Changes in 8015180: Add problem I encountered with AWS and solution I found

				wiki/howto/onboarding.md
			
          @@ -247,3 +247,9 @@ Install the GWT Browser Plugin for the GWT Development mode. As of 2016-08-31 Fi

           ### Create Hudson Job

           If you want a hudson job to run when you push your branch then you can run a script in `configuration` called . Run options for a branch titled `createHudsonJobForBug.sh`. For you bug branch titled `bug<bug number>`, create a build job, which will create a release, by running the script like so: `./createHudsonJobForBug.sh <bug number>`.

           If on Windows, you may need to disable any web shields in antivirus software, to allow `curl` to function.

          +

          +###Issues when playing around with AWS

          +- The problem: **aws cli (used for aws ec2 describe-tags) hangs in eu-west-2** in all AZs on new instances I created, using a target group which permitted all outbound connections and inbound https, http and ssh connections. I tried permitting everything but that didn’t work. When I attached (at Axel’s suggestion) the Java Application with Reverse Proxy security group, it worked but — even if I duplicated this security group, and applied that copy instead — it still didn’t work.

          +Curl issue solution: it turns out that the network interface only permits certain outbound and inbounds from certain target groups. 

          +The path to the solution: On my instance in eu-west-2a, I ran aws – debug ec2 describe-tags (you may need to do aws configure). This is much akin to verbose mode of other unix commands. I noticed it hang on a request to  ec2.eu-west-2.amazonaws.com. If you do `dig -t any  ec2.eu-west-2.amazonaws.com` you see 3 ip addresses, which — as you will see later — are IPs in each of the eu-west-2 availability zones. When I ran curl -v ec2.eu-west-2.amazonaws.com (the v flag is verbose), one of the IPs from dig was used (namely the one in eu-west-2a, where the instance resides) and it hangs. I then went to endpoints for the VPC and noticed a service for the service `com.amazonaws.eu-west-2.ec2`. It had the default security group, which turned out to only allow inbound rules from the default or Java Application with Reverse Proxy target group. 

          +

...	...	@@ -247,3 +247,9 @@ Install the GWT Browser Plugin for the GWT Development mode. As of 2016-08-31 Fi
247	247	### Create Hudson Job
248	248	If you want a hudson job to run when you push your branch then you can run a script in `configuration` called . Run options for a branch titled `createHudsonJobForBug.sh`. For you bug branch titled `bug<bug number>`, create a build job, which will create a release, by running the script like so: `./createHudsonJobForBug.sh <bug number>`.
249	249	If on Windows, you may need to disable any web shields in antivirus software, to allow `curl` to function.
	250	+
	251	+###Issues when playing around with AWS
	252	+- The problem: aws cli (used for aws ec2 describe-tags) hangs in eu-west-2 in all AZs on new instances I created, using a target group which permitted all outbound connections and inbound https, http and ssh connections. I tried permitting everything but that didn’t work. When I attached (at Axel’s suggestion) the Java Application with Reverse Proxy security group, it worked but — even if I duplicated this security group, and applied that copy instead — it still didn’t work.
	253	+Curl issue solution: it turns out that the network interface only permits certain outbound and inbounds from certain target groups.
	254	+The path to the solution: On my instance in eu-west-2a, I ran aws – debug ec2 describe-tags (you may need to do aws configure). This is much akin to verbose mode of other unix commands. I noticed it hang on a request to ec2.eu-west-2.amazonaws.com. If you do `dig -t any ec2.eu-west-2.amazonaws.com` you see 3 ip addresses, which — as you will see later — are IPs in each of the eu-west-2 availability zones. When I ran curl -v ec2.eu-west-2.amazonaws.com (the v flag is verbose), one of the IPs from dig was used (namely the one in eu-west-2a, where the instance resides) and it hangs. I then went to endpoints for the VPC and noticed a service for the service `com.amazonaws.eu-west-2.ec2`. It had the default security group, which turned out to only allow inbound rules from the default or Java Application with Reverse Proxy target group.
	255	+