service.beta.kubernetes.io/aws-load-balancer-private-ipv4-addresses nlb for ingress controller on eks not creating

See also questions close to this topic

• Upload file from html when block public access is true

  I am using django-s3direct to file upload

  https://github.com/bradleyg/django-s3direct

  Using IAM role setting because I upload the file from the server on ECS container.

  Now I set the blockPublicAccess of S3 false.

  When uploading images from html, there comes error.

  https://s3.ap-northeast-1.amazonaws.com/static-resource-v/images/c64d6e593de44aa5b10dcf1766582547/_origin.jpg?uploads (403 (Forbidden)
  )
  
  initiate error: static-resource-v/line-assets/images/c64d6e593de44aa5b10dcf1766582547/_origin.jpg AWS Code: AccessDenied, Message:Access Deniedstatus:403
  

  OK, it is understandable.

  Browser try to access the for initiation.

  However there is any way to upload file from browser when blockPublicAccess is true??
• Linux on Lightsail instance is asking for a password and it's not working

  I'm trying to restart mariaDB on Ubuntu but it's not letting me.

  I enter:

  systemctl restart mariadb
  

  and get:

  ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
  
  Authentication is required to restart 'mariadb.service'.
  
  Authenticating as: Ubuntu (ubuntu)
  
  Password: 
  
  polkit-agent-helper-1: pam_authenticate failed: Authentication failure
  
  ==== AUTHENTICATION FAILED ===
  

  I have the same password for all functions so I do not understand why it is not working. What can I do?
• AWS Pinpoint sendMessages() Addresses param field error

  I'm having trouble replicating the format of the params object's Addresses format in a way where I can easily add to the object.

  If I use this as the params with destinationNumber[0] and destinationNumber[1] in the format of 1 + 9 digit number ie 13334535667 then it sends the message to both numbers no problem.

   const params = {
          ApplicationId: applicationId,
          MessageRequest: {
              Addresses: {
                  [destinationNumber[0]]: {
                      ChannelType: 'SMS'
                  },
                  [destinationNumber[1]]: {
                      ChannelType: 'SMS'
                  }
              },
              MessageConfiguration: {
                  SMSMessage: {
                      Body: message,
                      Keyword: registeredKeyword,
                      MessageType: messageType,
                      OriginationNumber: originationNumber
                  }
              }
          }
      };
  

  I'm trying to replicate this format for Addresses, but I'm getting Unexpected key '13334535667' found in params.MessageRequest.Addresses['0']. The format my console output shows for Addresses is

  [
    { '12345678910': { ChannelType: 'SMS' } },
    { '12345678911': { ChannelType: 'SMS' } }
  ]
  

  I'm using a map to call this

  function createPhoneMessagingObject(phoneNumber: string) {
      return {
          [phoneNumber]: {
              ChannelType: 'SMS'
          }
      };
  }
  

  I tried wrapping key in array like in phone object, but per the output, the brackets goes away so maybe there's an easier/more correct way of doing this. I appreciate any help!
• setting up Application load balancer with Global accelerator with Nginx target group upstream to IIS

  I have set up an application Load balancer with Global accelerator and Nginx Proxy pass to different IIS upstream based upon hostname. The website works well and can access the websites globally. some times customers had issues accessing websites with 500 error codes. we have an error logger configured with our app we can see double IP addresses in ROMOTE_ADDR for some of the request

  For requests with double ip addresses, it throws a 500 Internal server error. and other request with single IP address are good

  nginx.conf

  proxy_set_header        Host $host;
    proxy_set_header        Connection "";
    proxy_set_header        X-Real-IP $http_x_forwarded_for;
    proxy_set_header        remote_addr $http_x_forwarded_for;
    proxy_set_header        X-Forwarded-For $http_x_forwarded_for;
    proxy_hide_header        Server;
    proxy_hide_header        X-Powered-By;
    proxy_hide_header        X-AspNet-Version;
    proxy_headers_hash_bucket_size 64;
  
    real_ip_header   X-Forwarded-For;
    set_real_ip_from 10.15.0.0/16;
    real_ip_recursive on;
  
  enter code here
  

  virtual host

  proxy_pass            http://www-servers;
      proxy_read_timeout    90;
      proxy_connect_timeout 90;
      proxy_http_version    1.1;
      proxy_set_header      Host $host;
      proxy_set_header      Connection "";
      proxy_set_header      X-Real-IP $http_x_forwarded_for;
      proxy_set_header      remote_addr $http_x_forwarded_for;
      proxy_set_header      X-Forwarded-For $http_x_forwarded_for;
      proxy_hide_header      Server;
      proxy_hide_header      X-Powered-By;
      proxy_hide_header      X-AspNet-Version;
  
  
  
  
  
  double ip address   -  Double IP Address: 72.194.29.174, 104.129.198.101
  

  sometimes there are three IP addresses

  Double IP Address: 73.223.72.109, 172.18.0.3, 64.62.158.119
  

  what header we can set to get the correct IP address and prevent some connection to log double ip's
• nginx ingress on kuberentes sees node ip address instead of the public internet resource requestor

  I have a kubernetes cluster and a nginx ingress. I have deployed an ingress to route traffic from a domain example.org to a specific container. Now, I am trying to block all requests which are not coming from a whitelisted ip range. Therefore I annotated the created ingress with nginx.ingress.kubernetes.io/whitelist-source-range. However, all traffic gets blocked so I looked at the logs from nginx and I realized that actually nginx sees the internal node ip address instead of the requestors public internet address.

  2022/05/06 11:39:26 [error] 10719#10719: *44013470 access forbidden by rule, client: 172.5.5.84, server: example.org, request: "GET /.svn/wc.db HTTP/1.1", host: "example.org"
  

  I am not sure what is actually wrong. When I remove the whitelist annotation, then everything works as expected.
• NLB health check is failing when using ALB as the target group

  I am using the Network load balancer (NLB) which is using the Application load balancer (ALB) as the target group

  And when the health check performs for the ALB for its target group it is getting passed and instance is healthy.

  Application load balancer(ALB) on HTTPS:443 listener

  

  ALB target group health check passing

  But when the NLB health check is performed it is getting failed

  

  Health Check tab NLB---ALB target group

  

  Can anybody suggest anything
• AWS NLB preserve client IP and proxy protocol v2 via CDK

  I am using a NetworkLoadBalancedFargateService. The NetworkLoadBalancer created as part of the service does not have preserve_client_ip.enabled and proxy_protocol_v2.enabled set to true.

  Below is what I have tried:

  this.service = new NetworkLoadBalancedFargateService(this, serviceName, {
      // props
  }
  
  this.service.loadBalancer.setAttribute("preserve_client_ip.enabled", "true");
  this.service.loadBalancer.setAttribute("proxy_protocol_v2.enabled", "true");
  

  When I try to deploy the above, it gives me the error:

  Load balancer attribute key 'preserve_client_ip.enabled' is not recognized (Service: AmazonElasticLoadBalancing; Status Code: 400; Error Code: ValidationError; Request ID: 5a2b7202-XXXX-XXXX-XXXX-50d464b8ade2; Proxy: null)

  I know it can be done via console but was looking a way to do it in CDK. (AWS Doc)