade. We do recommend that you use Multi-AZ for high availability because it can prevent extended downtime due to hardware failure or a network outage. However, in the case of a MySQL or MariaDB engine upgrade, Multi-AZ doesn’t eliminate downtime. The slow shutdown and the physical changes made on the active server by the mysql_upgrade program require this downtime.







Leave a Reply

Your email address will not be published. Required fields are marked *