| 18 Mar 2025 |
 hexa | wondering who would have made that chance in 2024-08/09 | 14:24:09 |
 raitobezarius | flokli: is looking with Arian if he has any access as well to figure out whether the box was terminated or just disappeared from the ACLs | 14:24:11 |
| hexa | - Archeology machine from the cache team
- [delroth] Jonas, can you look into the cost? And can we make it start
on-demand?
- [jonas] asking edef whether they can accomodate these changes]
| 14:24:20 |
| hexa | from a discussion in 2024-02 | 14:24:32 |
| raitobezarius | cc edef who might be still sleeping | 14:24:34 |
 flokli | so we only have cloudtrail for the last 90 days, unclear why it was deleted/by whom | 14:26:29 |
| flokli | I mean, afaik it has only been parsing s3 access logs and put them into another parquet file, which can be redone | 14:27:10 |
| flokli | If we decide to spin it back up, we're saving 16$ per month… | 14:28:36 |
 Jonas Chevalier | 
Download image.png | 15:00:28 |
| Jonas Chevalier | it seems to be running from AWS' perspective | 15:00:40 |
| Jonas Chevalier | located in us-east-1 in account 080433136561 | 15:01:04 |
| Jonas Chevalier | * located in us-east-1 in account 080433136561 (different account) | 15:01:17 |
| hexa | huh | 15:05:15 |
 Vladimír Čunát | Redacted or Malformed Event | 15:08:38 |
| flokli | oh ok, so no idea what's been deleted in the other account then | 15:37:30 |
| flokli | is there a way get a serial console or figure out why it's not responding? | 15:37:54 |
| Jonas Chevalier | it looks like ICMP is filtered out, but SSH up to the password prompt is working for me | 17:09:14 |
 edef | yes | 17:09:25 |
| edef | because i restored the SSH inbound rules basically just now | 17:09:38 |
| edef | someone made the public-ssh group essentially completely inert | 17:11:15 |
| edef | * someone made the public-ssh security group essentially completely inert | 17:11:22 |
| edef | * something made the public-ssh security group essentially completely inert | 17:11:38 |
| Jonas Chevalier | oh alright. I also added ICMP to the SG just now. I'll let you cook :) | 17:12:55 |
| edef | i'm okay with no ICMP tbh, i assume it allows related / PMTU ICMP | 17:14:24 |
| hexa | I'm super pro ICMP | 17:16:30 |
| hexa | blocking it is not helpful and just causes confusion | 17:16:42 |
| edef | works for me, i have no strong opinion | 17:16:51 |
| Vladimír Čunát | Missing PMTU could be problematic. | 17:34:56 |
| edef | i would assume the AWS firewall is stateful enough to recognise that as related traffic, but idk | 17:35:22 |
| 19 Mar 2025 |
| hexa | Mic92: did you by any chance rollback pluto? | 13:28:13 |
