Uly.me

cloud engineer

  • Home
  • About
  • Archives
Home/Archives for aws

March 2, 2021

AWS Copy Snapshot to another Region

If you need to copy a snapshot from one region to another, here’s the AWS CLI command.

aws ec2 copy-snapshot \
    --region us-east-1 \
    --source-region us-east-2 \
    --source-snapshot-id snap-xxxxxxxxxxxxxxxxx \
    --description "This is the DR snapshot copy"

aws ec2 copy-snapshot \ --region us-east-1 \ --source-region us-east-2 \ --source-snapshot-id snap-xxxxxxxxxxxxxxxxx \ --description "This is the DR snapshot copy"

Output:

{
    "SnapshotId": "snap-xxxxxxxxxxxxxxxxx"
}

{ "SnapshotId": "snap-xxxxxxxxxxxxxxxxx" }

February 27, 2021

AWS List Machine Images

Here’s how to list AWS AMI (machine images) owned by yourself.

aws ec2 describe-images \
--query "Images[*].[Name,PlatformDetails]" \
--owners self \
--profile default \
--region us-east-1 \
--output text

aws ec2 describe-images \ --query "Images[*].[Name,PlatformDetails]" \ --owners self \ --profile default \ --region us-east-1 \ --output text

Output:

icecast-0.1     Linux/UNIX
jekyll-0.3      Linux/UNIX
docker-0.1      Linux/UNIX

icecast-0.1 Linux/UNIX jekyll-0.3 Linux/UNIX docker-0.1 Linux/UNIX

Specifying owners as self only display images owned by you.

February 16, 2021

AWS S3 Bucket Permission

I was getting this error when downloading a file from a S3 bucket.

fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden

fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden

Turns out to be a permission issue. Use –acl bucket-owner-full-control.

# UPLOAD
aws s3 cp file.txt s3://bucket-name/dir/ --acl bucket-owner-full-control
upload: .\file.txt to s3://bucket-name/dir/fw.sh
# DOWNLOAD
aws s3 cp s3://bucket-name/dir/file.txt . --acl bucket-owner-full-control
download: s3://bucket-name/dir/file.txt to .\file.txt

# UPLOAD aws s3 cp file.txt s3://bucket-name/dir/ --acl bucket-owner-full-control upload: .\file.txt to s3://bucket-name/dir/fw.sh # DOWNLOAD aws s3 cp s3://bucket-name/dir/file.txt . --acl bucket-owner-full-control download: s3://bucket-name/dir/file.txt to .\file.txt

You need to do for both upload and download.

February 14, 2021

AWS Spot Instances Running Docker

I have an AMI with docker installed. Here’s how I launch a spot instance using Terraform.

Here’s my Terraform script.

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
    }
  }
}
provider "aws" {
  profile = "default"
  region  = "us-east-1"
}
resource "aws_spot_instance_request" "docker" {
  ami                           = "ami-xxxxxxxxxxxxxxxx"
  spot_price                    = "0.0031"
  wait_for_fulfillment          = "true"
  key_name                      = "servers"
  instance_type                 = "t3.micro"
  subnet_id                     = "subnet-xxxxxxxxxxxxxxxx"
  security_groups               = ["sg-xxxxxxxxxxxxxxxxxx"]
  associate_public_ip_address   = "true"
  user_data = <<-EOF
              #!/bin/bash
              hostnamectl set-hostname docker
              EOF
  tags = {
        Name = "docker-0.1"
  }
}
resource "aws_ec2_tag" "tagging" {
  resource_id                   = aws_spot_instance_request.docker.spot_instance_id
  key                           = "Name"
  value                         = "docker-0.1"
}

terraform { required_providers { aws = { source = "hashicorp/aws" } } } provider "aws" { profile = "default" region = "us-east-1" } resource "aws_spot_instance_request" "docker" { ami = "ami-xxxxxxxxxxxxxxxx" spot_price = "0.0031" wait_for_fulfillment = "true" key_name = "servers" instance_type = "t3.micro" subnet_id = "subnet-xxxxxxxxxxxxxxxx" security_groups = ["sg-xxxxxxxxxxxxxxxxxx"] associate_public_ip_address = "true" user_data = <<-EOF #!/bin/bash hostnamectl set-hostname docker EOF tags = { Name = "docker-0.1" } } resource "aws_ec2_tag" "tagging" { resource_id = aws_spot_instance_request.docker.spot_instance_id key = "Name" value = "docker-0.1" }

I use “aws_ec2_tag” resource to tag the instance properly.

In addition, I use user_data to run a script, to set the hostname.

To launch via Terraform, I run the following commands.

terraform init
terraform apply

terraform init terraform apply

When done, I could stop the instance to stop incurring charges. Or just simply destroy it via Terraform.

terraform destroy

terraform destroy

It’s not bad deal for an instance that costs only $0.0031 per hour.

February 2, 2021

Cross Account KMS keys

If you have multiple AWS accounts, you can setup a customer-managed KMS (key management service) in the AWS Key Management Service, to secure requests or services between the two AWS accounts. The customer-managed KMS key is tied to an identity such as an IAM user or role. In addition to users and roles, other AWS accounts can be added to grant access. KMS can be symmetric or asymmetric. It’s symmetric be default. To grant access to the other account, you need to add the AWS Account Id to the key. It’s 12 digit number unique to each AWS account.

Once a key is created, the valid key ID can be used in a AWS SDK to access resources from the other AWS account.

  • 1
  • 2
  • 3
  • …
  • 24
  • Next Page »
  • Cloud
  • Linux
  • Git

Copyright © 2012–2021