Ubuntu Instance On AWS M7i-flex — goes black — no VPC Flow Logs — hangs in stopping state
Continued issues with this particular instance (type?)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics | Code.
🔒 Related Stories: Bugs | AWS Security | Secure Code
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Yesterday I couldn’t connect to an EC2 instance I created on an AWS M7i-flex with an Ubuntu operating system.
Today I’m working away and suddenly my screen goes black. Sometimes you can click on the screen and get a login dialog box to log back in. Not this time.
I can see that the CPU Utilization was getting a bit high at the time.
I deployed this instance in a VPC with a template I commonly use to set up VPC with VPC Flow logs and the corresponding VPC Flow Log role. When I check the flow logs, none are present. Did I do something wrong? I manually add a log stream. I also added a second VPC flow log configuration to the VPC manually.
Nada.
No errors in CloudTrail indicating a permission problem with my role or any sort of access error. Hmm.
I try to stop the instance. It’s just sitting there stuck in a stopping state for a very long time.
Finally it stops.
I start the instance again.
What’s weird is that I had tried to disconnect and reconnect to the instance before I stopped it and I could not. So I stopped the instance. When I tried to reconnect to RDP after restarting, it showed I was already logged in, popping up the other window where I had been connected, with everything I add been doing on the screen. What?
But after I wrote the above paragraph and went back to the window, now it shows I have been disconnected as I would expect.
So I log back in and everything I was doing is wiped out. Great.
I have to start that over.
But what I really want to know is — where are my VPC Flow Logs? I don’t think I did anything different in that last deployment of this service. Hmm.
A bit later after creating a new VPC Flow Logs configuration I’m getting this error:
The specific log group: flowlogs does not exist in this account or region.
Wondering if this has anything to do with my SCPs. I’m using a role that is not a service linked role I guess? So it is subject to my MFA requirement perhaps. However, if that were the case I would expect some errors in the logs to indicate that problem.
As for the instance problem, upon further testing I think perhaps it was running low on Memory. I modified my processing to slow it down to try to avoid this problem going forward.
Still trying to figure out VPC Flow Logs issue.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab