Figure Out which EC2 Instance failed ELB Health Check on AWS

I have been using AWS for years and finally got around to wanting the ability to figure out exactly which EC2 instance failed the health check when the Alarm I had setup on the Load Balancer went off. The interwebs were lacking in a clear and easy to follow example on how to make this happen so I thought I might take a few minutes to explain how to set this up.

My preferred setup is to get emailed with the information about which instance(s) were unhealthy right away so I can troubleshoot the issue as soon as possible.  Kudos to this StackOverflow article for pointing me in the right direction.

Step 1: Create a new Topic to get triggered Alarm on your Load Balancer that triggers off Health Checks

Go to the monitoring tab on the ELB that you want to troubleshoot. There’s an option to “Create Alarm” on the right hand side. Select that, create a topic if you don’t have one already that gets notified anytime the Unhealth Hosts threshold is greater than zero.

ELB create Alarm and Topic


Step 2: Create a IAM role with the Permissions

The lamda function is going to need permissions to read the state of the ELB instances and send an email using SES. The only part of this which is a little bit tricky is that adding the second type of permissions requires finding the additional link.

Step 3: Create the Lambda

Step 4: Add the Code & Test

import boto3
import json
import datetime
from time import mktime
class MyEncoder(json.JSONEncoder):
def default(self, obj):
if isinstance(obj, datetime.datetime):
return int(mktime(obj.timetuple()))
return json.JSONEncoder.default(self, obj)
def lambda_handler(event, context):
elb = boto3.client('elb')
client = boto3.client('ses')
response = elb.describe_instance_health(LoadBalancerName='')
client.send_email( Source='fromemail',
Destination={'ToAddresses': [ 'samplemeail', ] },
Message={ 'Subject': {
'Data': 'AWS Notify MeEvent'},
'Body': { 'Text': { 'Data': json.dumps(response, cls = MyEncoder)}}} )
return json.dumps(response, cls = MyEncoder)

Debugging Dependencies of Django Project in Eclipse

This is another one of those posts to help myself in the future.  I’ve got some legacy python projects whose directions only get you a django app running in a virtualenv within eclipse but the dependencies themselves are not debuggable.

It was straightforward once I found the right advice.

If you’re like me and have a build that creates a virtualenv with everything installed already by pip and a requirements.txt file.  Here’s how to get the environment and eclipse changed so that you can debug any dependency.

#Step 1.  Remove the dependencies files from the virtualenv

This works for mac and uninstalls files that might have spaces in them too

python install --record files.txt
# inspect files.txt to make sure it looks ok. Then:
tr '\n' '\0' < files.txt | xargs -0 sudo rm -f --

I figured that out after a few different attempts and the best way to do it came from StackOverflow here:


#Step 2. Add the source folder as an external build dependency on the Python Interpreter Path

Add source folder to eclipse for debugging dependency






Credit for this step goes to a small sentence buried here:


That’s it.  Restart your django server and set a breakpoint inside that internal dependency.

This will save you a ton of time vs. all those import pdb; pdb.set_trace() statements


This will break the virtualenv from the command line so for things like python commands.  For those items, I went ahead and set up a second virtualenv.

django show stacktrace

This is a quick one more to save me time than anything else.

If you’re looking for how to get the stacktrace when a django command crashes, the –traceback option is what you’re looking for.

Use it like this:

python <methodname> --traceback

Family Friendly Internet: Free Tips for a Safer Home

These are the basic steps I have taken to getting family friendly internet and device usage in my home.  If you’re concerned that your kids are seeing things they shouldn’t or are tired of stumbling onto things yourself, these steps make it much less likely that anyones eyes will accidentally fall onto some of the terrible content that’s online.

What made me put these steps for Family Friendly Internet together?

I was trying to purchase school pictures this morning and mistyped the url from the form by one character.  You know what happens next; bam…ton’s of sinful garbage I don’t want to see spewed into my face during the morning coffee.  It’s not the first time it’s happened but I was finally motivated to try and make it the last time that garbage comes up by accident.

My Strategy

I do not believe it’s completely possible to block all of the filth.  If an intelligent person knows what they are doing, there are many ways to trick filters and other systems into letting you find content if you would like.  However, in this case, I have made it more difficult to either accidentally or intentionally find the garbage on my home network.

This only supplements the need for a strong policy on how and where devices can be used in the home.  In a world with so many social sites full of user uploaded content, at some point, anyone who wants to find the filth is going to find it.

  • Block Content at the Router
  • Limit Device Usage to Open Rooms

How to Block Content at the Router

Implement a content filtering policy at the router level so that every device connected to your network will have it’s content filtered.  Software filtering is too big of a pain since it requires an installation of every device.

Implement Basic Content Filtering

I use OpenDNS Family Shield to setup my router.  It’s very straightforward and there are really only two steps to getting free basic family filtering on your router.  Once this is setup, any device that connects to the wireless network will by default have a family friendly internet setup that can only connect to web domains that are considered appropriate for a family audience.

Point the router DNS static IP addresses to the OpenDNS family friendly filter IP Addresses:

Once the router is updated, restart your devices so that they will pick up the new DNS settings from the router.

Test after restarting using the link at the bottom of the OpenDNS Family Shield web page.

Note that this only “suggests” to every device on the network what DNS servers to use and that an adept user can override this from each device.

Limitations With Most Routers

Even after telling the router to use OpenDNS, safe sites like Google will still be able to find all the garbage.  While only the cached content will be there, using the safe search option on each search engine should keep the filth away.  In order to keep the garbage out of search engines, the average router cannot be setup to always force a Safe Search!

I am currently shopping for routers that can provide this level filtering.  I will update this post once I’ve found and tested a better router.  A koala router that was on kickstarter recently appears to be the best right now.

Restrict Device Usage

Finally, discourage or eliminate usage of devices behind closed doors.  No matter how good the routers get, there will be ways for smart kids to get past them.  Be especially careful with devices that have access to the mobile network since none of these steps will help with that problem.

In our home, we don’t allow devices into the bedrooms or bathrooms and when the kids are old enough for their own phones, they will stay downstairs as well.



No Scan Options: Scan from an HP OfficeJet to a Mac

I was getting “No Scan Options” when pressing the scan button on the machine. For awhile I thought the scanner was broken but I finally figured out how to scan from the HP OfficeJet to my Mac.

Why “No Scan Options”

The root of the problem is that you have to issue the command to scan from the computer and not from the scanner as with many other machines.

Once I tried things from the mac, it was really quite easy to get the HP OfficeJet to scan both from the document feeder and the single page glass scanner onto my mac.

How to scan from an HP OfficeJet to a Mac

Step 1.  Plug in the usb cord from the printer to your mac and make sure all of the latest software is installed.

Step 2.  Open System Preferences from Spotlight and navigate into “Printers and Scanners”.  If you are new to mac, to open Spotlight either use command+space or click on the magnifying glass in the top right.  Then search for anything.  For more on using spotlight, visit this page from apple:

Step 3.  Select the HP OfficeJet you are trying to scan from.  If you don’t see your printer, then go back and make sure that the printer is on, it is plugged in to your computer and the software drivers have all been installed.

Step 4.  From the scan tab, choose to “Open Scanner…”

Screen Shot 2016-03-23 at 5.30.12 PM


Step 5.  Scan away. Notice the option to use the document feeder or scan from the screen.
Screen Shot 2016-03-23 at 5.30.40 PM


Enjoy your scanner

Now that I know how to scan from my HP OfficeJet, I am much more effective at my home office.

Android ISO8601: How to Convert a Date to call APIs

I have needed to get a date in java converted to ISO8601 on android for awhile and struggled through a few different issues on my way to a working solution.

Since it’s an app that I’m asking people to download, I don’t like to increase the download size by even a few MBs. So even though Joda Time is great, I need a different way. In researching, I had to piecemeal a solution from various blogs and stackoverflow posts.

If you’ve ever been wondering,
– Does android have a standard way to convert to iso8601 format?
– Why isn’t it easier to get a UTC date that follows iso8601 so I can just call the APIs?
Then hopefully I can save you some time.

Android ISO8601: UTC SimpleDateFormat

The following is a straightforward way to get a UTC ISO8601 string of a date object without using any external libraries.

SimpleDateFormat ISO8601DATETIMEFORMAT = new SimpleDateFormat("yyyy/MM/dd 'T'HH:mmZ");
TimeZone  tz = TimeZone.getTimeZone("UTC");
String isoDate = ISO8601DATETIMEFORMAT.format( dtobject);

Android ISO8601: APIs Don’t like Arabic Chars

But wait, sometimes this still sends over Arabic characters like:


We don’t want that.  The solution turns out to be fairly simple.  Make sure that the SimpleDateFormat is always converting using the English language locale.

SimpleDateFormat ISO8601DATETIMEFORMAT = new SimpleDateFormat("yyyy/MM/dd 'T'HH:mmZ",Locale.ENGLISH);

**Credit goes to this StackOverflow Comment Suggesting Locale.English

Android ISO8601: A Convenience Class

To wrap it all up, here’s a convenience method.  It can be dropped in without adding any major overhead to your app in terms of size or performance.

public class AndroidISO8601Util{

      static SimpleDateFormat ISO8601DATETIMEFORMAT = new SimpleDateFormat("yyyy/MM/dd 'T'HH:mmZ",Local.ENGLISH);

      //Note: this method is not thread safe because SimpleDateFormat is not thread safe
      public static String getISO8601forAPI( Date dt){
      TimeZone tz = TimeZone.getTimeZone("UTC");
      return ISO8601DATETIMEFORMAT.format( dtobject);

Export Unsigned APK with Android Studio

For years I developed with eclipse and used the Android Tools option to Export Unsigned APKs.

Eclipse Android Tools had an easy option to Export an Unsigned APK
Eclipse Android Tools had an easy option to Export an Unsigned APK

I could then take the unsigned .apk file and upload it to Amazon’s developer console.

This was one of the last items I was still using eclipse for after over a year of Android Studio development.  I finally spent some time figuring out how to make the same thing happen without needing eclipse any longer.  I found many of the questions and answers on stackoverflow to be confusing and inaccurate.  For example, many seem to think that using the debug apk is the same as using the unsigned release apk…which is not accurate.

This is the comment that ended up helping me get it right:

Here’s How to Export Unsigned APK in Android Studio

1. Edit the gradle build file for the project to specify an unsigned release signing.

buildTypes {
release {
minifyEnabled true
proguardFiles 'proguard.cfg'

releaseUnsigned {
signingConfig null


2. Generate Signed Apk using the releaseUnsigned Build Type.  This is on the 3rd or 4th screen in the flow of version 1.4 of Android Studio.

Release unsigned apk in android studio
Release unsigned apk in android studio

Enjoy the Unsigned APK

Once the build finishes, there will be an unsigned apk in the location you specified. You can then upload that apk to an emulator or to Amazon to start the process of letting amazon sign the app.

Fix: part of the process of setting a preferred domain is to verify that you own error

I was trying to set naked domain as preferred domain in google webmaster tools and it showed an error “Part of the process of setting a preferred domain is to verify that you own Please verify”

If you’re not familiar with the terminology, a naked domain is the domain name without anything preceding it.  So no www., blog. or anything.  Just plain is a naked domain.  I prefer this setup to the www. prefix when I can because it makes urls shorter and easier to read.  There’s still debate about it’s impact on SEO.

Fix the “part of the process of setting a preferred domain is to verify that you own” warning

First, create both the and versions of your site in google webmaster tools.  This is exactly the step I had skipped which led to the confusing error.

Make sure that both versions show up as verified sites in google.

Then, navigate into the version of the site and change the site’s preferred domain to be

Add both sites to Set Naked Domain as Preferred Domain
See that both versions of site are verified

From there, things are straightforward and you shouldn’t see any errors.

Just go into each sites site settings.  Tap the site name, then Settings->Site Settings in the top right and choose to have the preferred site domain be naked domain.

More Information

For more information and tips about the whole process of setting your preferred site, there are many good detailed posts out there.  For example, this one.  However, I couldn’t find a clear answer to the problem I was running into while getting the “part of the process of setting a preferred domain is to verify that you own” error which led to this post.

cURL Example: Post a JSON File with Basic Auth

The web was missing a clear example that showed how to POST a JSON file with Basic Auth.  I love using cURL for it’s simplicity when trying out api’s and other services that I might want to use and have spent a decent amount of time figuring this particular usage out more than once.  If nothing else, I’ll be helping myself next time.

cURL JSON + Basic Auth Samples

In this case, I have a file locally that’s contents are the JSON which I want to be the payload of the POST.  Note that I do not want to POST the file as with a multi-part form upload.

curl -X POST -d @pathtofile

Depending on the service you are calling, you might also need to set the Content-Type and encoding.

curl --header "Content-Type: application/json;charset=UTF-8" -X POST -d @pathtofile

Finally, for troubleshooting, I’ve found it useful to either use the verbose -v for inspecting headers or –trace-ascii /dev/stdout for seeing the content of the request

curl -X POST -d @pathtofile -v
curl -X POST -d @pathtofile --trace-ascii /dev/stdout

Sample Output of –trace-ascii /dev/stdout command

== Info: Trying…
== Info: Connected to ( port 443 (#0)
== Info: TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
== Info: Server certificate:
== Info: Server auth using Basic with user ‘admin’
=> Send header, 241 bytes (0xf1)
0000: POST /demo HTTP/1.1
0031: Host:
004f: Authorization: Basic Z3JlZW5oYXRhZG1pbjoxMjNBZG1pbiE=
0086: User-Agent: curl/7.43.0
009f: Accept: */*
00ac: Content-Type: application/json;charset=UTF-8
00da: Content-Length: 596
=> Send data, 596 bytes (0x254)
0000: { “Students”: [{ “MIS_ID”: 201073, “Forename”: “Test”, “Surname
0040: “: “Tester”, “Email”: “”, “YearGroup”: “6
0080: “, “Gender”: “M”, “Password”: “Ab@12” }, { “MIS_ID”: 161201, “Fo
00c0: rename”: “Tester”, “Surname”: “Test”, “Email”: “xyz.abcd@gm
0100:”, “YearGroup”: “6”, “Gender”: “F”, “Password”: “Ab@12
0140: ” }], “Staff”: [{ “TeacherID”: 220380, “Title”: “Mrs”, “Forename
0180: “: “Test”, “Surname”: “Tester”, “Email”: “xyz.abcd@gmail.
01c0: com” }], “Groups”: [{ “GroupID”: 63, “GroupName”: “6A Science”, ”
0200: GroupType”: “Class”, “GroupDescription”: “6A Science”, “PrimaryS
0240: taffId”: 220380 }] }
== Info: upload completely sent off: 596 out of 596 bytes
<= Recv header, 17 bytes (0x11)
0000: HTTP/1.1 200 OK
<= Recv header, 52 bytes (0x34)
0000: Cache-Control: no-cache, no-store, must-revalidate
<= Recv header, 47 bytes (0x2f)
0000: Content-Type: application/json; charset=utf-8
<= Recv header, 37 bytes (0x25)
0000: Date: Wed, 09 Dec 2015 16:02:52 GMT
<= Recv header, 40 bytes (0x28)
0000: Expires: Thu, 19 Jun 1980 19:19:19 GMT
<= Recv header, 18 bytes (0x12)
0000: Pragma: no-cache
<= Recv header, 15 bytes (0xf)
0000: Server: nginx
<= Recv header, 45 bytes (0x2d)
0000: Strict-Transport-Security: max-age=31536000
<= Recv header, 23 bytes (0x17)
0000: Vary: Accept-Encoding
<= Recv header, 20 bytes (0x14)
0000: Content-Length: 25
<= Recv header, 24 bytes (0x18)
0000: Connection: keep-alive
<= Recv header, 2 bytes (0x2)
<= Recv data, 25 bytes (0x19)
0000: {“i”:”4T7hz8tz8KU7ms2rz”}
== Info: Connection #0 to host left intact

Access ENOM DNS panel for Google Apps domain

I was unable to access the ENOM DNS console for a domain I bought through google years ago when they were still giving away google apps for free.

I was beating myself up for not being able to figure this out and the advanced DNS settings that used to be in Google Apps admin console have since been removed.

A quick call to enom ( after a not so quick wait time) got me exactly what I wish I had been able to find on the interwebs.  If you forgot your password or just cannot access enom DNS control panel from Google Apps dashboard, this should help.

How to Access ENOM DNS Console

If you’re trying to get in to change your nameservers, it’s easy.

  1. Visit
  2. Put your domain name and any password in along with the captcha.Get the password from your email.
  3. Change those nameservers or A records.  If you use google apps with the domain, only change the A records or the email and other functions of google apps will break.  Hopefully your hosting provider makes it easy to find the correct ip address to point the A record towards.

access enom DNS panel for google apps domain