• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

Archives for April 2020

SSSD Leave Domain

April 30, 2020

Here’s how to unjoin or leave the domain via SSSD.

realm leave domain.com

realm leave domain.com

Filed Under: Linux Tagged With: domain, leave, realm, sssd

AWS S3 Sync Between Accounts

April 29, 2020

Here’s how to sync S3 buckets between 2 different AWS accounts. Assuming buckets are already created.

  1. Setup bucket permissions in Account A
  2. Setup IAM user with permissions in Account B
  3. Setup bucket permissions in Account B
  4. Run S3 sync from Account B.

Account A bucket permissions. Account and user are from Account B.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DelegateS3Access",
            "Effect": "Allow",
            "Principal": {"AWS": "arn:aws:iam::222222222222:user/Jane"},
            "Action": ["s3:ListBucket","s3:GetObject"],
            "Resource": [
                "arn:aws:s3:::awsexamplesourcebucket/*",
                "arn:aws:s3:::awsexamplesourcebucket"
            ]
        }
    ]
}

{ "Version": "2012-10-17", "Statement": [ { "Sid": "DelegateS3Access", "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::222222222222:user/Jane"}, "Action": ["s3:ListBucket","s3:GetObject"], "Resource": [ "arn:aws:s3:::awsexamplesourcebucket/*", "arn:aws:s3:::awsexamplesourcebucket" ] } ] }

Create IAM user (Jane) in Account B

aws iam create-user --user-name Jane

aws iam create-user --user-name Jane

Give IAM user (Jane) access to both buckets.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::awsexamplesourcebucket",
                "arn:aws:s3:::awsexamplesourcebucket/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::awsexampledestinationbucket",
                "arn:aws:s3:::awsexampledestinationbucket/*"
            ]
        }
    ]
}

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::awsexamplesourcebucket", "arn:aws:s3:::awsexamplesourcebucket/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::awsexampledestinationbucket", "arn:aws:s3:::awsexampledestinationbucket/*" ] } ] }

Sync the buckets

aws s3 sync s3://awsexamplesourcebucket s3://awsexampledestinationbucket

aws s3 sync s3://awsexamplesourcebucket s3://awsexampledestinationbucket

Filed Under: Cloud Tagged With: accounts, aws, copy, multiple, s3, sync

AWS CLI AutoScaler Update

April 27, 2020

Here’s the AWS CLI command to set the Auto Scaling Group to a certain number for the minimum, maximum, and desired number of instances.

#!/bin/bash
# Format:  
# ./autoscaling.sh 3
# ./autoscaling.sh 0
int=$1
aws autoscaling update-auto-scaling-group \
--auto-scaling-group-name your-auto-scaling-group \
--min-size $int \
--max-size $int \
--desired-capacity $int \
--region us-east-2

#!/bin/bash # Format: # ./autoscaling.sh 3 # ./autoscaling.sh 0 int=$1 aws autoscaling update-auto-scaling-group \ --auto-scaling-group-name your-auto-scaling-group \ --min-size $int \ --max-size $int \ --desired-capacity $int \ --region us-east-2

Format:

./autoscaling.sh 0
./autoscaling.sh 3

./autoscaling.sh 0 ./autoscaling.sh 3

Filed Under: Cloud Tagged With: auto scaling, aws, desired capacity, maximum, minimum, update

MySQL SSL Connection

April 27, 2020

The standard way to connect to MySQL is:

mysql -h hostname -u user -p

mysql -h hostname -u user -p

Here’s how to connect to MySQL with SSL encryption.

mysql -h hostname -u user -p \
--ssl-ca=server-ca.pem \
--ssl-cert=client-cert.pem \
--ssl-key=client-key.pem

mysql -h hostname -u user -p \ --ssl-ca=server-ca.pem \ --ssl-cert=client-cert.pem \ --ssl-key=client-key.pem

Generate the SSL keys from the MySQL server. Download it to the client.

Filed Under: Linux Tagged With: connect, mysql, secure, ssl

MySQL Restore

April 26, 2020

Here’s how to restore a MySQL database from mysqldump.

mysql -u user -p
mysql> drop database databasename;
mysql> quit;
Bye
mysql -u user -p databasename < filename.sql

mysql -u user -p mysql> drop database databasename; mysql> quit; Bye mysql -u user -p databasename < filename.sql

Drop database first, then import the SQL file.

Filed Under: Linux Tagged With: import, mysql, restore, sql

Upgrade to Ubuntu 20.04 LTS

April 26, 2020

Now that Ubuntu 20.04 LTS (Long Term Support) is out, here’s a quick guide to upgrade to Ubuntu 20.04 LTS. You can ONLY upgrade from either Ubuntu 18.04 LTS or 19.10. If you have older versions of Ubuntu, it may not work. I suggest you back up your VM before running the upgrade, so you can quicky recover if something goes awry. This upgrade process will require sudo access.

# login as root
sudo -i
# check your current version
lsb_release -a
# update packages
apt update -y
apt upgrade -y
# reboot server
reboot
# remove old kernels
apt --purge autoremove
# install update manager core
apt install update-manager-core
# finally, perform the upgrade
do-release-upgrade -d
# reboot the server
reboot
# after reboot confirm
lsb_release -a

# login as root sudo -i # check your current version lsb_release -a # update packages apt update -y apt upgrade -y # reboot server reboot # remove old kernels apt --purge autoremove # install update manager core apt install update-manager-core # finally, perform the upgrade do-release-upgrade -d # reboot the server reboot # after reboot confirm lsb_release -a

Filed Under: Linux Tagged With: 20.04 LTS, release, ubuntu, update, upgrade

PFX to PEM

April 22, 2020

Here’s how to convert SSL certificate from PFX to PEM format.

#!/bin/bash
 
echo "This script converts SSL certificates from PFX to PEM."
read -p 'Enter PFX Certificate Name  : ' cert_pfx
read -p 'Enter the Import Passphrase : ' import_passphrase
 
openssl pkcs12 -in $cert_pfx -nocerts -out cert-key.pem -passin pass:$import_passphrase -passout pass:$import_passphrase
openssl pkcs12 -in $cert_pfx -clcerts -nokeys -out cert-body.pem -passin pass:$import_passphrase -passout pass:$import_passphrase
openssl pkcs12 -in $cert_pfx -nodes -nokeys -out cert-chain.pem -passin pass:$import_passphrase -passout pass:$import_passphrase
sleep 3
openssl rsa -in key.pem -out cert-private.key -passin pass:$import_passphrase -passout pass:$import_passphrase

#!/bin/bash echo "This script converts SSL certificates from PFX to PEM." read -p 'Enter PFX Certificate Name : ' cert_pfx read -p 'Enter the Import Passphrase : ' import_passphrase openssl pkcs12 -in $cert_pfx -nocerts -out cert-key.pem -passin pass:$import_passphrase -passout pass:$import_passphrase openssl pkcs12 -in $cert_pfx -clcerts -nokeys -out cert-body.pem -passin pass:$import_passphrase -passout pass:$import_passphrase openssl pkcs12 -in $cert_pfx -nodes -nokeys -out cert-chain.pem -passin pass:$import_passphrase -passout pass:$import_passphrase sleep 3 openssl rsa -in key.pem -out cert-private.key -passin pass:$import_passphrase -passout pass:$import_passphrase

This was covered in an earlier post, but this script prompts you for the passphrase.

Here’s the expected output.

  • cert-key.pem
  • cert-body.pem
  • cert-chain.pem
  • cert-private.key

Filed Under: Linux Tagged With: conversion, convert, openssl, pem, pfx

WAF CloudFormation Template

April 21, 2020

Here’s the CloudFormation template for creating a WAF.

Here are some options that you’ll be asked during creation.

  • Activate SQL Injection Protection ( yes | no )
  • Activate Cross-site Scripting Protection ( yes | no )
  • Activate HTTP Flood Protection ( WAF rate | Lambda log parser | Athena log parser | no )
  • Activate Scanner & Probe Protection ( Lambda log parser | Athena log parser | no )
  • Activate Reputation List Protection ( yes | no )
  • Activate Bad Bot Protection ( yes | no )
  • Endpoint Type (CloudFront or ALB)
  • Application Access Log Bucket Name ( Leave blank if no S3 bucket)

The template creates 2 CloudFormation stacks.

Filed Under: Cloud Tagged With: acl, aws, cloudformation, rules, waf

  • Go to page 1
  • Go to page 2
  • Go to Next Page »
  • Home
  • About
  • Archives

Copyright © 2023