I am passionate about technological details and how things work under the hood. Recently I didn’t get confirmative answers from AWS. I spent a half day to re-read the famous paper. and the new one Amazon DynamoDB: A Scalable, Predictably Performant, and Fully Managed NoSQL Database Service. I think the following several concepts can be helpful to under its predictable performance. Consistent Hashing and zero hop DHT Storage node and 10G partition Typical flow of putItem I also put all of the three pictures into a slides and put refereneres at the last slides.

I always thought SaaS are based shardig, load balance and multiple-tenant. In the past several days, I re-read Dynamo and DynamoDB papers to figure out some key info to share with my colleages to find a common ground about DynamoDB. One thing is mentioned many times in DynamoDB is token-bucket. Suddenly a thought popped out my mind when I walked back after lunch with my colleague that token-bucket algorithm should be a component of SaaS and multiple-tenant.

Best practice or "aws configure" will put ~/.aws/config and ~/.aws/credentials in the 600 mode. however if you follow Developing using a Docker image, you will get several errors e.g. cant' find region, reach endpoints, or no access to resources. I run docker command as a normal user, docker daemon run as root user. The below scripts will run a docker image which default user is glue_user (10000). the mounted volume ~/.

Microsoft FHIR Server serialize searchindices this way in cosmosdb. How to model it in AWS DynamoDB? { "id": "9240cda7-bbb7-4ad4-aa9f-971750a3dc71", "searchIndices": [ { "p": "_id", "c": "9240cda7-bbb7-4ad4-aa9f-971750a3dc71" }, { "p": "_lastUpdated", "st": "2018-08-22T23:37:56.1289012+00:00", "et": "2018-08-22T23:37:56.1289012+00:00" }, { "p": "patient", "r": "Patient/example" }, { "p": "performer", "r": "Practitioner/example" }, { "p": "related", "r_0": "Observation/example-genetics-1", "s_1": "http://hl7.org/fhir/observation-relationshiptypes", "c_1": "derived-from" }, { "p": "related-target", "r": "Observation/example-genetics-1" }, { "p": "related-type", "s": "http://hl7.org/fhir/observation-relationshiptypes", "c": "derived-from" }, { "p": "status", "s": "http://hl7.

Usually I tell others that I have about 5 years experience of aws services. Today I want to know more about how many years experience I have. I logged in my aws account and tried to find my account creation date. There is no such information in account page. I was so eager to find the information and searched for alternative way to get that information. The easiest way is good one, however I already deleted the email.

Since my first time to configure istio with proxy protocol supports in aws, istio and envoyproxy changed a lot. In the past several days, I was exposed to a different scenario that one service to expose into multiple domains. Things are getting not straighforward, I struggled to make it success yesterday. Today another layer of complexity was added into my cluster: an extra ingressgateway for some services. For multiple ingress gateways, I followed this article, however my setup is more complex than that.

Turn off "Block public access (bucket settings)" Access control list (ACL): give Everyone (public access) object lists and bucket ACL read. Policy Policy to attach to a role, so the role can be used to upload resources and put the ACL on the uploaded objects. { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::demo" }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": "arn:aws:s3:::demo/*" }, { "Sid": "VisualEditor2", "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::demo-public" }, { "Sid": "VisualEditor3", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:PutObjectAcl" ], "Resource": "arn:aws:s3:::demo-public/*" } ] } Uploading command line bash scripts aws s3 sync --acl public-read local-dir/ s3://demo-public/test/ C# source code using (var client = new AmazonS3Client(RegionEndpoint.

When I tried to create an user for application instead of giving out the master user and its password. I got "Error Code: 1045. Access denied for user 'mysqladmin'@'%' (using password: YES)" when I run "GRANT ALL PRIVILEGES ON demodb.* TO 'appadmin'@'%';". I tried the method in How do I create another master user for my Amazon RDS DB instance that is running MySQL?, it is for creating another master user with more permissions than an app db user.

I did resize volume of kubernetes in the past, however I encountered an interesting issue when I did the resizing in different way. According to doc, I should only change the requested size in pvc. Today I changed the size of pv first, then pvc. Here was the interesting thing: all things of pv and pvc are fine, but the size of the file system in pod was not changed.

Today I needed to scale one of my kubernetes clusterss. Those keys are not in my new laptop since I used Mac Air M1. I didn’t see the increase of nodes several minutes after I run the eksctl scale command. I logged into aws console and found there were several "Failed" messages in activity history of the autoscaling group. All the failed messages shown "Launching a new EC2 instance. Status Reason: The aaaa-nodegroup-ng-1-67:8e:b8:8e:33:83:93:68 key pair does not exist.

Low resource usage Our system had low resource usage, however my several pods got stucked in ContainerCreating state. Kubernetes events show that "add cmd: failed to assign an IP address to container". "kubectl top nodes" still shows the usage of resources still low. jackl@LAPTOP-IIHUF2DR:~$ k --context jack.l@test-dev.ap-southeast-1.eksctl.io top nodes NAME CPU(cores) CPU% MEMORY(bytes) MEMORY% ip-192-168-102-109.ap-southeast-1.compute.internal 143m 7% 3217Mi 45% ip-192-168-110-171.ap-southeast-1.compute.internal 117m 6% 2892Mi 41% Migrate to calico Recreate cluster without nodegroups