aws – Uly.me

AWS Security Groups IP Cidr

Posted on September 10, 2019September 10, 2019 by Ulysses

Here’s how to search for AWS Security Groups containing this IP Cidr.

aws ec2 describe-security-groups \
--filter Name=egress.ip-permission.cidr,Values='10.8.8.8/32' \
--query "SecurityGroups[*].{Name:GroupName}" \
--output text \
--profile default \
--region us-east-1

Search with ports.

aws ec2 describe-security-groups \
--filter Name=egress.ip-permission.cidr,Values='10.8.8.8/32' \
         Name=egress.ip-permission.from-port,Values='22' \
         Name=egress.ip-permission.to-port,Values='22' \
--query "SecurityGroups[*].{Name:GroupName}" \
--output text \
--profile default \
--region us-east-1

Query will only display the Security Group name.

MySQL Backup To S3 Bucket

Posted on September 7, 2019 by Ulysses

Here’s my MySQL backup script to the S3 Bucket.

Just a couple of things about the script. It’s using …

AWS CLI
Mysqldump

They must be setup and configured to work properly.

#!/bin/bash
cd /root/database
TIMESTAMP=$(date +%Y-%m-%d)
S3FILE="s3://bucketname/sqlbackup/backup-$TIMESTAMP.sql"
/usr/bin/mysqldump dbname > dbname.sql
/usr/local/bin/aws s3 cp dbname.sql $S3FILE
sleep 3s
rm dbname.sql

Finally, set the S3 bucket with a 7 day retention. Backups older than 7 days are automatically deleted.

AWS RDS Start and Stop Policy

Posted on August 29, 2019August 29, 2019 by Ulysses

Here’s a IAM policy that you can add to an IAM user or an IAM role so they are able to start and stop a specific RDS instance.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Condition": {
                "StringEqualsIgnoreCase": {
                    "rds:db-tag/Application": "application-name"
                }
            },
            "Action": [
                "rds:DescribeDBInstances",
                "rds:StartDBInstance",
                "rds:StopDBInstance"
            ],
            "Resource": "arn:aws:rds:us-east-1:xxxxxxxxxxxx:db:db-instance-name",
            "Effect": "Allow"
        }
    ]
}

AWS Instance Type to M5 or C5

Posted on August 28, 2019August 28, 2019 by Ulysses

If you have changed instance type to either C5 or M5 and it no longer boots, it’s due to the following reasons.

The Elastic Network Adapter (ENA) enaSupport attribute is disabled for the instance.
The ENA module isn’t installed on the instance
The NVMe module isn’t installed on the instance, or, if installed, the NVMe module isn’t loaded in the initramfs image of the instance.
You are trying to mount the file systems at boot time in the “/etc/fstab” file using a device name. Amazon Elastic Block Store (Amazon EBS) volumes are exposed as NVMe devices to these instance types, and the device names are changed. To avoid this, mount the file systems using UUID/Label. For more information, see Amazon EBS and NVMe.

You will need to run a Bash script to update the current instance to be able to support a C5 or M5 instance.

AWS IAM Get User

Posted on August 27, 2019August 28, 2019 by Ulysses

Here’s how to get a user info from AWS CLI.

aws iam get-user --user-name John.Doe --profile default

Page1 of 12 12 3 4 5 Next >Last >>