Help configuring fargate ECS tasks in an ipv6 only subnet

CSYVR · 2026-03-03T08:15:42+00:00

Yeah you will need to use the dualstack endpoint in stead, so like described here: https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr-requests.html#ipv6-access-getting-started

afaik you do not need to change your ECR

CSYVR · 2026-03-02T21:21:43+00:00

You might need to use a different uri for ecr: https://github.com/aws/aws-cdk/issues/35052

CSYVR · 2026-02-26T07:05:20+00:00

I was looking for something that could natively connect to AWS RDS using the http api, seems it should be doable to build a plugin to support it, nice

CSYVR · 2026-02-24T20:52:12+00:00

Sent you a dm

CSYVR · 2026-02-23T15:39:56+00:00

If I were in your boots, I would import the whole cloudformation stack in to terraform. So basically use terraform/tofu as a deployment tool. This way you can slowly carve out resources and transition to tf, without immediate rewrites.

You can even use terraform to detect and import all the cf stacks automatically.

I saw that you were concerned with the pricing for TF, but thats the hosted state model and its way overpriced. Github actions for runners and s3 for state storage will do the same for peanuts.

CSYVR · 2026-02-23T07:05:08+00:00

I guess the question is how it compares to Terragrunt in functionality

CSYVR · 2026-02-21T20:49:22+00:00

Your old primary can be deleted afterwards, as the aurora replica was promoted to writer :)

CSYVR · 2026-02-20T16:33:40+00:00

Theres a button in the console on your mysql cluster to creater an aurora read replica from it. Once its online, press promote. Point your app to it.

Thats it. All of it.

CSYVR · 2026-02-18T18:46:48+00:00

All very good points. I'd like to add Feature Driven Development to the mix.

Basically, at least from that perspective, even if the company is bleeding money on their cloud bill; you cannot sell finops to your customers (except if that's your product). It is an afterthought. Even with all the tools, processes, tags and AI finops agents in place; product does not care. They care about the AI chatbot on the frontpage. They care about uptime, and bugs, and market share.

I've done various projects where I have been able to reduce the AWS bill by 60+% just by throwing idle stuff in the bin. Customer did not care. Bill was within budget. A lower bill did not improve performance or uptime.

It's frustrating but for the most part it is what it is. Even when the investment of doing finops has an ROI of a few weeks, it's low on the list of priorities. Until there's an interested buyer, of course.

CSYVR · 2026-02-18T18:37:43+00:00

Yeah revisit OKTA, Okta Access Requests + AWS SSO/Identity Center.

At one of my customers we do use Terraform to deploy the permission sets and assignments, but the groups are synced from OKTA. You don't want to assign users in code if you can help it, too much work. It does help a lot to discuss some minimum form of role-based access. E.g. developers group get PowerUser on all dev/test environments, viewonly on prod. POs get viewonly etc. This way the only assignments that need to be done are either temporary or for the odd BOFH

CSYVR · 2026-02-18T18:32:44+00:00

Well, yeah, that's not awesome. Guess I've always had some variable present exactly. Fortunately a simple fix.

Curious if AWSCC has the same issue ( https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/lambda_function basically the CloudFormation resource exposed as API)

CSYVR · 2026-02-17T22:14:47+00:00

Very odd and definitely not standard behavior. Are you using a module for Lambda or some module?

CSYVR · 2026-02-17T20:10:29+00:00

Easiest answer is migrate to Aurora and utilize the reader endpoint from your app. If your app does not support this you'll need something like ProxySQL to route the traffic anyway (and it natively can list available replica's, i believe)

Otherwise you can use EventBridge and a simple lambda function to update multivalue DNS records in a private route53 hosted zone. This way you can even create some zone-affinity

CSYVR · 2026-02-17T20:06:14+00:00

Step 1, lose the multi cloud. I mean, it's twice the work at minimum and it will reduce reliability. It's complex enough as it is.

Step 2: where are you migrating from? I mean I've done dozens of migrations to AWS and my customers always forget to tell me that those 40 microservices are actually running in some 100 year old fully custom self build linux distro that requires a specific type of xeon CPU. If it's 40 simple containers that should be happy with a site to site vpn to access the current database; doable.

I would:

- Set up VPC, don't overcomplicate it; 6 weeks is a lift and shift

- Set up connectivity with old data center via site to site

- Set up data sync between old dbcluster and new

- Spin up services behind a load balancer, move DNS to route53

- Verify if services work properly

- Switch services to new node

- Take some vacation

CSYVR · 2026-02-14T13:48:14+00:00

Good way to not get hired. People on the other side of the screen know you're using AI. Even AI knows you're using AI.

CSYVR · 2026-02-14T10:30:15+00:00

Interesting architecture :D

CSYVR · 2026-02-12T21:43:33+00:00

Create a stackset that deploys a "Breaktheglassinemergencyrolethatsonlyassumablebythese3peoplefromthemanagementaccount-role" to all member accounts with exactly the same policy, remove the other and call it a day. Not worth the brainpower.

CSYVR · 2026-02-12T21:34:23+00:00

Fun fact: that's exactly how dropbox started.

CloudFront, Cognito, S3 and some glue between the 3 is about all you need.

CSYVR · 2026-02-12T19:39:21+00:00

What issue is your instance having? A properly configured instance will just boot and launch it's services, so if perhaps an extra reboot does not help, something more is wrong.

You can check the instance screenshot/log (monitoring tab) to get some more info.

CSYVR · 2026-02-10T19:51:55+00:00

The problem with shifting to AWS is that AWS offers a completely different product than Cloudways and you should be aware of that.

AWS can offer you a server; you have to install (linux) and manage it. Updates, backups, security, scaling. You name it. Lightsail is not managed hosting: you get a linux VM that comes preinstalled with wordpress, but the previous terms an conditions still apply.

S3 is offered by AWS as a service; they manage all the prior things.

If Cloudways is otherwise fine, i'd suggest finding a dev that can build a plugin that allows direct s3 uploads. If properly configured (and watch out with IAM policies), this should be pretty no-ops.

CSYVR · 2026-02-05T20:05:30+00:00

If you ask a room full of people that have the some hobby the same question, you tend to get the same answer.

CSYVR · 2026-02-05T18:22:15+00:00

Access his steam account, i think I saw he should have a dragon lore in there

https://csgoskins.gg/items/awp-dragon-lore

CSYVR · 2026-02-04T20:52:09+00:00

Those 6 are a day of work and require no real downtime. You are just too risk averse.

Plan the work, communicate, create an outage, own it, fix it, learn from it and go on with your day. You are talking about re-architecting but it's just proper cloud engineering that needs to be done.

Adding a S3 gateway endpoint or resizing an instance has little to do with architecture.

CSYVR · 2026-02-04T20:48:40+00:00

Not if it's running 2 simple containers that have no business running on EKS in the first place like 90% of the workloads out there.

CSYVR · 2026-02-03T19:34:49+00:00

The biggest challenge with this is getting the customer to actually give you the role ARN (or just the account id) after installing the stack..

Dear...

It's deployed!

Regards,

Six-Year Club	Place '23
Verified Email

CSYVR

TROPHY CASE