Here’s how to unjoin or leave the domain via SSSD.
realm leave domain.com |
cloud engineer
Here’s how to unjoin or leave the domain via SSSD.
realm leave domain.com |
realm leave domain.com
Here’s how to sync S3 buckets between 2 different AWS accounts. Assuming buckets are already created.
Account A bucket permissions. Account and user are from Account B.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DelegateS3Access", "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::222222222222:user/Jane"}, "Action": ["s3:ListBucket","s3:GetObject"], "Resource": [ "arn:aws:s3:::awsexamplesourcebucket/*", "arn:aws:s3:::awsexamplesourcebucket" ] } ] } |
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DelegateS3Access", "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::222222222222:user/Jane"}, "Action": ["s3:ListBucket","s3:GetObject"], "Resource": [ "arn:aws:s3:::awsexamplesourcebucket/*", "arn:aws:s3:::awsexamplesourcebucket" ] } ] }
Create IAM user (Jane) in Account B
aws iam create-user --user-name Jane |
aws iam create-user --user-name Jane
Give IAM user (Jane) access to both buckets.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::awsexamplesourcebucket", "arn:aws:s3:::awsexamplesourcebucket/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::awsexampledestinationbucket", "arn:aws:s3:::awsexampledestinationbucket/*" ] } ] } |
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::awsexamplesourcebucket", "arn:aws:s3:::awsexamplesourcebucket/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::awsexampledestinationbucket", "arn:aws:s3:::awsexampledestinationbucket/*" ] } ] }
Sync the buckets
aws s3 sync s3://awsexamplesourcebucket s3://awsexampledestinationbucket |
aws s3 sync s3://awsexamplesourcebucket s3://awsexampledestinationbucket
Here’s the AWS CLI command to set the Auto Scaling Group to a certain number for the minimum, maximum, and desired number of instances.
#!/bin/bash # Format: # ./autoscaling.sh 3 # ./autoscaling.sh 0 int=$1 aws autoscaling update-auto-scaling-group \ --auto-scaling-group-name your-auto-scaling-group \ --min-size $int \ --max-size $int \ --desired-capacity $int \ --region us-east-2 |
#!/bin/bash # Format: # ./autoscaling.sh 3 # ./autoscaling.sh 0 int=$1 aws autoscaling update-auto-scaling-group \ --auto-scaling-group-name your-auto-scaling-group \ --min-size $int \ --max-size $int \ --desired-capacity $int \ --region us-east-2
Format:
./autoscaling.sh 0 ./autoscaling.sh 3 |
./autoscaling.sh 0 ./autoscaling.sh 3
The standard way to connect to MySQL is:
mysql -h hostname -u user -p |
mysql -h hostname -u user -p
Here’s how to connect to MySQL with SSL encryption.
mysql -h hostname -u user -p \ --ssl-ca=server-ca.pem \ --ssl-cert=client-cert.pem \ --ssl-key=client-key.pem |
mysql -h hostname -u user -p \ --ssl-ca=server-ca.pem \ --ssl-cert=client-cert.pem \ --ssl-key=client-key.pem
Generate the SSL keys from the MySQL server. Download it to the client.
Here’s how to restore a MySQL database from mysqldump.
mysql -u user -p mysql> drop database databasename; mysql> quit; Bye mysql -u user -p databasename < filename.sql |
mysql -u user -p mysql> drop database databasename; mysql> quit; Bye mysql -u user -p databasename < filename.sql
Drop database first, then import the SQL file.
Now that Ubuntu 20.04 LTS (Long Term Support) is out, here’s a quick guide to upgrade to Ubuntu 20.04 LTS. You can ONLY upgrade from either Ubuntu 18.04 LTS or 19.10. If you have older versions of Ubuntu, it may not work. I suggest you back up your VM before running the upgrade, so you can quicky recover if something goes awry. This upgrade process will require sudo access.
# login as root sudo -i # check your current version lsb_release -a # update packages apt update -y apt upgrade -y # reboot server reboot # remove old kernels apt --purge autoremove # install update manager core apt install update-manager-core # finally, perform the upgrade do-release-upgrade -d # reboot the server reboot # after reboot confirm lsb_release -a |
# login as root sudo -i # check your current version lsb_release -a # update packages apt update -y apt upgrade -y # reboot server reboot # remove old kernels apt --purge autoremove # install update manager core apt install update-manager-core # finally, perform the upgrade do-release-upgrade -d # reboot the server reboot # after reboot confirm lsb_release -a
Here’s how to convert SSL certificate from PFX to PEM format.
#!/bin/bash echo "This script converts SSL certificates from PFX to PEM." read -p 'Enter PFX Certificate Name : ' cert_pfx read -p 'Enter the Import Passphrase : ' import_passphrase openssl pkcs12 -in $cert_pfx -nocerts -out cert-key.pem -passin pass:$import_passphrase -passout pass:$import_passphrase openssl pkcs12 -in $cert_pfx -clcerts -nokeys -out cert-body.pem -passin pass:$import_passphrase -passout pass:$import_passphrase openssl pkcs12 -in $cert_pfx -nodes -nokeys -out cert-chain.pem -passin pass:$import_passphrase -passout pass:$import_passphrase sleep 3 openssl rsa -in key.pem -out cert-private.key -passin pass:$import_passphrase -passout pass:$import_passphrase |
#!/bin/bash echo "This script converts SSL certificates from PFX to PEM." read -p 'Enter PFX Certificate Name : ' cert_pfx read -p 'Enter the Import Passphrase : ' import_passphrase openssl pkcs12 -in $cert_pfx -nocerts -out cert-key.pem -passin pass:$import_passphrase -passout pass:$import_passphrase openssl pkcs12 -in $cert_pfx -clcerts -nokeys -out cert-body.pem -passin pass:$import_passphrase -passout pass:$import_passphrase openssl pkcs12 -in $cert_pfx -nodes -nokeys -out cert-chain.pem -passin pass:$import_passphrase -passout pass:$import_passphrase sleep 3 openssl rsa -in key.pem -out cert-private.key -passin pass:$import_passphrase -passout pass:$import_passphrase
This was covered in an earlier post, but this script prompts you for the passphrase.
Here’s the expected output.
Here’s the CloudFormation template for creating a WAF.
Here are some options that you’ll be asked during creation.
The template creates 2 CloudFormation stacks.