Archives for August 2019

Remove Key from known_hosts

August 31, 2019 by Ulysses

If you’ve changed keys, you will need to delete a ssh key from /etc/known_hosts file.

You can edit it manually using an editor such as vi or vim.

vim ~/.ssh/known_hosts

Or you can use ssh-keygen command with -R option to delete the hostname or IP address.

ssh-keygen -f "~/.ssh/known_hosts" -R "xxx.xxx.xxx.xxx"

Copy Files Using Rsync

August 30, 2019 by Ulysses

Here’s how to copy files from one directory to another.

rsync -arvz /dir1 /dir2 >> /tmp/rsync.log &

Format: rsynch –options source destination

Options

-a archive mode
-v verbose
-p keep permissions
-z zipped during transfer
-r recursive

AWS RDS Start and Stop Policy

August 29, 2019 by Ulysses

Here’s a IAM policy that you can add to an IAM user or an IAM role so they are able to start and stop a specific RDS instance.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Condition": {
                "StringEqualsIgnoreCase": {
                    "rds:db-tag/Application": "application-name"
                }
            },
            "Action": [
                "rds:DescribeDBInstances",
                "rds:StartDBInstance",
                "rds:StopDBInstance"
            ],
            "Resource": "arn:aws:rds:us-east-1:xxxxxxxxxxxx:db:db-instance-name",
            "Effect": "Allow"
        }
    ]
}

AWS Instance Type to M5 or C5

August 28, 2019 by Ulysses

If you have changed instance type to either C5 or M5 and it no longer boots, it’s due to the following reasons.

The Elastic Network Adapter (ENA) enaSupport attribute is disabled for the instance.
The ENA module isn’t installed on the instance
The NVMe module isn’t installed on the instance, or, if installed, the NVMe module isn’t loaded in the initramfs image of the instance.
You are trying to mount the file systems at boot time in the “/etc/fstab” file using a device name. Amazon Elastic Block Store (Amazon EBS) volumes are exposed as NVMe devices to these instance types, and the device names are changed. To avoid this, mount the file systems using UUID/Label. For more information, see Amazon EBS and NVMe.

You will need to run a Bash script to update the current instance to be able to support a C5 or M5 instance.

AWS IAM Get User

August 27, 2019 by Ulysses

Here’s how to get a user info from AWS CLI.

aws iam get-user --user-name John.Doe --profile default

AWS CLI EC2 Describe Tags

August 26, 2019 by Ulysses

Here’s how to get a list of EC2 tags.

aws ec2 describe-tags \
--filters "Name=resource-id,Values=i-xxxxxxxxxxxxx" \
--query 'Tags[][Key,Value]'  \
--profile default \
--region us-east-1 \
--output text

Outbound DNS

August 23, 2019 by Ulysses

Here’s a typical setup for an Outbound DNS server.

What are unbound servers? Unbound servers are a validating, recursive and caching DNS server

Install Unbound DNS

yum install unbound

Configuration: /etc/outbound/outbound.conf

server:
        interface: 0.0.0.0
        access-control: 0.0.0.0/0 allow
        local-zone: "10.in-addr.arpa." nodefault
forward-zone:
        name: "10.in-addr.arpa."
        forward-addr: 169.254.169.253
forward-zone:
        name: "ec2.internal"
        forward-addr: 169.254.169.253
forward-zone:
        name: '.'
        forward-addr: 10.10.10.1
        forward-addr: 10.10.11.2

Unbound Start, Stop, Restart and Status

service outbound start | stop | restart | status

.bash_profile is executed for login shells. .bashrc is executed for interactive non-login shells. When you login, .bash_profile is executed. If you are already logged in, .bashrc is executed. .bashrc is also executed when you start a new bash using /bin/bash.