I needed to create a wildcard SSL cer­tifi­cate and upload it to AWS CloudFront today.

First, generate a 2048-bit private key. This will prompt you for a passphrase:

$ openssl genrsa -des3 -out example.key 2048

Check which signature algorithm was used (SHA-256 is rec­om­mend­ed):

$ openssl req -in example.csr -noout -text

Transform the private key to PEM format:

$ openssl rsa -outform PEM -in example.key -out example.pem

Generate a Cer­tifi­cate Signing Request. Note the * in the server FQDN:

$ openssl req -new -key example.key -out example.csr

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Washington
Locality Name (eg, city) []:Seattle
Organization Name (eg, company) [Internet Widgits Pty 

Many of us are guilty of saying “database” when we mean a database server or a DBMS. A database is a collection of tables storing related data, schemas, stored procs, and per­mis­sions. Most database servers are capable of managing many databases si­mul­ta­ne­ous­ly.

I needed to create a new PostgreSQL database at Amazon's RDS last week. I already had an RDS instance; I needed a new database on that instance. My Google searches turned up various recipes for creating a new RDS instance.

The following worked for me:

• SSH to an EC2 instance inside our VPC, so that I could connect to the RDS instance using psql.
• Then run:

psql --host=SOME-DBMS-HOST --dbname 

I complained yesterday about my dif­fi­cul­ties in deploying Docker containers on AWS. I have since succeeded in getting my app to deploy on Elas­ticBeanstalk, though I have not quite ironed out all the problems.

I found several problems:

• I had to revert from a Multi-Container Docker en­vi­ron­ment to a Single-Container Docker en­vi­ron­ment because ECS wasn't starting in the multi-container en­vi­ron­ment. That meant I had to revert to a v1 Dockerrun.aws.json.
• I had to ensure that the Instance Profile had the Ama­zonEC2­Con­tain­erReg­istryRead­On­ly policy attached, so that I could pull from the EC2 Container Repository.

I complained a few weeks ago about how hard it was to deploy Docker containers on AWS.

This week has been nothing but container-related frus­tra­tion. We have two apps running in Kubernetes clusters on top of AWS. This is not a well-supported scenario and we have a fragile script that spends a lot of time sitting in polling loops, waiting for various things to happen like DNS updates taking effect, the new cluster being available, and so on. One of the apps has decided to stop deploying. I do not know why.

I've been trying to get a new app deployed on ECS, the EC2 Container Service. The way to …continue.

I spent a couple of frus­trat­ing hours this evening trying to figure out an easy way to deploy a Docker container on AWS. I tried out the EC2 Container Service and got lost in a sea of Clusters, Tasks, and Services. I couldn't connect to the EC2 instance where my container supposedly lived.

I tried Elastic Beanstalk and gave up in ex­as­per­a­tion. When you create a new Docker en­vi­ron­ment, there's no way to pull an existing image from an external repo that I could see. We have some tools for deploying a Docker image to Elastic Beanstalk, but they were so cryptic that I didn't want to pursue that.

Eventually I …continue.