Here’s how to display mount targets of an EFS system via AWS CLI.
aws efs describe-mount-targets --file-system-id fs-xxxxxxxx --profile default --region us-east-1 |
Tag: aws
Nitro-based Instance Volumes
AWS introduced Nitro-based instances which are modular. They are meant for high performance, high availability, and high security systems. Nitro building blocks provide direct access to high-speed local storage over a PCI interface and transparently encrypts all data using dedicated hardware. It also provides hardware-level isolation between storage devices and EC2 instances so that bare metal instances can benefit from local NVMe storage. The following are Nitro-based instances: A1, C5, C5d, C5n, I3en, M5, M5a, M5ad, M5d, p3dn.24xlarge, R5, R5a, R5ad, R5d, T3, T3a, and z1d. Bare metal: c5.metal, c5n.metal, i3.metal, i3en.metal, m5.metal, m5d.metal, r5.metal, r5d.metal, u-6tb1.metal, u-9tb1.metal, u-12tb1.metal, and z1d.metal.
Although Nitro-based instances looks like regular volumes (/dev/xvda) from the AWS Console, inside the operating system, they look (/dev/nvme6n1) completely different.
In AWS Console, the storage devices will look like this.
/dev/sda1 /dev/xvdb /dev/xvdc /dev/xvdd /dev/xvde /dev/xvdh /dev/xvdf /dev/xvdi /dev/xvdg /dev/xvdj |
In the operating system, invoking df -h, results in this.
/dev/nvme0n1p2 30G 7.0G 24G 24% / /dev/nvme4n1 50G 20G 31G 40% /vol1 /dev/nvme1n1 10G 753M 9.3G 8% /vol2 /dev/nvme8n1 500G 67G 433G 14% /backups /dev/nvme2n1 400G 12G 388G 3% /vol3 /dev/nvme6n1 150G 150G 755M 100% /vol4 /dev/nvme7n1 10G 33M 10G 1% /vol5 /dev/nvme5n1 10G 553M 9.5G 6% /vol6 /dev/nvme9n1 100G 91G 10G 91% /vol7 |
The big question is, how can you tell which volume is associated with which. You’ll need nvme program to map out the volumes. Install nvme-cli first.
yum install nvme-cli |
Then run the command below.
# run nvme sudo nvme id-ctrl -v /dev/nvme6n1 | grep xv # the result 0000: 2f 64 65 76 2f 73 64 6a 20 20 20 20 20 20 20 20 "/dev/xvdf..." |
AWS Security Groups IP Cidr
Here’s how to search for AWS Security Groups containing this IP Cidr.
aws ec2 describe-security-groups \ --filter Name=egress.ip-permission.cidr,Values='10.8.8.8/32' \ --query "SecurityGroups[*].{Name:GroupName}" \ --output text \ --profile default \ --region us-east-1 |
Search with ports.
aws ec2 describe-security-groups \ --filter Name=egress.ip-permission.cidr,Values='10.8.8.8/32' \ Name=egress.ip-permission.from-port,Values='22' \ Name=egress.ip-permission.to-port,Values='22' \ --query "SecurityGroups[*].{Name:GroupName}" \ --output text \ --profile default \ --region us-east-1 |
Query will only display the Security Group name.
MySQL Backup To S3 Bucket
Here’s my MySQL backup script to the S3 Bucket.
Just a couple of things about the script. It’s using …
- AWS CLI
- Mysqldump
They must be setup and configured to work properly.
#!/bin/bash cd /root/database TIMESTAMP=$(date +%Y-%m-%d) S3FILE="s3://bucketname/sqlbackup/backup-$TIMESTAMP.sql" /usr/bin/mysqldump dbname > dbname.sql /usr/local/bin/aws s3 cp dbname.sql $S3FILE sleep 3s rm dbname.sql |
Finally, set the S3 bucket with a 7 day retention. Backups older than 7 days are automatically deleted.
AWS RDS Start and Stop Policy
Here’s a IAM policy that you can add to an IAM user or an IAM role so they are able to start and stop a specific RDS instance.
{
"Version": "2012-10-17",
"Statement": [
{
"Condition": {
"StringEqualsIgnoreCase": {
"rds:db-tag/Application": "application-name"
}
},
"Action": [
"rds:DescribeDBInstances",
"rds:StartDBInstance",
"rds:StopDBInstance"
],
"Resource": "arn:aws:rds:us-east-1:xxxxxxxxxxxx:db:db-instance-name",
"Effect": "Allow"
}
]
} |