• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

Archives for September 2021

AWS Request Domain Renewal

September 17, 2021

Occassionally, AWS requires validation of your domain via email message. Here’s the command to send a request.

aws acm resend-validation-email \
--certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
--domain yourdomain.com \
--validation-domain yourdomain.com
 
aws acm resend-validation-email \
--certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
--domain www.yourdomain.com \
--validation-domain yourdomain.com

aws acm resend-validation-email \ --certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ --domain yourdomain.com \ --validation-domain yourdomain.com aws acm resend-validation-email \ --certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ --domain www.yourdomain.com \ --validation-domain yourdomain.com

You will need acm:ResendValidationEmail permission to run the command.

Filed Under: Cloud Tagged With: acm, awscli, certificate, renewal, validation

AWSCLI Permission Denied

September 15, 2021

When running awscli as a user, I’m getting a permissioned denied.

[user@servername ~]$ aws s3 ls
Traceback (most recent call last):
  File "/home/db2inst1/.local/bin/aws", line 19, in <module>
    import awscli.clidriver
  File "/home/db2inst1/.local/lib/python2.7/site-packages/awscli/clidriver.py", line 17, in <module>
    import botocore.session
  File "/home/db2inst1/.local/lib/python2.7/site-packages/botocore/session.py", line 26, in <module>
    import botocore.configloader
  File "/home/db2inst1/.local/lib/python2.7/site-packages/botocore/configloader.py", line 19, in <module>
    from botocore.compat import six
  File "/home/db2inst1/.local/lib/python2.7/site-packages/botocore/compat.py", line 172, in <module>
    import xml.etree.cElementTree
  File "/usr/lib64/python2.7/xml/etree/cElementTree.py", line 3, in <module>
    from _elementtree import *
ImportError: PyCapsule_Import could not import module "pyexpat"

[user@servername ~]$ aws s3 ls Traceback (most recent call last): File "/home/db2inst1/.local/bin/aws", line 19, in <module> import awscli.clidriver File "/home/db2inst1/.local/lib/python2.7/site-packages/awscli/clidriver.py", line 17, in <module> import botocore.session File "/home/db2inst1/.local/lib/python2.7/site-packages/botocore/session.py", line 26, in <module> import botocore.configloader File "/home/db2inst1/.local/lib/python2.7/site-packages/botocore/configloader.py", line 19, in <module> from botocore.compat import six File "/home/db2inst1/.local/lib/python2.7/site-packages/botocore/compat.py", line 172, in <module> import xml.etree.cElementTree File "/usr/lib64/python2.7/xml/etree/cElementTree.py", line 3, in <module> from _elementtree import * ImportError: PyCapsule_Import could not import module "pyexpat"

This is a permission error with the directory where the awscli is installed.

$ which aws 
/usr/local/bin/aws

$ which aws /usr/local/bin/aws

I ran chmod to fix the directory permission.

chmod -R 755 /usr/local/aws-cli/

chmod -R 755 /usr/local/aws-cli/

The error is now gone.

$ aws s3 ls
bucket-1
bucket-2
bucket-3

$ aws s3 ls bucket-1 bucket-2 bucket-3

Filed Under: Cloud, Linux Tagged With: awscli, chmod, issue, permission

Nmap Scan Top 1000 Ports

September 13, 2021

Use this option if you want to scan the top 1000 ports.

$ nmap -F 10.10.10.10

$ nmap -F 10.10.10.10

If you want a single specific port, then use -p option.

$ nmap -p 80 10.10.10.10

$ nmap -p 80 10.10.10.10

Filed Under: Linux Tagged With: 1000, nmap, ports, scan, specific, top

GCP List Firewall Rules

September 10, 2021

Here’s how to list GCP firewall rules while filtering a service account. Output is exported as a CSV file.

gcloud compute firewall-rules list \
--project host-project \
--filter=service-account-name \
--format="csv(
name,
network,
direction,
priority,
sourceRanges.list():label=SRC_RANGES,
destinationRanges.list():label=DEST_RANGES,
allowed[].map().firewall_rule().list():label=ALLOW,
denied[].map().firewall_rule().list():label=DENY,
sourceTags.list():label=SRC_TAGS,
sourceServiceAccounts.list():label=SRC_SVC_ACCT,
targetTags.list():label=TARGET_TAGS,
targetServiceAccounts.list():label=TARGET_SVC_ACCT,
disabled)" \
> export.csv

gcloud compute firewall-rules list \ --project host-project \ --filter=service-account-name \ --format="csv( name, network, direction, priority, sourceRanges.list():label=SRC_RANGES, destinationRanges.list():label=DEST_RANGES, allowed[].map().firewall_rule().list():label=ALLOW, denied[].map().firewall_rule().list():label=DENY, sourceTags.list():label=SRC_TAGS, sourceServiceAccounts.list():label=SRC_SVC_ACCT, targetTags.list():label=TARGET_TAGS, targetServiceAccounts.list():label=TARGET_SVC_ACCT, disabled)" \ > export.csv

Filed Under: Cloud Tagged With: filter, firewall, gcp, list, rules, service account

RPM Hung

September 10, 2021

Check if there’s a runaway rpm process. This returns number of processes that are running.

ps -ef | grep rpm | wc -l

ps -ef | grep rpm | wc -l

Kill it.

killall -9 rpm

killall -9 rpm

You should be able to run yum updates from this point on.

Filed Under: Linux Tagged With: hung, kill, processes, rpm

AWSCLI cli_pager

September 5, 2021

In AWSCLI Version 2, it’s using “less” by default to send output to the screen. Less displays output one page at a time.

If less interferes with your script, then you can set “cli_pager” in ~/.aws/config to use nothing.

[default]
region = us-east-2
output = json
cli_pager =

[default] region = us-east-2 output = json cli_pager =

If you have other profiles, add them as well.

[lightsail]
region = us-east-2
output = json
cli_pager =

[lightsail] region = us-east-2 output = json cli_pager =

Filed Under: Cloud, Linux Tagged With: awscli, cli_pager, less, v2

Convert PPK to PEM

September 2, 2021

Convert PPK to PEM format.

  1. Open Puttygen.
  2. Click Load in the Actions section.
  3. Select the PPK file you wish to convert.
  4. Go to the Conversions menu and select Export OpenSSH key.
  5. Click Yes to convert key without a password.
  6. Name your private key and save it with a .pem extension.
  7. Click Save.

Your pem file should begin with “—–BEGIN RSA PRIVATE KEY—–” and ends with “—–END RSA PRIVATE KEY—–.”

You can also use puttygen in Linux. Install it first.

$ sudo apt-get install putty-tools

$ sudo apt-get install putty-tools

Convert your key.

$ puttygen yourkey.ppk -O private-openssh -o yourkey.pem

$ puttygen yourkey.ppk -O private-openssh -o yourkey.pem

SSH to your server.

$ chmod 400 yourkey.pem
$ ssh -i yourkey.pem ec2-user@server-ip

$ chmod 400 yourkey.pem $ ssh -i yourkey.pem ec2-user@server-ip

Filed Under: Windows Tagged With: convert, pem, ppk, puttygen

Uninstall AWSCLI v2 on Linux

September 1, 2021

How to uninstall AWSCLI version 2 on Linux

Locate aws.

$ which aws
/usr/local/bin/aws

$ which aws /usr/local/bin/aws

Delete the symlinks.

$ ls -l /usr/local/bin/aws
$ sudo rm /usr/local/bin/aws
$ sudo rm /usr/local/bin/aws_completer

$ ls -l /usr/local/bin/aws $ sudo rm /usr/local/bin/aws $ sudo rm /usr/local/bin/aws_completer

Delete the install directory.

$ sudo rm -rf /usr/local/aws-cli

$ sudo rm -rf /usr/local/aws-cli

Once deleted, you can reinstall awscli.

Filed Under: Cloud Tagged With: awscli, uninstall, v2

  • Home
  • About
  • Archives

Copyright © 2023