Uly.me

cloud engineer

Archives for December 2019

AWS RDS Backup Permission

Here’s the IAM policy to allow RDS Backup or create a snapshot on AWS.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "rds:RestoreDBClusterFromSnapshot",
		"rds:DescribeDBSnapshots",
		"rds:CopyDBSnapshot",
		"rds:CopyDBClusterSnapshot",
		"rds:DeleteDBSnapshot",
		"rds:DeleteDBClusterSnapshot",
		"rds:CreateDBSnapshot",
		"rds:RestoreDBInstanceFromDBSnapshot",
		"rds:CreateDBInstance",
		"rds:DescribeDBClusterSnapshots",
		"rds:DescribeDBInstances",
		"rds:DescribeDBClusters",
		"rds:DeleteDBInstance",
		"rds:CreateDBClusterSnapshot",
		"rds:ModifyDBSnapshotAttribute",
		"rds:ModifyDBClusterSnapshotAttribute",
		"rds:ListTagsForResource",
		"rds:DeleteDBCluster",
		"ec2:DescribeSecurityGroups",
		"ec2:DescribeRegions",
		"ec2:DescribeAvailabilityZones",
		"ec2:DescribeVpcs",
		"ec2:DescribeAccountAttributes",
		"ec2:DescribeSubnets",
		"iam:GetUser",
		"iam:GetAccountAuthorizationDetails",
		"kms:ReEncrypt*",
		"kms:GenerateDataKey*",
		"kms:CreateGrant",
		"kms:DescribeKey*",
		"kms:ListKeys",
		"kms:ListAliases",
		"kms:Encrypt",
		"kms:Decrypt",
		"kms:GenerateDataKeyWithoutPlaintext",
		"kms:ListKeys",
		"kms:ListAliases",
		"kms:ListResourceTags"
            ],
            "Resource": "*"
        }
    ]
}

AWS CloudWatch EFS Burst Credits

Here’s how to get the EFS Burst Credits from CloudWatch via AWS CLI.

aws cloudwatch get-metric-statistics \
--namespace "AWS/EFS" \
--metric-name BurstCreditBalance \
--dimensions "Name=FileSystemId,Value=fs-xxxxxxx" \
--start-time 2019-12-31T00:00:00Z \
--end-time 2019-12-31T01:00:00Z \
--statistics Average \
--period 3600 \
--profile default

Notice the start time, end time, period and statistics. Here’s the CLI doc.

WordPress Asking for FTP Details

If WordPress is asking for FTP details when you’re trying to update a theme, plugin, or WordPress itself, you will need to edit your wp-config.php file to add the following line to your configuration.

define('FS_METHOD','direct');

Save the file and try updating again. It shouldn’t ask you for FTP details.

GCP Static IP

Create a static IP.

gcloud compute addresses create your-app-static-ip \
--region us-central1

List static IP.

gcloud compute addresses list your-static-ip-name --region us-central1
# or
gcloud compute addresses list --filter="name=('live-tfc-static-ip-address')"

Release static IP.

gcloud compute addresses delete your-app-static-ip \
--region us-central1

Static Website on GKE

Here’s how to run your web application on Google Kubernetes Engine.

Create a Dockerfile. Place your web pages in the public-html directory.

FROM httpd:2.4
COPY ./public-html/ /usr/local/apache2/htdocs/

Build a container image for Google Container Registry (GCR).

# set your project
export PROJECT_ID=[project_id]
# build a container image
docker build -t gcr.io/${PROJECT_ID}/your-app:v1 .
# verify docker images
docker images

Upload the container image to GCR.

# authenticate
gcloud auth configure-docker
# upload image
docker push gcr.io/${PROJECT_ID}/your-app:v1

Create a container GKE cluster.

# create cluster
gcloud container clusters create your-app-cluster \
--num-nodes=2
# check clusters
gcloud compute instances list

Deploy your web application.

# create deployment
kubectl create deployment your-app \
--image=gcr.io/${PROJECT_ID}/your-app:v1
# see the pods
kubectl get pods

Expose your application to the Internet.

# expose your application
kubectl expose deployment your-app \
--type=LoadBalancer \
--port 80 \
--target-port 80
# get the external ip address
kubectl get service

Scale your application.

# scale to 3 replicas
kubectl scale deployment your-app --replicas=3
# display the replicas
kubectl get deployment your-app

Cleanup.

kubectl delete service your-app
gcloud container clusters delete your-app-cluster