AWS ECR PushPull Policy

Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.

Here’s the AWS IAM policy to push and pull images from Docker within ECR.

{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "AllowPushPull",
      "Effect": "Allow",
      "Resource": [
            "arn:aws:iam::*:role/your-custom-role"
      ],
      "Action": [
        "ecr:GetDownloadUrlForLayer",
        "ecr:BatchGetImage",
        "ecr:BatchCheckLayerAvailability",
        "ecr:PutImage",
        "ecr:InitiateLayerUpload",
        "ecr:UploadLayerPart",
        "ecr:CompleteLayerUpload"
      ]
    }
  ]
}

Passive FTP Firewall

Passive FTP is a FTP mode that alleviates the issues with client firewalls. The client initiates a call to the server. The return traffic is allowed as long as the client has initiated it. In addition, the server sends a port command along with an ephemeral port that the client can connect to. The client initiates a call on that ephemeral port, and the connection is then established.

Egress port 21 and ephemeral ports 1024-65535 needs to be opened from the client side.

# From the client side, egress port 21 must be open.
tcp:21
# From the client side, ephemeral ports from port 1024 to 165535 must be open.
tcp:1024-165535

GCP Change Instance Type

Here’s how to change instance types via the command line

# Set Project
gcloud config set project your-project-id
 
# Change instance type to 2 CPU 20GB memory.
gcloud compute instances set-machine-type your-server-name --zone us-east1-a --machine-type n2-custom-2-20480
 
# Change instance type to original settings.
gcloud compute instances set-machine-type your-server-name --zone us-east1-a --machine-type n2-custom-2-15360