AWS IAM “InstanceProfiles” are the “who”

Recently, I was trying to create a launch configuration using an AWS IAM Role that I had created through CloudFormation but it was just not letting me, throwing this error:

$ aws autoscaling create-launch-configuration --launch-configuration-name serge-lc-with-instance-profile \
> --image-id ami-baba68d3 --instance-type t2.micro \
> --iam-instance-profile MyCloudWatchAgentRole

An error occurred (ValidationError) when calling the CreateLaunchConfiguration operation: Invalid IamInstanceProfile: MyCloudWatchAgentRole

After a bit of digging around the AWS Console, I realised you can only attach Roles that have an “instance profile” to EC2 instances. This was relatively straight forward to fix, but left me wondering “what’s an instance profile?” and “why do I need one?”. After a bit of searching around, I found this great example on Quora:

With the two parts of access control (authentication and authorization) the Role fills the “authz” bit and the “profile” fills the “authn” bit. I’m not sure why this matters to be honest. I don’t think any other services other than EC2 use profiles.

One guess is that without this, perhaps it’d be hard/impossible to figure out “which instance(s)” carried out a particular action, this being a problem that maybe doesn’t apply to other services? Wonder if Lambda has “profiles”?

Making PEX files (Python EXecutable)

I was in a situation where I needed to run some python on a machine which didn’t have pip installed and I needed some packages from pip for my script. Therefore I was in a situation where I had to work out how to use the pex tool and “documented” it in this repository. Most of it was based off of this tutorial, which is a really good starting point and describes what each of the pex options means.

What is PEX?

This video sums it up pretty well. The best way I can describe it, is that it’s a tool to create something like JAR files for Python.

Why shave this Yak?

My particular use case was that I had to figure out a way to copy files using the pywinrm library to a Windows host and execute a PowerShell script. My initial attempt was to try to run pex on my Macbook to generate the file, however as the PyWinRM library requires the “cryptography” package, it all went a bit south with Python trying to compile C extensions and failing due to old version of OpenSSL on my Mac.

The “fix” was to build (compile?) it in an Ubuntu container, but this presented it’s own problems in how to actually get the binary out.

How to actually do this?

  • Install pex with “pip install pex”
  • Make a directory for your script
  • In the directory make sure you have an “”, “” and your script in the directory (e.g.
  • Ensure that the setup file has the correct contents:
from distutils.core import setup
  •  Run pex to make the binary, making sure that the script name and function name match what’s in your file:
pex wingetmem pywinrm -e wingetmem:wingetmem -o wingetmem.pex
  • Now, if you’re in the same boat as me and need to extract this out of a Docker image, you’ll need to use the “docker save” command and then untar the resulting file:
docker save --output="ubuntu.tar" 0004626ad875
tar xvf ubuntu.tar
[change into each layer and untar the "layer.tar" file]
[check whether the file is in there]
I’m really not happy about that last step, because it’s a pretty bad kludge. Ideally, we’d push the binary to something like Artifactory or Nexus (artifact repositories) rather than just leaving them on “disk” but to be honest, by the time I got this working I had had enough.
The resulting “.pex” file runs fine in a Linux environment without pip, which is what we were after.


Writing Cucumber tests with Protractor

So, one of the things about ClearPoint that’s different to most other places I’ve worked is that there’s a big focus on testing. In particular the “end to end” or “black box” automated testing. Meaning at the “highest” level feasible (e.g. browser, mobile UI, desktop UI).

In fact, I’d argue that there’s such a focus on creating and maintaining automated tests that the measure of whether a project will achieve it’s goals isn’t so much down to the strength of the programmers on the team, but rather the test coders.

However, good automated testers are relatively hard to come by and there are occasions where we’ve been caught out not having anyone with that particular skillset on a project. My own philosophy regarding cross functional teams and work life in general is to assume that everyone is “smart enough” to do “my job” if they only apply themselves to the tasks of learning and practicing the same skills. The other edge of that sword is that I believe that I’m smart enough to do theirs, given enough learning and practice.

In that spirit (and due to the current lack of testing talent) I took it upon myself to learn Protractor and Cucumber in order to be useful in maintaining and writing our automated tests.

I mostly followed this guide:
which is good in getting a simple “hello world” demo of Protractor/Cucumber going, but is somewhat out of date (though this is probably the fault of the Node/Javascript community for moving so fast rather than any other reason).

What were the issues I hit? I hit these NodeJS v10 issues:

which I had to downgrade to NodeJS v8 to fix.

Also the guide was for cucumber 1.3, was using 4.x which has a different syntax
(was getting scenarios/steps being “undefined”). I figured this out after reading through the comments on the article and finding a more up to date version of the code here.

Another issues that was a bit annoying was using NPM and trying to work out where to use “local” packages vs “global”.

Overall though, I really like the BDD/Cucumber approach to writing tests as the ability to write them in “business” language and be able to generate readable reports is amazing for ensuring everyone uses the same language and knows the state of the system at any point in time.


Testing NodeJS K8s graceful shutdown

There’s an excellent article talking about how to do graceful shutdown in Kubernetes here that we used to explain to people developing services how to implement graceful shutdown, the differences between “readiness” and “liveness” probes and about signal handling and IPC.

While it’s an excellent article, to be honest, I never got around to trying it out until today.

The code is provided and I tried it out with Minikube and ab.

The results were as expected, though I did hit one issue where something would sporadically reset the TCP connection:

Benchmarking (be patient)
Completed 5000 requests
Completed 10000 requests
Completed 15000 requests
Completed 20000 requests
apr_socket_recv: Connection reset by peer (54)
Total of 20055 requests completed

I haven’t verified it, but I think this might be something to do with the Minikube networking implementation. The issue only came up when I was running the benchmark tests during the deploy.

Finished my first MOOC!

NOTE: MOOC = Massive Open Online Course

I signed up to Coursera and completed my first online course, Learning How to Learn and got my certification:

Screen Shot 2018-04-05 at 9.24.59 PM

The course is very good in the way it’s presented. The videos are easy to watch, though I had to switch to later sessions because I kept on falling behind due to not being able to find time to watch them.

The material is interesting and relevant. The way it’s presented is approachable. The tests are quite easy, but it’s clear that they’re put there after each video as a way of improving what you’ve learned (this also re-enforces one of the ideas in the course about testing being a great way to retain information/ideas).

For me, I think the parts of the course that I liked the most was learning about procrastination and “zombies” and techniques to counter act them. I really liked the bit about “focussing on the process, not the product” as a way to get started on things.