Frecuentes preguntas que necesito responder a menudo sobre AWS. Post en continua actualización.

EC2 – SecurityGroup

Si tengo un security group A que contiene una regla que como source invoca un security group B, ¿cómo se comporta esto?

Cuando tu especificas un security group como fuente para una regla, el tráfico es permitido desde las elastic network interfaces (EINI) asociadas a las instancias asociadas con el security group source para el protocolo y puerto especificado. Añadir un security group como fuente no añade las reglas de ese security group.


¿cómo miro el output de un deploy reciente de ElasticBeanstalk en la EC2?

[root@ip-10-0-101-48 ~]# tail -f /var/log/cfn-init.log
 2019-08-13 15:55:54,905 [INFO] -----------------------Build complete-----------------------
 2019-08-13 15:55:57,509 [INFO] -----------------------Starting build-----------------------
 2019-08-13 15:55:57,517 [INFO] Running configSets: Infra-EmbeddedPostBuild
 2019-08-13 15:55:57,520 [INFO] Running configSet Infra-EmbeddedPostBuild
 2019-08-13 15:55:57,523 [INFO] Running config postbuild_0_rubendobwp
 2019-08-13 15:55:58,879 [INFO] Command 10-download_ssl_file_key succeeded
 2019-08-13 15:56:00,291 [INFO] Command 20-download_ssl_file_crt succeeded
 2019-08-13 15:56:01,737 [INFO] Command 30-download_ssl_file_crt-ca succeeded
 2019-08-13 15:56:01,738 [INFO] ConfigSets completed
 2019-08-13 15:56:01,739 [INFO] -----------------------Build complete-----------------------
 2019-08-13 16:04:56,233 [INFO] -----------------------Starting build-----------------------
 2019-08-13 16:04:56,241 [INFO] Running configSets: Infra-EmbeddedPreBuild
 2019-08-13 16:04:56,244 [INFO] Running configSet Infra-EmbeddedPreBuild
 2019-08-13 16:04:56,247 [INFO] Running config prebuild_0_rubendobwp
 2019-08-13 16:04:56,587 [INFO] ConfigSets completed
 2019-08-13 16:04:56,587 [INFO] -----------------------Build complete-----------------------
 2019-08-13 16:04:59,262 [INFO] -----------------------Starting build-----------------------
 2019-08-13 16:04:59,269 [INFO] Running configSets: Infra-EmbeddedPostBuild
 2019-08-13 16:04:59,272 [INFO] Running configSet Infra-EmbeddedPostBuild
 2019-08-13 16:04:59,276 [INFO] Running config postbuild_0_rubendobwp
 2019-08-13 16:05:00,680 [INFO] Command 10-download_ssl_file_key succeeded
 2019-08-13 16:05:02,155 [INFO] Command 20-download_ssl_file_crt succeeded
 2019-08-13 16:05:03,596 [INFO] Command 30-download_ssl_file_crt-ca succeeded
 2019-08-13 16:05:03,597 [INFO] ConfigSets completed
 2019-08-13 16:05:03,598 [INFO] -----------------------Build complete-----------------------


¿Cuáles son los tipos de encriptación disponibles?

There are these options available:
  • Client-side encryption, I encrypt in my laptop and then upload.
  • Server-side encryption
    • SSE-S3: AWS manages both data key and master key, cheaper than SS3-KMS. Every object is encrypted and there is an additional safeguard: Amazon encrypts the key itself with the master key and regularly rotate the master key. Amazon handles all the keys for you. You don’t worry about it.
    • SSE-KMS: AWS manages data key and you manage the master key, more expensive than SS3-S3
      • An additional level of the trail, whom, when, where uses the key
      •  An additional level of transparency, who is decrypting what and when
      • Default key or you can generate a new one
    • SSE-C: You manage both data key and master key


¿Si tengo MultiAZ y hago un upgrade del motor de MySQL tengo downtime?

One other caveat about upgrade downtime is how Multi-AZ fits into the picture. One common fallacy is that Multi-AZ configurations prevent downtime during an upgrade. We do recommend that you use Multi-AZ for high availability because it can prevent extended downtime due to hardware failure or a network outage. However, in the case of a MySQL or MariaDB engine upgrade, Multi-AZ doesn’t eliminate downtime. The slow shutdown and the physical changes made on the active server by the mysql_upgrade program require this downtime.

¿puedo hacer un downsize del tamaño de mi storage?


After an instance is created, you can’t modify the size of the instance to decrease the storage space it uses. To decrease the storage size of your RDS DB instance, create a new Amazon RDS instance that has less storage space. Then, migrate your data into the new RDS DB instance using one of the following methods:

  • Using the database engine’s native dump and restore method.
  • Using AWS Database Migration Service (AWS DMS) for minimal downtime.

Leave a Reply

Your email address will not be published. Required fields are marked *