Here’s how to unjoin or leave the domain via SSSD.
realm leave domain.com |
Archives for April 2020
AWS S3 Sync Between Accounts
Here’s how to sync S3 buckets between 2 different AWS accounts. Assuming buckets are already created.
- Setup bucket permissions in Account A
- Setup IAM user with permissions in Account B
- Setup bucket permissions in Account B
- Run S3 sync from Account B.
Account A bucket permissions. Account and user are from Account B.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DelegateS3Access", "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::222222222222:user/Jane"}, "Action": ["s3:ListBucket","s3:GetObject"], "Resource": [ "arn:aws:s3:::awsexamplesourcebucket/*", "arn:aws:s3:::awsexamplesourcebucket" ] } ] } |
Create IAM user (Jane) in Account B
aws iam create-user --user-name Jane |
Give IAM user (Jane) access to both buckets.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::awsexamplesourcebucket", "arn:aws:s3:::awsexamplesourcebucket/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::awsexampledestinationbucket", "arn:aws:s3:::awsexampledestinationbucket/*" ] } ] } |
Sync the buckets
aws s3 sync s3://awsexamplesourcebucket s3://awsexampledestinationbucket |
AWS CLI AutoScaler Update
Here’s the AWS CLI command to set the Auto Scaling Group to a certain number for the minimum, maximum, and desired number of instances.
#!/bin/bash # Format: # ./autoscaling.sh 3 # ./autoscaling.sh 0 int=$1 aws autoscaling update-auto-scaling-group \ --auto-scaling-group-name your-auto-scaling-group \ --min-size $int \ --max-size $int \ --desired-capacity $int \ --region us-east-2 |
Format:
./autoscaling.sh 0 ./autoscaling.sh 3 |
MySQL SSL Connection
The standard way to connect to MySQL is:
mysql -h hostname -u user -p |
Here’s how to connect to MySQL with SSL encryption.
mysql -h hostname -u user -p \ --ssl-ca=server-ca.pem \ --ssl-cert=client-cert.pem \ --ssl-key=client-key.pem |
Generate the SSL keys from the MySQL server. Download it to the client.
MySQL Restore
Here’s how to restore a MySQL database from mysqldump.
mysql -u user -p mysql> drop database databasename; mysql> quit; Bye mysql -u user -p databasename < filename.sql |
Drop database first, then import the SQL file.
Upgrade to Ubuntu 20.04 LTS
Now that Ubuntu 20.04 LTS (Long Term Support) is out, here’s a quick guide to upgrade to Ubuntu 20.04 LTS. You can ONLY upgrade from either Ubuntu 18.04 LTS or 19.10. If you have older versions of Ubuntu, it may not work. I suggest you back up your VM before running the upgrade, so you can quicky recover if something goes awry. This upgrade process will require sudo access.
# login as root sudo -i # check your current version lsb_release -a # update packages apt update -y apt upgrade -y # reboot server reboot # remove old kernels apt --purge autoremove # install update manager core apt install update-manager-core # finally, perform the upgrade do-release-upgrade -d # reboot the server reboot # after reboot confirm lsb_release -a |
PFX to PEM
Here’s how to convert SSL certificate from PFX to PEM format.
#!/bin/bash echo "This script converts SSL certificates from PFX to PEM." read -p 'Enter PFX Certificate Name : ' cert_pfx read -p 'Enter the Import Passphrase : ' import_passphrase openssl pkcs12 -in $cert_pfx -nocerts -out cert-key.pem -passin pass:$import_passphrase -passout pass:$import_passphrase openssl pkcs12 -in $cert_pfx -clcerts -nokeys -out cert-body.pem -passin pass:$import_passphrase -passout pass:$import_passphrase openssl pkcs12 -in $cert_pfx -nodes -nokeys -out cert-chain.pem -passin pass:$import_passphrase -passout pass:$import_passphrase sleep 3 openssl rsa -in key.pem -out cert-private.key -passin pass:$import_passphrase -passout pass:$import_passphrase |
This was covered in an earlier post, but this script prompts you for the passphrase.
Here’s the expected output.
- cert-key.pem
- cert-body.pem
- cert-chain.pem
- cert-private.key
WAF CloudFormation Template
Here’s the CloudFormation template for creating a WAF.
Here are some options that you’ll be asked during creation.
- Activate SQL Injection Protection ( yes | no )
- Activate Cross-site Scripting Protection ( yes | no )
- Activate HTTP Flood Protection ( WAF rate | Lambda log parser | Athena log parser | no )
- Activate Scanner & Probe Protection ( Lambda log parser | Athena log parser | no )
- Activate Reputation List Protection ( yes | no )
- Activate Bad Bot Protection ( yes | no )
- Endpoint Type (CloudFront or ALB)
- Application Access Log Bucket Name ( Leave blank if no S3 bucket)
The template creates 2 CloudFormation stacks.