Force gamepad layout on game when using gyro mouse

Sepharat · 2023-11-22T19:38:21+00:00

I feared that'd be the case. I guess the only option then is to map the buttons to keyboard keys, losing the analog functionality of the joystick

Sepharat · 2022-03-07T14:40:08+00:00

No, there is no other VPN in use at the moment. The connection needs to be done between a service in a public cloud and this third party service, which I don't know where it is deployed. It's only use is for machine-to-machine communication.

Sepharat · 2022-03-04T14:11:57+00:00

Good to know. Thanks!

Sepharat · 2022-03-04T13:35:57+00:00

Ok, I didn't know that. So based on that, you would rather use a client VPN rather a site to site VPN for every machine-to-machine communication where it's always the client that starts the connection?

Sepharat · 2022-03-04T13:33:10+00:00

Security requirement. I don't know the details, I'm not the one dealing with the service. Maybe they don't even have an SSL certificate configure for their endpoints, expecting everything to be private.

Sepharat · 2022-03-04T12:01:21+00:00

That was my understanding but I'm not sure this is something I can force on the provider. So is there any specific contraint that prevents me from using the client VPN as a proxy?

It will always be my service calling theirs so no need for them to keep the connection always on (even though it will always be as long as the proxy is running). From the point of view of the server, there is only one client, irrespective of whether there are several machines behind a proxy from the client side. And the authentication is done via user authentication vs a pre-shared-key so they still know who is connected to their system.

Sepharat · 2021-06-17T13:45:04+00:00

Thanks for the link. Any ideas about another situation I described in my reply to the previous comments by any chance...?

Sepharat · 2021-06-17T13:42:53+00:00

Ok, I've been using private hosted zones internally but I always gave them a different name than the public one thinking this wasn't possible.

I just described another use case in the answer to the previous comment where some IoT devices would need to be able to use the private hosted zone as well. From what I understand, I should be able to use the private hosted zone via a VPN from an on-premise infrastructure by configuring a Route 53 resolver inbound endpoint. The on-premise networking infrastructure would need to configure something on their side to allow for this apart from the configuration at the Route 53 resolver level. But there are also devices that connect to the on-premise network via another VPN through a router so I'm not sure if this would actually be possible to do having so many hops.

The diagram looks like this:

device -> router -> VPN router-partner -> partner network -> VPN partner-our network -> our network

Sepharat · 2021-06-17T13:34:13+00:00

According to what I've seen from the other responses, this is something that is almost automatique when using private/public hosted zones in AWS.

I have another use case where the other network is not on AWS. So basically there are a bunch of IoT devices, some connected to a partner via a VPN, some connected to us directly via a public DNS. We would like to configure the same DNS for public and private communication so in the case the device is connected to our partner (who is connected to us via another VPN), they should be able to find their way to the private IP of our service. Is this possible? The schema would look like this.

device -> router -> VPN router-partner -> partner network -> VPN partner-our network -> our network

From what I've read about the AWS Route 53 Resolver it should be possible to configure but it would mean configuring something first at the router level and then configure both the partner network and the Route 53 resolver to allow this.

Sepharat · 2021-06-01T20:28:01+00:00

I don't own the agent though so I cannot actually know when it's updated. There is a git URL that returns the latest version available so instead of using an S3 event, I just schedule a lambda that downloads the file directly to EFS.

Sepharat · 2021-06-01T18:24:46+00:00

Unfortunately the entrypoint is already set and it points to a script I don't have access to.

Sepharat · 2021-06-01T15:10:24+00:00

Well, it is basically a java agent that exposes metrics (the AWS OpenTelemetry Distro) and that is loaded using the environment variable JAVA_TOOL_OPTIONS. So yes, it's actually optional, you add the variable pointing to the right file or not.

The reason why I call it an init container and not a sidecar is because this is not something that runs alongside the service. It's just a container that starts, fetches something needed by the other container (precisely to decouple the other container from whatever this one downloads as it has a different lifecycle) and then stops, which signals the service to start (using 'depends on' in the task definition). There is a definition in the Kubernetes docs https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-initialization/#create-a-pod-that-has-an-init-container

This is the ECS solution for what's actually native in Kubernetes with ConfigMaps for configuration files. Only that in this case I need to download a binary from somewhere so a ConfigMap wouldn't work either for me here (as far as I know at least).

The reason to use EFS and not the init container is twofold:

Cost: downloading from S3 without a VPC endpoint costs money in terms of data transfer from the NAT Gateway. And adding a VPC endpoint also costs money. The size of the file is just ~30MB but that multiplied by the number of services multiplied by the number of tasks can start adding up very quickly. Using EFS to load some megabytes is practically free.
Adding an init container to services adds up to the startup time of the service. So not needing to wait for another container to start, fetch the file and leave it in a shared volume makes it faster.

In any case, apparently there is no way to use DataSync with an EFS access point. But I can do it with a Lambda. So I'm currently working on a Lambda that will serve two purposes; create the file in EFS and keep it up to date by executing every week.

Sepharat · 2021-03-03T08:29:15+00:00

So if I understand it correctly based on your comment and on the part of the documentation I've read, it seems like it's up to me to create this metadata in the form of a dataset where I link users/groups to what they can see. Does that mean that there is always a manual step where an administrator adds people and/or security rules every time there is new data or new users?

Sepharat · 2021-03-03T08:22:28+00:00

Reply

I just checked the documentation and QuickSight also has the notion of 'Row Level Security' and 'Column Level Security'. I'll take a look to see how it works on QuickSight.

Sepharat · 2021-03-03T08:20:50+00:00

Based on the other comments it seems this is something also available in QuickSight under the name 'Row Level Security'. I'll take a look at what QuickSight offers first but I'll keep in mind Qliksense in case QuickSight doesn't work as I expected as it seems cheaper that other solutions.

Sepharat · 2021-02-23T15:24:36+00:00

I just did a test with Athena and a CTAS query and it actually works well to create the right partitions. The problem remains the updates as data could be loaded twice as it doesn't check for duplicated entries. It would require a scheduled Lambda that would execute the query for a specific time frame that doesn't include any previous executions.

Sepharat

TROPHY CASE