• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

Archives for December 2019

AWS RDS Backup Permission

December 31, 2019

Here’s the IAM policy to allow RDS Backup or create a snapshot on AWS.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "rds:RestoreDBClusterFromSnapshot",
		"rds:DescribeDBSnapshots",
		"rds:CopyDBSnapshot",
		"rds:CopyDBClusterSnapshot",
		"rds:DeleteDBSnapshot",
		"rds:DeleteDBClusterSnapshot",
		"rds:CreateDBSnapshot",
		"rds:RestoreDBInstanceFromDBSnapshot",
		"rds:CreateDBInstance",
		"rds:DescribeDBClusterSnapshots",
		"rds:DescribeDBInstances",
		"rds:DescribeDBClusters",
		"rds:DeleteDBInstance",
		"rds:CreateDBClusterSnapshot",
		"rds:ModifyDBSnapshotAttribute",
		"rds:ModifyDBClusterSnapshotAttribute",
		"rds:ListTagsForResource",
		"rds:DeleteDBCluster",
		"ec2:DescribeSecurityGroups",
		"ec2:DescribeRegions",
		"ec2:DescribeAvailabilityZones",
		"ec2:DescribeVpcs",
		"ec2:DescribeAccountAttributes",
		"ec2:DescribeSubnets",
		"iam:GetUser",
		"iam:GetAccountAuthorizationDetails",
		"kms:ReEncrypt*",
		"kms:GenerateDataKey*",
		"kms:CreateGrant",
		"kms:DescribeKey*",
		"kms:ListKeys",
		"kms:ListAliases",
		"kms:Encrypt",
		"kms:Decrypt",
		"kms:GenerateDataKeyWithoutPlaintext",
		"kms:ListKeys",
		"kms:ListAliases",
		"kms:ListResourceTags"
            ],
            "Resource": "*"
        }
    ]
}

{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "rds:RestoreDBClusterFromSnapshot", "rds:DescribeDBSnapshots", "rds:CopyDBSnapshot", "rds:CopyDBClusterSnapshot", "rds:DeleteDBSnapshot", "rds:DeleteDBClusterSnapshot", "rds:CreateDBSnapshot", "rds:RestoreDBInstanceFromDBSnapshot", "rds:CreateDBInstance", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBInstances", "rds:DescribeDBClusters", "rds:DeleteDBInstance", "rds:CreateDBClusterSnapshot", "rds:ModifyDBSnapshotAttribute", "rds:ModifyDBClusterSnapshotAttribute", "rds:ListTagsForResource", "rds:DeleteDBCluster", "ec2:DescribeSecurityGroups", "ec2:DescribeRegions", "ec2:DescribeAvailabilityZones", "ec2:DescribeVpcs", "ec2:DescribeAccountAttributes", "ec2:DescribeSubnets", "iam:GetUser", "iam:GetAccountAuthorizationDetails", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:CreateGrant", "kms:DescribeKey*", "kms:ListKeys", "kms:ListAliases", "kms:Encrypt", "kms:Decrypt", "kms:GenerateDataKeyWithoutPlaintext", "kms:ListKeys", "kms:ListAliases", "kms:ListResourceTags" ], "Resource": "*" } ] }

Filed Under: Cloud Tagged With: aws, backup, iam, permissions, policy, rds, snapshot

AWS CloudWatch EFS Burst Credits

December 31, 2019

Here’s how to get the EFS Burst Credits from CloudWatch via AWS CLI.

aws cloudwatch get-metric-statistics \
--namespace "AWS/EFS" \
--metric-name BurstCreditBalance \
--dimensions "Name=FileSystemId,Value=fs-xxxxxxx" \
--start-time 2019-12-31T00:00:00Z \
--end-time 2019-12-31T01:00:00Z \
--statistics Average \
--period 3600 \
--profile default

aws cloudwatch get-metric-statistics \ --namespace "AWS/EFS" \ --metric-name BurstCreditBalance \ --dimensions "Name=FileSystemId,Value=fs-xxxxxxx" \ --start-time 2019-12-31T00:00:00Z \ --end-time 2019-12-31T01:00:00Z \ --statistics Average \ --period 3600 \ --profile default

Notice the start time, end time, period and statistics. Here’s the CLI doc.

Filed Under: Cloud Tagged With: aws, burst credits, cli, cloudwatch, efs

WordPress Asking for FTP Details

December 26, 2019

If WordPress is asking for FTP details when you’re trying to update a theme, plugin, or WordPress itself, you will need to edit your wp-config.php file to add the following line to your configuration.

define('FS_METHOD','direct');

define('FS_METHOD','direct');

Save the file and try updating again. It shouldn’t ask you for FTP details.

Filed Under: WP Tagged With: config, details, fix, ftp, plugin, theme, update, wordpress

GCP Static IP

December 25, 2019

Create a static IP.

gcloud compute addresses create your-app-static-ip \
--region us-central1

gcloud compute addresses create your-app-static-ip \ --region us-central1

List static IP.

gcloud compute addresses list your-static-ip-name --region us-central1
# or
gcloud compute addresses list --filter="name=('live-tfc-static-ip-address')"

gcloud compute addresses list your-static-ip-name --region us-central1 # or gcloud compute addresses list --filter="name=('live-tfc-static-ip-address')"

Release static IP.

gcloud compute addresses delete your-app-static-ip \
--region us-central1

gcloud compute addresses delete your-app-static-ip \ --region us-central1

Filed Under: Cloud Tagged With: gcp, ip address, release, reserve, static

Static Website on GKE

December 25, 2019

Here’s how to run your web application on Google Kubernetes Engine.

Create a Dockerfile. Place your web pages in the public-html directory.

FROM httpd:2.4
COPY ./public-html/ /usr/local/apache2/htdocs/

FROM httpd:2.4 COPY ./public-html/ /usr/local/apache2/htdocs/

Build a container image for Google Container Registry (GCR).

# set your project
export PROJECT_ID=[project_id]
# build a container image
docker build -t gcr.io/${PROJECT_ID}/your-app:v1 .
# verify docker images
docker images

# set your project export PROJECT_ID=[project_id] # build a container image docker build -t gcr.io/${PROJECT_ID}/your-app:v1 . # verify docker images docker images

Upload the container image to GCR.

# authenticate
gcloud auth configure-docker
# upload image
docker push gcr.io/${PROJECT_ID}/your-app:v1

# authenticate gcloud auth configure-docker # upload image docker push gcr.io/${PROJECT_ID}/your-app:v1

Create a container GKE cluster.

# create cluster
gcloud container clusters create your-app-cluster \
--num-nodes=2
# check clusters
gcloud compute instances list

# create cluster gcloud container clusters create your-app-cluster \ --num-nodes=2 # check clusters gcloud compute instances list

Deploy your web application.

# create deployment
kubectl create deployment your-app \
--image=gcr.io/${PROJECT_ID}/your-app:v1
# see the pods
kubectl get pods

# create deployment kubectl create deployment your-app \ --image=gcr.io/${PROJECT_ID}/your-app:v1 # see the pods kubectl get pods

Expose your application to the Internet.

# expose your application
kubectl expose deployment your-app \
--type=LoadBalancer \
--port 80 \
--target-port 80
# get the external ip address
kubectl get service

# expose your application kubectl expose deployment your-app \ --type=LoadBalancer \ --port 80 \ --target-port 80 # get the external ip address kubectl get service

Scale your application.

# scale to 3 replicas
kubectl scale deployment your-app --replicas=3
# display the replicas
kubectl get deployment your-app

# scale to 3 replicas kubectl scale deployment your-app --replicas=3 # display the replicas kubectl get deployment your-app

Cleanup.

kubectl delete service your-app
gcloud container clusters delete your-app-cluster

kubectl delete service your-app gcloud container clusters delete your-app-cluster

Filed Under: Cloud Tagged With: container, deployment, docker, gcp, gcr, gke, kubectl, kubernetes, scale, static, website

Apache Dockerfile

December 25, 2019

This Docker image contains Apache (httpd), a web server.

Here’s the Dockerfile.

FROM httpd:2.4
COPY ./public-html/ /usr/local/apache2/htdocs/

FROM httpd:2.4 COPY ./public-html/ /usr/local/apache2/htdocs/

Build and run your Docker image.

docker build -t my-app .
docker run -dit --name my-running-app -p 8080:80 my-app

docker build -t my-app . docker run -dit --name my-running-app -p 8080:80 my-app

Visit http://localhost:8080 to view your app.

Filed Under: Cloud, Linux Tagged With: apache, build, docker, dockerfile, run

XCode after Catalina Upgrade

December 25, 2019

I tried running git after the Mac OS Catalina upgrade and got this error.

xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools),
missing xcrun at: /Library/Developer/CommandLineTools/usr/bin/xcrun

xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools), missing xcrun at: /Library/Developer/CommandLineTools/usr/bin/xcrun

Here’s the fix. For some very odd reason, Apple does not automatically reinstall xcode after each Mac OS upgrade.

You will need to either reset it or install it again.

# Try reset first
xcode-select --reset
# Or install it if reset doesn't work
xcode-select --install

# Try reset first xcode-select --reset # Or install it if reset doesn't work xcode-select --install

Close your terminal, and reopen and run git again.

Filed Under: Mac Tagged With: catalina, git, install, mac os, reset, xcode

GCP SDK Auth Login

December 24, 2019

Here’s how to login to GCP from Google SDK.

gcloud auth login

gcloud auth login

  • Click on the URL to authenticate on your browser.
  • Login with your Google Account. Use MFA if prompted.
  • Click Allow when prompted.

You will then be taken to a page that you have successfully logged in.

Filed Under: Cloud Tagged With: account, auth, gcp, login, mfa, sdk, url

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to Next Page »
  • Home
  • About
  • Archives

Copyright © 2023