• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Search

Archives for December 2019

AWS RDS Backup Permission

December 31, 2019

Here’s the IAM policy to allow RDS Backup or create a snapshot on AWS.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "rds:RestoreDBClusterFromSnapshot",
		"rds:DescribeDBSnapshots",
		"rds:CopyDBSnapshot",
		"rds:CopyDBClusterSnapshot",
		"rds:DeleteDBSnapshot",
		"rds:DeleteDBClusterSnapshot",
		"rds:CreateDBSnapshot",
		"rds:RestoreDBInstanceFromDBSnapshot",
		"rds:CreateDBInstance",
		"rds:DescribeDBClusterSnapshots",
		"rds:DescribeDBInstances",
		"rds:DescribeDBClusters",
		"rds:DeleteDBInstance",
		"rds:CreateDBClusterSnapshot",
		"rds:ModifyDBSnapshotAttribute",
		"rds:ModifyDBClusterSnapshotAttribute",
		"rds:ListTagsForResource",
		"rds:DeleteDBCluster",
		"ec2:DescribeSecurityGroups",
		"ec2:DescribeRegions",
		"ec2:DescribeAvailabilityZones",
		"ec2:DescribeVpcs",
		"ec2:DescribeAccountAttributes",
		"ec2:DescribeSubnets",
		"iam:GetUser",
		"iam:GetAccountAuthorizationDetails",
		"kms:ReEncrypt*",
		"kms:GenerateDataKey*",
		"kms:CreateGrant",
		"kms:DescribeKey*",
		"kms:ListKeys",
		"kms:ListAliases",
		"kms:Encrypt",
		"kms:Decrypt",
		"kms:GenerateDataKeyWithoutPlaintext",
		"kms:ListKeys",
		"kms:ListAliases",
		"kms:ListResourceTags"
            ],
            "Resource": "*"
        }
    ]
}

{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "rds:RestoreDBClusterFromSnapshot", "rds:DescribeDBSnapshots", "rds:CopyDBSnapshot", "rds:CopyDBClusterSnapshot", "rds:DeleteDBSnapshot", "rds:DeleteDBClusterSnapshot", "rds:CreateDBSnapshot", "rds:RestoreDBInstanceFromDBSnapshot", "rds:CreateDBInstance", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBInstances", "rds:DescribeDBClusters", "rds:DeleteDBInstance", "rds:CreateDBClusterSnapshot", "rds:ModifyDBSnapshotAttribute", "rds:ModifyDBClusterSnapshotAttribute", "rds:ListTagsForResource", "rds:DeleteDBCluster", "ec2:DescribeSecurityGroups", "ec2:DescribeRegions", "ec2:DescribeAvailabilityZones", "ec2:DescribeVpcs", "ec2:DescribeAccountAttributes", "ec2:DescribeSubnets", "iam:GetUser", "iam:GetAccountAuthorizationDetails", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:CreateGrant", "kms:DescribeKey*", "kms:ListKeys", "kms:ListAliases", "kms:Encrypt", "kms:Decrypt", "kms:GenerateDataKeyWithoutPlaintext", "kms:ListKeys", "kms:ListAliases", "kms:ListResourceTags" ], "Resource": "*" } ] }

Filed Under: Cloud Tagged With: aws, backup, iam, permissions, policy, rds, snapshot

AWS CloudWatch EFS Burst Credits

December 31, 2019

Here’s how to get the EFS Burst Credits from CloudWatch via AWS CLI.

aws cloudwatch get-metric-statistics \
--namespace "AWS/EFS" \
--metric-name BurstCreditBalance \
--dimensions "Name=FileSystemId,Value=fs-xxxxxxx" \
--start-time 2019-12-31T00:00:00Z \
--end-time 2019-12-31T01:00:00Z \
--statistics Average \
--period 3600 \
--profile default

aws cloudwatch get-metric-statistics \ --namespace "AWS/EFS" \ --metric-name BurstCreditBalance \ --dimensions "Name=FileSystemId,Value=fs-xxxxxxx" \ --start-time 2019-12-31T00:00:00Z \ --end-time 2019-12-31T01:00:00Z \ --statistics Average \ --period 3600 \ --profile default

Notice the start time, end time, period and statistics. Here’s the CLI doc.

Filed Under: Cloud Tagged With: aws, burst credits, cli, cloudwatch, efs

WordPress Asking for FTP Details

December 26, 2019

If WordPress is asking for FTP details when you’re trying to update a theme, plugin, or WordPress itself, you will need to edit your wp-config.php file to add the following line to your configuration.

define('FS_METHOD','direct');

define('FS_METHOD','direct');

Save the file and try updating again. It shouldn’t ask you for FTP details.

Filed Under: WP Tagged With: config, details, fix, ftp, plugin, theme, update, wordpress

GCP Static IP

December 25, 2019

Create a static IP.

gcloud compute addresses create your-app-static-ip \
--region us-central1

gcloud compute addresses create your-app-static-ip \ --region us-central1

List static IP.

gcloud compute addresses list your-static-ip-name --region us-central1
# or
gcloud compute addresses list --filter="name=('live-tfc-static-ip-address')"

gcloud compute addresses list your-static-ip-name --region us-central1 # or gcloud compute addresses list --filter="name=('live-tfc-static-ip-address')"

Release static IP.

gcloud compute addresses delete your-app-static-ip \
--region us-central1

gcloud compute addresses delete your-app-static-ip \ --region us-central1

Filed Under: Cloud Tagged With: gcp, ip address, release, reserve, static

Static Website on GKE

December 25, 2019

Here’s how to run your web application on Google Kubernetes Engine.

Create a Dockerfile. Place your web pages in the public-html directory.

FROM httpd:2.4
COPY ./public-html/ /usr/local/apache2/htdocs/

FROM httpd:2.4 COPY ./public-html/ /usr/local/apache2/htdocs/

Build a container image for Google Container Registry (GCR).

# set your project
export PROJECT_ID=[project_id]
# build a container image
docker build -t gcr.io/${PROJECT_ID}/your-app:v1 .
# verify docker images
docker images

# set your project export PROJECT_ID=[project_id] # build a container image docker build -t gcr.io/${PROJECT_ID}/your-app:v1 . # verify docker images docker images

Upload the container image to GCR.

# authenticate
gcloud auth configure-docker
# upload image
docker push gcr.io/${PROJECT_ID}/your-app:v1

# authenticate gcloud auth configure-docker # upload image docker push gcr.io/${PROJECT_ID}/your-app:v1

Create a container GKE cluster.

# create cluster
gcloud container clusters create your-app-cluster \
--num-nodes=2
# check clusters
gcloud compute instances list

# create cluster gcloud container clusters create your-app-cluster \ --num-nodes=2 # check clusters gcloud compute instances list

Deploy your web application.

# create deployment
kubectl create deployment your-app \
--image=gcr.io/${PROJECT_ID}/your-app:v1
# see the pods
kubectl get pods

# create deployment kubectl create deployment your-app \ --image=gcr.io/${PROJECT_ID}/your-app:v1 # see the pods kubectl get pods

Expose your application to the Internet.

# expose your application
kubectl expose deployment your-app \
--type=LoadBalancer \
--port 80 \
--target-port 80
# get the external ip address
kubectl get service

# expose your application kubectl expose deployment your-app \ --type=LoadBalancer \ --port 80 \ --target-port 80 # get the external ip address kubectl get service

Scale your application.

# scale to 3 replicas
kubectl scale deployment your-app --replicas=3
# display the replicas
kubectl get deployment your-app

# scale to 3 replicas kubectl scale deployment your-app --replicas=3 # display the replicas kubectl get deployment your-app

Cleanup.

kubectl delete service your-app
gcloud container clusters delete your-app-cluster

kubectl delete service your-app gcloud container clusters delete your-app-cluster

Filed Under: Cloud Tagged With: container, deployment, docker, gcp, gcr, gke, kubectl, kubernetes, scale, static, website

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 5
  • Go to Next Page »
  • Home
  • About
  • Search

Copyright © 2023