Archives for December 2019

AWS RDS Backup Permission

December 31, 2019

Here’s the IAM policy to allow RDS Backup or create a snapshot on AWS.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "rds:RestoreDBClusterFromSnapshot",
		"rds:DescribeDBSnapshots",
		"rds:CopyDBSnapshot",
		"rds:CopyDBClusterSnapshot",
		"rds:DeleteDBSnapshot",
		"rds:DeleteDBClusterSnapshot",
		"rds:CreateDBSnapshot",
		"rds:RestoreDBInstanceFromDBSnapshot",
		"rds:CreateDBInstance",
		"rds:DescribeDBClusterSnapshots",
		"rds:DescribeDBInstances",
		"rds:DescribeDBClusters",
		"rds:DeleteDBInstance",
		"rds:CreateDBClusterSnapshot",
		"rds:ModifyDBSnapshotAttribute",
		"rds:ModifyDBClusterSnapshotAttribute",
		"rds:ListTagsForResource",
		"rds:DeleteDBCluster",
		"ec2:DescribeSecurityGroups",
		"ec2:DescribeRegions",
		"ec2:DescribeAvailabilityZones",
		"ec2:DescribeVpcs",
		"ec2:DescribeAccountAttributes",
		"ec2:DescribeSubnets",
		"iam:GetUser",
		"iam:GetAccountAuthorizationDetails",
		"kms:ReEncrypt*",
		"kms:GenerateDataKey*",
		"kms:CreateGrant",
		"kms:DescribeKey*",
		"kms:ListKeys",
		"kms:ListAliases",
		"kms:Encrypt",
		"kms:Decrypt",
		"kms:GenerateDataKeyWithoutPlaintext",
		"kms:ListKeys",
		"kms:ListAliases",
		"kms:ListResourceTags"
            ],
            "Resource": "*"
        }
    ]
}

AWS CloudWatch EFS Burst Credits

December 31, 2019

Here’s how to get the EFS Burst Credits from CloudWatch via AWS CLI.

aws cloudwatch get-metric-statistics \
--namespace "AWS/EFS" \
--metric-name BurstCreditBalance \
--dimensions "Name=FileSystemId,Value=fs-xxxxxxx" \
--start-time 2019-12-31T00:00:00Z \
--end-time 2019-12-31T01:00:00Z \
--statistics Average \
--period 3600 \
--profile default

Notice the start time, end time, period and statistics. Here’s the CLI doc.

WordPress Asking for FTP Details

December 26, 2019

If WordPress is asking for FTP details when you’re trying to update a theme, plugin, or WordPress itself, you will need to edit your wp-config.php file to add the following line to your configuration.

define('FS_METHOD','direct');

Save the file and try updating again. It shouldn’t ask you for FTP details.

GCP Static IP

December 25, 2019

Create a static IP.

gcloud compute addresses create your-app-static-ip \
--region us-central1

List static IP.

gcloud compute addresses list your-static-ip-name --region us-central1
# or
gcloud compute addresses list --filter="name=('live-tfc-static-ip-address')"

Release static IP.

gcloud compute addresses delete your-app-static-ip \
--region us-central1

Static Website on GKE

December 25, 2019

Here’s how to run your web application on Google Kubernetes Engine.

Create a Dockerfile. Place your web pages in the public-html directory.

FROM httpd:2.4
COPY ./public-html/ /usr/local/apache2/htdocs/

Build a container image for Google Container Registry (GCR).

# set your project
export PROJECT_ID=[project_id]
# build a container image
docker build -t gcr.io/${PROJECT_ID}/your-app:v1 .
# verify docker images
docker images

Upload the container image to GCR.

# authenticate
gcloud auth configure-docker
# upload image
docker push gcr.io/${PROJECT_ID}/your-app:v1

Create a container GKE cluster.

# create cluster
gcloud container clusters create your-app-cluster \
--num-nodes=2
# check clusters
gcloud compute instances list

Deploy your web application.

# create deployment
kubectl create deployment your-app \
--image=gcr.io/${PROJECT_ID}/your-app:v1
# see the pods
kubectl get pods

Expose your application to the Internet.

# expose your application
kubectl expose deployment your-app \
--type=LoadBalancer \
--port 80 \
--target-port 80
# get the external ip address
kubectl get service

Scale your application.

# scale to 3 replicas
kubectl scale deployment your-app --replicas=3
# display the replicas
kubectl get deployment your-app

Cleanup.

kubectl delete service your-app
gcloud container clusters delete your-app-cluster

Apache Dockerfile

December 25, 2019

This Docker image contains Apache (httpd), a web server.

Here’s the Dockerfile.

FROM httpd:2.4
COPY ./public-html/ /usr/local/apache2/htdocs/

Build and run your Docker image.

docker build -t my-app .
docker run -dit --name my-running-app -p 8080:80 my-app

Visit http://localhost:8080 to view your app.

XCode after Catalina Upgrade

December 25, 2019

I tried running git after the Mac OS Catalina upgrade and got this error.

xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools),
missing xcrun at: /Library/Developer/CommandLineTools/usr/bin/xcrun

Here’s the fix. For some very odd reason, Apple does not automatically reinstall xcode after each Mac OS upgrade.

You will need to either reset it or install it again.

# Try reset first
xcode-select --reset
# Or install it if reset doesn't work
xcode-select --install

Close your terminal, and reopen and run git again.

GCP SDK Auth Login

December 24, 2019

Here’s how to login to GCP from Google SDK.

gcloud auth login

Click on the URL to authenticate on your browser.
Login with your Google Account. Use MFA if prompted.
Click Allow when prompted.

You will then be taken to a page that you have successfully logged in.