The latest articles on DEV Community by RunsOn (@runs-on). https://dev.to/runs-on https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Forganization%2Fprofile_image%2F8242%2Ff77ecf57-890b-4058-b3ec-6a17b01d647f.png https://dev.to/runs-on en Cyril Rohr Fri, 02 Feb 2024 09:42:02 +0000 https://dev.to/runs-on/how-to-verify-that-vpc-traffic-to-s3-is-going-through-your-s3-gateway-4ab6 https://dev.to/runs-on/how-to-verify-that-vpc-traffic-to-s3-is-going-through-your-s3-gateway-4ab6 <p>Gateway endpoints for Amazon S3 are a must-have whenever your EC2 instances send and receive traffic from S3, because they allow the traffic to stay within the AWS network, hence better security, bandwidth, throughput, and costs. They can easily be created, and added to your VPC route tables.</p> <p>But how do you verify that traffic is indeed going through the S3 gateway, and not crossing the outer internet?</p> <p>Using <code>traceroute</code>, you can probe the routes and see whether you are directly hitting the S3 servers (i.e. no intermediate gateway). In this example, the instance is running from a VPC located in <code>us-east-1</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>traceroute <span class="nt">-n</span> <span class="nt">-T</span> <span class="nt">-p</span> 443 s3.us-east-1.amazonaws.com traceroute to s3.us-east-1.amazonaws.com <span class="o">(</span>52.216.215.72<span class="o">)</span>, 30 hops max, 60 byte packets 1 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> 2 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> 3 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> 4 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> 5 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> 6 52.216.215.72 0.890 ms 0.916 ms 0.892 ms </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>traceroute <span class="nt">-n</span> <span class="nt">-T</span> <span class="nt">-p</span> 443 s3.amazonaws.com traceroute to s3.amazonaws.com <span class="o">(</span>52.217.139.232<span class="o">)</span>, 30 hops max, 60 byte packets 1 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> 2 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> 3 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> 4 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> 5 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> 6 52.217.139.232 0.268 ms 0.275 ms 0.252 ms </code></pre> </div> <p>Both outputs produce the expected result, i.e. no intermediary gateway. This is what would happen if you were accessing a bucket located in the <code>us-east-1</code> region.</p> <p>Let's see what happens if we try to access an S3 endpoint located in another zone:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>traceroute <span class="nt">-n</span> <span class="nt">-T</span> <span class="nt">-p</span> 443 s3.eu-west-1.amazonaws.com traceroute to s3.eu-west-1.amazonaws.com <span class="o">(</span>52.218.25.211<span class="o">)</span>, 30 hops max, 60 byte packets 1 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> 2 240.4.88.37 0.275 ms 240.0.52.64 0.265 ms 240.4.88.39 0.215 ms 3 240.4.88.49 0.205 ms 240.4.88.53 0.231 ms 240.4.88.51 0.206 ms 4 100.100.8.118 1.369 ms 100.100.6.96 0.648 ms 240.0.52.57 0.233 ms 5 240.0.228.5 0.326 ms <span class="k">*</span> <span class="k">*</span> 6 240.0.32.16 0.371 ms 240.0.48.30 0.362 ms <span class="k">*</span> 7 <span class="k">*</span> 240.0.228.31 0.251 ms <span class="k">*</span> 8 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> 9 <span class="k">*</span> <span class="k">*</span> 240.0.32.27 0.392 ms 10 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> 11 <span class="k">*</span> 242.0.154.49 1.321 ms <span class="k">*</span> 12 <span class="k">*</span> <span class="k">*</span> 52.93.28.131 1.491 ms 13 <span class="k">*</span> <span class="k">*</span> 100.100.6.108 1.286 ms 14 100.92.212.7 67.909 ms 52.218.25.211 67.356 ms 67.929 ms </code></pre> </div> <p>As you can see, the route is completely different, and as expected does not hit straight to the S3 endpoint.</p> <p>TL;DR: make sure your route tables are correct, and only point to S3 buckets located in the same region.</p> <ul> <li><a href="https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html">Gateway endpoints for Amazon S3</a></li> </ul> s3 aws vpc Cyril Rohr Tue, 23 Jan 2024 12:37:39 +0000 https://dev.to/runs-on/introducing-runson-10x-cheaper-github-action-runners-51dl https://dev.to/runs-on/introducing-runson-10x-cheaper-github-action-runners-51dl <p>Let's face it, sometimes you need faster execution of your GitHub Action workflows.</p> <p>I've worked for a few companies where the full test suite runtime was greater than 20min, and this is not good for developer feedback.</p> <p>The usual fix here is to deploy faster self-hosted runners, but then this means you must ensure that those runners stay online, regularly patched, and sufficiently used to justify their cost.</p> <p>Wouldn't it be nice if you could spawn self-hosted runners on demand, with a large choice of CPU/RAM configurations, and for cheap? This is what <a href="https://runs-on.com">RunsOn</a> provides, with up to 10x cheaper runners, and the widest choice of runner types on the market.</p> <p>RunsOn can be installed in your own AWS account, which means there is no middleman between your workflows and your runner. It also supports both x64 and arm64 architecture, and is a one-line change from your current workflow files.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight diff"><code><span class="gd">- runs-on: ubuntu-latest </span><span class="gi">+ runs-on: runs-on,runner=16cpu-linux,image=ubuntu22-full-x64 </span></code></pre> </div> <p>Whenever a new workflow starts, a runner is automatically provisioned, and will be terminated as soon as the workflow ends. You only pay the per-minute cost of the runner, and you can easily track your costs in your AWS Cost Explorer page.</p> <p>Some quick pricing comparison:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>runner</th> <th>cpu</th> <th>$/min (spot)</th> <th>$/min (github)</th> <th>GitHub vs RunsOn</th> </tr> </thead> <tbody> <tr> <td><code>1cpu-linux</code></td> <td>1</td> <td>0.0008</td> <td></td> <td></td> </tr> <tr> <td><code>2cpu-linux</code></td> <td>2</td> <td>0.0011</td> <td>0.008</td> <td>7x more expensive</td> </tr> <tr> <td><code>4cpu-linux</code></td> <td>4</td> <td>0.0022</td> <td>0.016</td> <td>7x more expensive</td> </tr> <tr> <td><code>8cpu-linux</code></td> <td>8</td> <td>0.0035</td> <td>0.032</td> <td>9x more expensive</td> </tr> <tr> <td><code>16cpu-linux</code></td> <td>16</td> <td>0.0068</td> <td>0.064</td> <td>9x more expensive</td> </tr> <tr> <td><code>32cpu-linux</code></td> <td>32</td> <td>0.0132</td> <td>0.128</td> <td>10x more expensive</td> </tr> <tr> <td><code>48cpu-linux</code></td> <td>48</td> <td>0.0170</td> <td></td> <td></td> </tr> <tr> <td><code>64cpu-linux</code></td> <td>64</td> <td>0.0196</td> <td></td> <td></td> </tr> </tbody> </table></div> <p>The cost is fully open, can be installed in one click thanks to a cloudformation template, and a license only costs $250 once. Find out more at <a href="https://runs-on.com">https://runs-on.com</a></p> aws githubactions cicd github