Uly.me

cloud engineer

Home/Archives for Cloud

EFS Encryption

If you have an existing EFS that’s unencrypted, you can encrypt it be creating a snapshot using AWS Backup, and then restoring the file system to a new EFS with encryption. If you choose to restore in a directory in the same file system, it will not be encrypted. It has to be a new EFS. In addition, you’ll be asked to select which encryption key to use. The default key will work, unless you have your own.

MySQL Read Only

If you need to perform backup or replicate a database, you can lock up the database by doing a global read block to make it read-only.

The process is:

  1. Make the server read-only, so that it processes only retrievals and blocks updates.
  2. You can then perform the backup.
  3. Change the server back to its normal read/write state.

Read only.

FLUSH TABLES WITH READ LOCK;
SET GLOBAL read_only = ON;

Back to normal mode.

SET GLOBAL read_only = OFF;
UNLOCK TABLES;

You can run these MySQL commands within MySQL or via a bash terminal. Check out my previous post.

EBS volume stuck in CloudFormation

When running CloudFormation, all the resources are being created with no problem. However it seems to be getting stuck at creating or mounting a volume. The CloudFormation fails and initiates a rollback. This is the error I am getting. 

Volume attachment between volume-id vol-xxxxxxxx and instance-id i-xxxxxxx at device /dev/xvda is attaching

This turned out to be a conflict on HVM EC2 instances because /dev/sda1 is being remapped to /dev/xvda. My second drive is also mapped to /dev/xvda. The fix was to simply to map it slightly different to avoid mapping conflict.

Here’s the original mapping.

Boot:   /dev/xvda
Device: /dev/xvda
Device: /dev/xvdb

Here’s the fix.

Boot:   /dev/xvda
Device: /dev/xvdb
Device: /dev/xvdc

AWS CLI Using Query

Instead of using AWS and JQ to get the snapshot names, you can do it with a single command using –query.

Here are the previous commands.

/usr/bin/aws lightsail get-instance-snapshots --region us-east-1 --profile default > $snaps
cat $snaps | jq -r '.instanceSnapshots[] | .name' > $names

Using query.

aws lightsail get-instance-snapshots \
--query 'instanceSnapshots[*].[name]' \
--region us-east-1 \
--profile default \
--output text > $names

Sensor Checks for Crowdstrike

Here’s the Crowdstrike Falcon Sensor checks.

#!/bin/bash
if [ -e /etc/redhat-release ] ; then
  if egrep -q 'Ootpa|CentOS Linux release 8' /etc/redhat-release ; then
    OSver="el8"
  elif egrep -q 'Maipo|CentOS Linux release 7' /etc/redhat-release ; then
    OSver="el7"
  elif egrep -q 'Santiago|CentOS release 6' /etc/redhat-release ; then
    OSver="el6"
  fi
fi
if [ -e /etc/os-release ] ; then
  if grep VERSION /etc/os-release | grep -q 15 ; then
    OSver="suse15"
  elif grep VERSION /etc/os-release | grep -q 12 ; then
    OSver="suse12"
  elif grep VERSION /etc/os-release | grep -q 11 ; then
    OSver="suse11"
  elif grep -q 'Linux 2' /etc/os-release ; then
    OSver="amzn2"
  elif grep -q 'AMI' /etc/os-release ; then
    OSver="amzn1"
  fi
fi
if [[ -f "/opt/CrowdStrike/falconctl" ]]; then
  case $OSver in
    suse15)
      if [ -z "$(ss -tapn | grep falcon)" ]; then message="Not Connected"; else message="Connected"; fi
      if systemctl is-active --quiet falcon-sensor; then status="Running"; else status="Stopped"; fi  
      ;;
    suse12)
      if [ -z "$(ss -tapn | grep falcon)" ]; then message="Not Connected"; else message="Connected"; fi
      if systemctl is-active --quiet falcon-sensor; then status="Running"; else status="Stopped"; fi  
      ;;
    suse11)
      if [ -z "$(ss -tapn | grep falcon)" ]; then message="Not Connected"; else message="Connected"; fi
      if (( $(ps -ef | grep -v grep | grep falcon-sensor | wc -l) > 0 )); then status="Running"; else status="Stopped"; fi
      ;;
    el8)
      if [ -z "$(netstat -tapn | grep falcon)" ]; then message="Not Connected"; else message="Connected"; fi
      if systemctl is-active --quiet falcon-sensor; then status="Running"; else status="Stopped"; fi
      ;;
    el7)
      if [ -z "$(netstat -tapn | grep falcon)" ]; then message="Not Connected"; else message="Connected"; fi
      if systemctl is-active --quiet falcon-sensor; then status="Running"; else status="Stopped"; fi  
      ;;
    el6)
      if [ -z "$(netstat -tapn | grep falcon)" ]; then message="Not Connected"; else message="Connected"; fi
      if (( $(ps -ef | grep -v grep | grep falcon-sensor | wc -l) > 0 )); then status="Running"; else status="Stopped"; fi  
      ;;
    amzn2)
      if [ -z "$(netstat -tapn | grep falcon)" ]; then message="Not Connected"; else message="Connected"; fi
      if systemctl is-active --quiet falcon-sensor; then status="Running"; else status="Stopped"; fi  
      ;;
    amzn1)
      if [ -z "$(netstat -tapn | grep falcon)" ]; then message="Not Connected"; else message="Connected"; fi
      if (( $(ps -ef | grep -v grep | grep falcon-sensor | wc -l) > 0 )); then status="Running"; else status="Stopped"; fi
      ;;
    *)
      ;;
  esac
else
    message="Not installed"
fi
if [[ -f "/opt/CrowdStrike/falconctl" ]]; then
    version=$(/opt/CrowdStrike/falconctl -g --version | awk '{print $3}')
else
    version="Not installed"
fi
if [ "$version" == "Not installed" ]; then status="Not installed"; fi
echo $version '|' $status '|' $message