Uly.me

cloud engineer

Terraform AWS Security Group

How to create a security group in AWS via Terraform.

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
    }
  }
}
 
provider "aws" {
  profile = "default"
  region  = "us-east-1"
}
 
resource "aws_security_group" "my_sg" {
  vpc_id       = "vpc-xxxxxxxxxxxxxxxxx"
  name         = "My Security Group"
  description  = "My Security Group"
  ingress {
	from_port   = 8088
	to_port     = 8088
        protocol    = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
        from_port   = 0
        to_port     = 0
        protocol    = "-1"
        cidr_blocks = ["0.0.0.0/0"]
  }
  tags = {
        Name = "My Security Group"
  }  
}

Terraform AWS S3

How to create S3 bucket via Terraform.

erraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
    }
  }
}
 
provider "aws" {
  profile = "default"
  region  = "us-east-1"
}
 
resource "aws_s3_bucket" "bucket" {
  bucket = "my-ulysses-bucket"
  acl    = "private"
 
  tags = {
    Name        = "My Ulysses bucket"
    Environment = "Dev"
  }
}
 
resource "aws_s3_bucket_public_access_block" "example" {
  bucket = aws_s3_bucket.bucket.id
  block_public_acls = true
  block_public_policy = true
  ignore_public_acls = true
  restrict_public_buckets = true
}

AWS Services that use Security Groups

Services that user Security Groups

EC2-Classic instance
Amazon EC2 instances
ElasticCache
AWS Elastic Beanstalk
Amazon Elastic MapReduce
Amazon RDS (Relational Database Service)
Amazon Redshift
Amazon ElastiCache
Amazon CloudSearch
Elastic Load Balancing
Lambda
Fargate
EFS

AWS Set Profile

If you find yourself using a named profile for every awscli command, you can set it temporarily.

Listing a bucket with a named profile.

aws s3 ls --profile=yourprofile

If you set AWS_PROFILE, you can then list a bucket without a named profile.

export AWS_PROFILE=yourprofile
aws s3 ls

After you are done, you can reset it back to default.

export AWS_PROFILE=default

AWS CloudWatch Alarms

How to enable and disable CloudWatch alarms

$ aws cloudwatch disable-alarm-actions --alarm-names myalarm --region us-east-1
$ aws cloudwatch enable-alarm-actions --alarm-names myalarm --region us-east-1