The cloudformation-aws-exasol from exasol

cloudformation-aws-exasol's Issues

Add Backup Schedule as a parameter in the CloudFormation template

Add Backup Schedule as a parameter in the CloudFormation template, just as we can assign in here https://github.com/exasol/terraform-aws-exasol/blob/main/main.tf

Requested in a support ticket: https://www.exasol.com/support/browse/SUPPORT-27062

Allow EBS encryption with custom KMS key in cloudformation templates

So far it is not possible to enable the ec2 EBS volumes encryption with a custom KMS key.

To achieve this we need an additional parameter where we hand over the custom KMS Key and put the correct policy in place for the lambda role to have all the permission to create new ec2 instances with ebs volume encrypted with this key.

Template fails with strange error if stack name is too long

In case the stack name is quite long the stack creation fails with:

INFO	Error run Instances: UnauthorizedOperation: You are not authorized to perform this operation. 
Encoded authorization failure message: 10QnXCrTA5hRImFyyLQio...

Decoded message:

{\"allowed\":false,\"explicitDeny\":false,\"matchedStatements\":{\"items\":[]},\"failures\":{\"items\":[]},\"context\":{\"principal\":{\"id\":\"AROASNN2LAKNXFGVOL57M:exasol-test-setup-abstract-CreateEC2InstanceLambda-d1kdTkFS8Jrf\",\"arn\":\"arn:aws:sts::XXXXXXXX:assumed-role/exasol-test-setup-abstrac-CreateEC2InstanceLambdaR-LGWS28ZCQCJ8/exasol-test-setup-abstract-CreateEC2InstanceLambda-d1kdTkFS8Jrf\"},\"action\":\"iam:PassRole\",\"resource\":\"arn:aws:iam::XXXXXXXX:role/exasol-test-setup-abstraction-ci-exa-EC2RoleDBNode-WGDM0C34NAZ3\",\"conditions\":{\"items\":[{\"key\":\"aws:Region\",\"values\":{\"items\":[{\"value\":\"eu-central-1\"}]}},{\"key\":\"aws:Service\",\"values\":{\"items\":[{\"value\":\"ec2\"}]}},{\"key\":\"aws:Resource\",\"values\":{\"items\":[{\"value\":\"role/exasol-test-setup-abstraction-ci-exa-EC2RoleDBNode-WGDM0C34NAZ3\"}]}},{\"key\":\"iam:RoleName\",\"values\":{\"items\":[{\"value\":\"exasol-test-setup-abstraction-ci-exa-EC2RoleDBNode-WGDM0C34NAZ3\"}]}},{\"key\":\"aws:Account\",\"values\":{\"items\":[{\"value\":\"XXXXXXXX\"}]}},{\"key\":\"aws:Type\",\"values\":{\"items\":[{\"value\":\"role\"}]}},{\"key\":\"aws:ARN\",\"values\":{\"items\":[{\"value\":\"arn:aws:iam::XXXXXXXX:role/exasol-test-setup-abstraction-ci-exa-EC2RoleDBNode-WGDM0C34NAZ3\"}]}}]}}}

The error message is distracting since it sounds like the user had insufficient privileges.
However, with a shorter stack name everything works fine.

Delay creation until Exasol is fully started

Currently, the template exits after the EC2 instances were created. At that time the Exasol database is, however not yet reachable. Instead, it takes about 20 mins until everything is running.

Acceptance Criteria

When the cloud formation template enters the "done" state, the database is reachable.
The check does not require that any ports of the database are exposed to the internet. (It also works with a security group with no ingress rules)

exasol / cloudformation-aws-exasol Goto Github PK

cloudformation-aws-exasol's People

Stargazers

Watchers

cloudformation-aws-exasol's Issues

Add Backup Schedule as a parameter in the CloudFormation template

Allow EBS encryption with custom KMS key in cloudformation templates

Template fails with strange error if stack name is too long

Delay creation until Exasol is fully started

Acceptance Criteria

Suggested Solution

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent