| 18 Mar 2025 |
 flokli | so we only have cloudtrail for the last 90 days, unclear why it was deleted/by whom | 14:26:29 |
| flokli | I mean, afaik it has only been parsing s3 access logs and put them into another parquet file, which can be redone | 14:27:10 |
| flokli | If we decide to spin it back up, we're saving 16$ per month… | 14:28:36 |
 Jonas Chevalier | 
Download image.png | 15:00:28 |
| Jonas Chevalier | it seems to be running from AWS' perspective | 15:00:40 |
| Jonas Chevalier | located in us-east-1 in account 080433136561 | 15:01:04 |
| Jonas Chevalier | * located in us-east-1 in account 080433136561 (different account) | 15:01:17 |
 hexa | huh | 15:05:15 |
 Vladimír Čunát | Redacted or Malformed Event | 15:08:38 |
| flokli | oh ok, so no idea what's been deleted in the other account then | 15:37:30 |
| flokli | is there a way get a serial console or figure out why it's not responding? | 15:37:54 |
| Jonas Chevalier | it looks like ICMP is filtered out, but SSH up to the password prompt is working for me | 17:09:14 |
 edef | yes | 17:09:25 |
| edef | because i restored the SSH inbound rules basically just now | 17:09:38 |
| edef | someone made the public-ssh group essentially completely inert | 17:11:15 |
| edef | * someone made the public-ssh security group essentially completely inert | 17:11:22 |
| edef | * something made the public-ssh security group essentially completely inert | 17:11:38 |
| Jonas Chevalier | oh alright. I also added ICMP to the SG just now. I'll let you cook :) | 17:12:55 |
| edef | i'm okay with no ICMP tbh, i assume it allows related / PMTU ICMP | 17:14:24 |
| hexa | I'm super pro ICMP | 17:16:30 |
| hexa | blocking it is not helpful and just causes confusion | 17:16:42 |
| edef | works for me, i have no strong opinion | 17:16:51 |
| Vladimír Čunát | Missing PMTU could be problematic. | 17:34:56 |
| edef | i would assume the AWS firewall is stateful enough to recognise that as related traffic, but idk | 17:35:22 |
| 19 Mar 2025 |
| hexa | Mic92: did you by any chance rollback pluto? | 13:28:13 |
| hexa | there were prometheus changes deployed that are gone now | 13:28:55 |
 Mic92 | hexa (signing key rotation when): could me. | 13:44:09 |
| Mic92 | could be | 13:44:12 |
| hexa | ok | 13:44:25 |
| Mic92 | Re-deploy right now | 13:44:40 |
