Uly.me

cloud engineer

Home/Archives for aws

AWS S3 Acceleration CLI

Here is how to enable Amazon S3 Transfer Acceleration on a S3 bucket.

aws s3api put-bucket-accelerate-configuration \
--bucket bucketname \
--accelerate-configuration Status=Enabled \
--region us-east-1

Use an accelerate endpoint.

aws configure set default.s3.use_accelerate_endpoint true

To copy files to S3 you can use the default copy.

aws s3 cp file.txt s3://bucketname/keyname \
--region us-east-1

Or use the acceleration endpoint.

aws configure set s3.addressing_style virtual
aws s3 cp file.txt s3://bucketname/keyname \
--endpoint-url http://s3-accelerate.amazonaws.com \
--region us-east-1

AWS Update ACM Certs

Here’s how to update AWS Certificate Manager SSL Cert.

#!/bin/bash
cd /etc/letsencrypt/live/domain.com/
 
arn='arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
 
aws acm import-certificate \
--certificate fileb://cert.pem \
--certificate-chain fileb://chain.pem \
--private-key fileb://privkey.pem \
--certificate-arn $arn \
--region us-east-1

You can run this every time certbot updates your certificate. Or you can schedule it in crontab.

AWS IAM MFA

Here’s how to give AWS IAM users the ability to manage their own (MFA) Multi Factor Authentication. MFA makes your AWS console secure. AWS IAM users will be able to turn on MFA, using virtual devices such as Google Authenticator to secure their cloud accounts. Here’s the policy.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowViewAccountInfo",
      "Effect": "Allow",
      "Action": "iam:ListVirtualMFADevices",
      "Resource": "*"
    },
    {
      "Sid": "AllowManageOwnVirtualMFADevice",
      "Effect": "Allow",
      "Action": [
        "iam:CreateVirtualMFADevice",
        "iam:DeleteVirtualMFADevice"
      ],
      "Resource": "arn:aws:iam::*:mfa/${aws:username}"
    },
    {
      "Sid": "AllowManageOwnUserMFA",
      "Effect": "Allow",
      "Action": [
        "iam:DeactivateMFADevice",
        "iam:EnableMFADevice",
        "iam:ListUsers",
        "iam:GetUser",
        "iam:ListMFADevices",
        "iam:ResyncMFADevice"
      ],
      "Resource": "arn:aws:iam::*:user/${aws:username}"
    }
  ]
}