Uly.me

cloud engineer

Archives for September 2021

AWS Request Domain Renewal

Occassionally, AWS requires validation of your domain via email message. Here’s the command to send a request.

aws acm resend-validation-email \
--certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
--domain yourdomain.com \
--validation-domain yourdomain.com
 
aws acm resend-validation-email \
--certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
--domain www.yourdomain.com \
--validation-domain yourdomain.com

You will need acm:ResendValidationEmail permission to run the command.

AWSCLI Permission Denied

When running awscli as a user, I’m getting a permissioned denied.

[user@servername ~]$ aws s3 ls
Traceback (most recent call last):
  File "/home/db2inst1/.local/bin/aws", line 19, in <module>
    import awscli.clidriver
  File "/home/db2inst1/.local/lib/python2.7/site-packages/awscli/clidriver.py", line 17, in <module>
    import botocore.session
  File "/home/db2inst1/.local/lib/python2.7/site-packages/botocore/session.py", line 26, in <module>
    import botocore.configloader
  File "/home/db2inst1/.local/lib/python2.7/site-packages/botocore/configloader.py", line 19, in <module>
    from botocore.compat import six
  File "/home/db2inst1/.local/lib/python2.7/site-packages/botocore/compat.py", line 172, in <module>
    import xml.etree.cElementTree
  File "/usr/lib64/python2.7/xml/etree/cElementTree.py", line 3, in <module>
    from _elementtree import *
ImportError: PyCapsule_Import could not import module "pyexpat"

This is a permission error with the directory where the awscli is installed.

$ which aws 
/usr/local/bin/aws

I ran chmod to fix the directory permission.

chmod -R 755 /usr/local/aws-cli/

The error is now gone.

$ aws s3 ls
bucket-1
bucket-2
bucket-3

Nmap Scan Top 1000 Ports

Use this option if you want to scan the top 1000 ports.

$ nmap -F 10.10.10.10

If you want a single specific port, then use -p option.

$ nmap -p 80 10.10.10.10

RPM Hung

Check if there’s a runaway rpm process. This returns number of processes that are running.

ps -ef | grep rpm | wc -l

Kill it.

killall -9 rpm

You should be able to run yum updates from this point on.

AWSCLI cli_pager

In AWSCLI Version 2, it’s using “less” by default to send output to the screen. Less displays output one page at a time.

If less interferes with your script, then you can set “cli_pager” in ~/.aws/config to use nothing.

[default]
region = us-east-2
output = json
cli_pager =

If you have other profiles, add them as well.

[lightsail]
region = us-east-2
output = json
cli_pager =

Convert PPK to PEM

Convert PPK to PEM format.

  1. Open Puttygen.
  2. Click Load in the Actions section.
  3. Select the PPK file you wish to convert.
  4. Go to the Conversions menu and select Export OpenSSH key.
  5. Click Yes to convert key without a password.
  6. Name your private key and save it with a .pem extension.
  7. Click Save.

Your pem file should begin with “—–BEGIN RSA PRIVATE KEY—–” and ends with “—–END RSA PRIVATE KEY—–.”

You can also use puttygen in Linux. Install it first.

$ sudo apt-get install putty-tools

Convert your key.

$ puttygen yourkey.ppk -O private-openssh -o yourkey.pem

SSH to your server.

$ chmod 400 yourkey.pem
$ ssh -i yourkey.pem ec2-user@server-ip

Uninstall AWSCLI v2 on Linux

How to uninstall AWSCLI version 2 on Linux

Locate aws.

$ which aws
/usr/local/bin/aws

Delete the symlinks.

$ ls -l /usr/local/bin/aws
$ sudo rm /usr/local/bin/aws
$ sudo rm /usr/local/bin/aws_completer

Delete the install directory.

$ sudo rm -rf /usr/local/aws-cli

Once deleted, you can reinstall awscli.