• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Search

Archives for September 2021

AWS Request Domain Renewal

September 17, 2021

Occassionally, AWS requires validation of your domain via email message. Here’s the command to send a request.

aws acm resend-validation-email \
--certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
--domain yourdomain.com \
--validation-domain yourdomain.com
 
aws acm resend-validation-email \
--certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
--domain www.yourdomain.com \
--validation-domain yourdomain.com

aws acm resend-validation-email \ --certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ --domain yourdomain.com \ --validation-domain yourdomain.com aws acm resend-validation-email \ --certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ --domain www.yourdomain.com \ --validation-domain yourdomain.com

You will need acm:ResendValidationEmail permission to run the command.

Filed Under: Cloud Tagged With: acm, awscli, certificate, renewal, validation

AWSCLI Permission Denied

September 15, 2021

When running awscli as a user, I’m getting a permissioned denied.

[user@servername ~]$ aws s3 ls
Traceback (most recent call last):
  File "/home/db2inst1/.local/bin/aws", line 19, in <module>
    import awscli.clidriver
  File "/home/db2inst1/.local/lib/python2.7/site-packages/awscli/clidriver.py", line 17, in <module>
    import botocore.session
  File "/home/db2inst1/.local/lib/python2.7/site-packages/botocore/session.py", line 26, in <module>
    import botocore.configloader
  File "/home/db2inst1/.local/lib/python2.7/site-packages/botocore/configloader.py", line 19, in <module>
    from botocore.compat import six
  File "/home/db2inst1/.local/lib/python2.7/site-packages/botocore/compat.py", line 172, in <module>
    import xml.etree.cElementTree
  File "/usr/lib64/python2.7/xml/etree/cElementTree.py", line 3, in <module>
    from _elementtree import *
ImportError: PyCapsule_Import could not import module "pyexpat"

[user@servername ~]$ aws s3 ls Traceback (most recent call last): File "/home/db2inst1/.local/bin/aws", line 19, in <module> import awscli.clidriver File "/home/db2inst1/.local/lib/python2.7/site-packages/awscli/clidriver.py", line 17, in <module> import botocore.session File "/home/db2inst1/.local/lib/python2.7/site-packages/botocore/session.py", line 26, in <module> import botocore.configloader File "/home/db2inst1/.local/lib/python2.7/site-packages/botocore/configloader.py", line 19, in <module> from botocore.compat import six File "/home/db2inst1/.local/lib/python2.7/site-packages/botocore/compat.py", line 172, in <module> import xml.etree.cElementTree File "/usr/lib64/python2.7/xml/etree/cElementTree.py", line 3, in <module> from _elementtree import * ImportError: PyCapsule_Import could not import module "pyexpat"

This is a permission error with the directory where the awscli is installed.

$ which aws 
/usr/local/bin/aws

$ which aws /usr/local/bin/aws

I ran chmod to fix the directory permission.

chmod -R 755 /usr/local/aws-cli/

chmod -R 755 /usr/local/aws-cli/

The error is now gone.

$ aws s3 ls
bucket-1
bucket-2
bucket-3

$ aws s3 ls bucket-1 bucket-2 bucket-3

Filed Under: Cloud, Linux Tagged With: awscli, chmod, issue, permission

Nmap Scan Top 1000 Ports

September 13, 2021

Use this option if you want to scan the top 1000 ports.

$ nmap -F 10.10.10.10

$ nmap -F 10.10.10.10

If you want a single specific port, then use -p option.

$ nmap -p 80 10.10.10.10

$ nmap -p 80 10.10.10.10

Filed Under: Linux Tagged With: 1000, nmap, ports, scan, specific, top

GCP List Firewall Rules

September 10, 2021

Here’s how to list GCP firewall rules while filtering a service account. Output is exported as a CSV file.

gcloud compute firewall-rules list \
--project host-project \
--filter=service-account-name \
--format="csv(
name,
network,
direction,
priority,
sourceRanges.list():label=SRC_RANGES,
destinationRanges.list():label=DEST_RANGES,
allowed[].map().firewall_rule().list():label=ALLOW,
denied[].map().firewall_rule().list():label=DENY,
sourceTags.list():label=SRC_TAGS,
sourceServiceAccounts.list():label=SRC_SVC_ACCT,
targetTags.list():label=TARGET_TAGS,
targetServiceAccounts.list():label=TARGET_SVC_ACCT,
disabled)" \
> export.csv

gcloud compute firewall-rules list \ --project host-project \ --filter=service-account-name \ --format="csv( name, network, direction, priority, sourceRanges.list():label=SRC_RANGES, destinationRanges.list():label=DEST_RANGES, allowed[].map().firewall_rule().list():label=ALLOW, denied[].map().firewall_rule().list():label=DENY, sourceTags.list():label=SRC_TAGS, sourceServiceAccounts.list():label=SRC_SVC_ACCT, targetTags.list():label=TARGET_TAGS, targetServiceAccounts.list():label=TARGET_SVC_ACCT, disabled)" \ > export.csv

Filed Under: Cloud Tagged With: filter, firewall, gcp, list, rules, service account

RPM Hung

September 10, 2021

Check if there’s a runaway rpm process. This returns number of processes that are running.

ps -ef | grep rpm | wc -l

ps -ef | grep rpm | wc -l

Kill it.

killall -9 rpm

killall -9 rpm

You should be able to run yum updates from this point on.

Filed Under: Linux Tagged With: hung, kill, processes, rpm

  • Go to page 1
  • Go to page 2
  • Go to Next Page »
  • Home
  • About
  • Search

Copyright © 2023