aws

Create AWS VPC using Terraform

December 21, 2021

Creating a VPC in AWS using Terraform. The script will do the following:

Create a VPC
Create a Subnet
Create an Internet Gateway
Create a route in the default route table using the Internet Gateway

Contents of main.tf

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
    }
  }
}
 
provider "aws" {
  profile = "tfc"
  region  = "us-west-1"
}
 
resource "aws_vpc" "my-vpc" {
  cidr_block       = "10.0.4.0/24"
  instance_tenancy = "default"
  tags = {
    Name = "my-vpc"
  }
}
 
resource "aws_subnet" "my-subnet" {
  vpc_id            = aws_vpc.my-vpc.id
  cidr_block        = "10.0.4.0/24"
  availability_zone = "us-west-1a"
  tags = {
    Name = "my-subnet-us-west-1a"
  }
}
 
resource "aws_internet_gateway" "my-igw" {
  vpc_id = aws_vpc.my-vpc.id
  tags = {
    Name = "my-internet-gateway"
  }
}
 
resource "aws_default_route_table" "my-rt" {
  default_route_table_id = aws_vpc.my-vpc.default_route_table_id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.my-igw.id
  }
  tags = {
    Name = "my-route-table"
  }
}

AWS display Lightsail snapshots

December 1, 2021

How to display Lightsail snapshots.

#!/bin/bash
displaysnapshots () {
  echo '--------------------------------------------------------'
  aws lightsail get-instance-snapshots --query 'instanceSnapshots[].[name]' --output text | sort
  echo '--------------------------------------------------------'
}
displaysnapshots

Result.

daily_ulyme_1637812801
daily_ulyme_1637899201
daily_ulyme_1637985601
daily_ulyme_1638072001

Adding timestamp to the output.

  aws lightsail get-instance-snapshots --query 'instanceSnapshots[].[name,createdAt]' --output text | sort

Result.

daily_ulyme_1637812801	1637812806.853
daily_ulyme_1637899201	1637899208.285
daily_ulyme_1637985601	1637985606.184
daily_ulyme_1638072001	1638072006.579

Convert Unix timestamp to iso8601. Edit your ~/.aws/config file. Add this line.

cli_timestamp_format = iso8601

Result.

daily_ulyme_1637812801	2021-11-25T04:00:06.853000+00:00
daily_ulyme_1637899201	2021-11-26T04:00:08.285000+00:00
daily_ulyme_1637985601	2021-11-27T04:00:06.184000+00:00
daily_ulyme_1638072001	2021-11-28T04:00:06.579000+00:00

Terraform AWS Security Group

November 15, 2021

How to create a security group in AWS via Terraform.

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
    }
  }
}
 
provider "aws" {
  profile = "default"
  region  = "us-east-1"
}
 
resource "aws_security_group" "my_sg" {
  vpc_id       = "vpc-xxxxxxxxxxxxxxxxx"
  name         = "My Security Group"
  description  = "My Security Group"
  ingress {
	from_port   = 8088
	to_port     = 8088
        protocol    = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
        from_port   = 0
        to_port     = 0
        protocol    = "-1"
        cidr_blocks = ["0.0.0.0/0"]
  }
  tags = {
        Name = "My Security Group"
  }  
}

Terraform AWS S3

November 15, 2021

How to create S3 bucket via Terraform.

erraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
    }
  }
}
 
provider "aws" {
  profile = "default"
  region  = "us-east-1"
}
 
resource "aws_s3_bucket" "bucket" {
  bucket = "my-ulysses-bucket"
  acl    = "private"
 
  tags = {
    Name        = "My Ulysses bucket"
    Environment = "Dev"
  }
}
 
resource "aws_s3_bucket_public_access_block" "example" {
  bucket = aws_s3_bucket.bucket.id
  block_public_acls = true
  block_public_policy = true
  ignore_public_acls = true
  restrict_public_buckets = true
}

AWS Services that use Security Groups

November 9, 2021

Services that user Security Groups

EC2-Classic instance
Amazon EC2 instances
ElasticCache
AWS Elastic Beanstalk
Amazon Elastic MapReduce
Amazon RDS (Relational Database Service)
Amazon Redshift
Amazon ElastiCache
Amazon CloudSearch
Elastic Load Balancing
Lambda
Fargate
EFS

AWS Set Profile

November 7, 2021

If you find yourself using a named profile for every awscli command, you can set it temporarily.

Listing a bucket with a named profile.

aws s3 ls --profile=yourprofile

If you set AWS_PROFILE, you can then list a bucket without a named profile.

export AWS_PROFILE=yourprofile
aws s3 ls

After you are done, you can reset it back to default.

export AWS_PROFILE=default

AWS CloudWatch Alarms

October 25, 2021

How to enable and disable CloudWatch alarms

$ aws cloudwatch disable-alarm-actions --alarm-names myalarm --region us-east-1
$ aws cloudwatch enable-alarm-actions --alarm-names myalarm --region us-east-1

AWS Suspend Auto Scaling Group

October 20, 2021

You can administratively suspend a process in AWS Auto Scaling group for troubleshooting purposes.

Here are the available processes.

Terminate
Launch
AddToLoadBalancer
AlarmNotification
AZRebalance
HealthCheck
ReplaceUnhealthy
ScheduledActions

If you have difficulty launching a VM, check if any of these processes are suspended.

Removed them if applicable.