cloud engineer
If you need to copy a snapshot from one region to another, here’s the AWS CLI command.
aws ec2 copy-snapshot \
--region us-east-1 \
--source-region us-east-2 \
--source-snapshot-id snap-xxxxxxxxxxxxxxxxx \
--description "This is the DR snapshot copy" |
Output:
{ "SnapshotId": "snap-xxxxxxxxxxxxxxxxx" } |
Here’s how to list AWS AMI (machine images) owned by yourself.
aws ec2 describe-images \ --query "Images[*].[Name,PlatformDetails]" \ --owners self \ --profile default \ --region us-east-1 \ --output text |
Output:
icecast-0.1 Linux/UNIX jekyll-0.3 Linux/UNIX docker-0.1 Linux/UNIX |
Specifying owners as self only display images owned by you.
I was getting this error when downloading a file from a S3 bucket.
fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden |
Turns out to be a permission issue. Use –acl bucket-owner-full-control.
# UPLOAD aws s3 cp file.txt s3://bucket-name/dir/ --acl bucket-owner-full-control upload: .\file.txt to s3://bucket-name/dir/fw.sh # DOWNLOAD aws s3 cp s3://bucket-name/dir/file.txt . --acl bucket-owner-full-control download: s3://bucket-name/dir/file.txt to .\file.txt |
You need to do for both upload and download.
I have an AMI with docker installed. Here’s how I launch a spot instance using Terraform.
Here’s my Terraform script.
terraform { required_providers { aws = { source = "hashicorp/aws" } } } provider "aws" { profile = "default" region = "us-east-1" } resource "aws_spot_instance_request" "docker" { ami = "ami-xxxxxxxxxxxxxxxx" spot_price = "0.0031" wait_for_fulfillment = "true" key_name = "servers" instance_type = "t3.micro" subnet_id = "subnet-xxxxxxxxxxxxxxxx" security_groups = ["sg-xxxxxxxxxxxxxxxxxx"] associate_public_ip_address = "true" user_data = <<-EOF #!/bin/bash hostnamectl set-hostname docker EOF tags = { Name = "docker-0.1" } } resource "aws_ec2_tag" "tagging" { resource_id = aws_spot_instance_request.docker.spot_instance_id key = "Name" value = "docker-0.1" } |
I use “aws_ec2_tag” resource to tag the instance properly.
In addition, I use user_data to run a script, to set the hostname.
To launch via Terraform, I run the following commands.
terraform init terraform apply |
When done, I could stop the instance to stop incurring charges. Or just simply destroy it via Terraform.
terraform destroy |
It’s not bad deal for an instance that costs only $0.0031 per hour.
If you have multiple AWS accounts, you can setup a customer-managed KMS (key management service) in the AWS Key Management Service, to secure requests or services between the two AWS accounts. The customer-managed KMS key is tied to an identity such as an IAM user or role. In addition to users and roles, other AWS accounts can be added to grant access. KMS can be symmetric or asymmetric. It’s symmetric be default. To grant access to the other account, you need to add the AWS Account Id to the key. It’s 12 digit number unique to each AWS account.
Once a key is created, the valid key ID can be used in a AWS SDK to access resources from the other AWS account.