• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

gcp

Logging In to AWS and GCP

January 22, 2023

Here’s my Bash script to login to both AWS and GCP. It has a little bit of intelligence. It checks if you are already logged in, and skips if you are. If not logged in, it will open up the cloud web console which is protected by Okta. The script has been redacted and replace with generic usernames and web pages for security reasons.

#!/bin/bash
## CHECK IF LOGGED IN TO GCP 
read -p "Login to GCP? (y/n) : " login_gcp
if [[ $login_gcp = "y" ]]; then
  file1="/Users/username/code/etc/auth-gcp.txt"
  gcloud auth print-identity-token 1> /dev/null 2> $file
  user=$(gcloud config list account --format "value(core.account)")
  auth=$(cat "$file" | head -n 1)
  rm -f $file1
  if [[ $auth == "Reauthentication required." ]] ||  [[ $user != "first.last@domain.com" ]]; then
    echo "Logging in to Google Cloud Platform."
    gcloud auth login
    gcloud auth application-default login
    open https://okta-login
  else
    echo "You are already logged in to Google Cloud Platform."
  fi
else
  echo "Skipping GCP ... "
fi
## CHECK IF LOGGED IN TO AWS
read -p "Login to AWS? (y/n) : " login_aws
if [[ $login_aws = "y" ]]; then  
  file2=""/Users/username/code/etc/auth-aws.txt""
  aws sts get-caller-identity 2> $file2
  expired=$(tail -n +2 "$file2")
  rm -f $file2
  if [[ $expired =~ "expired" ]] || [[ $expired =~ "Unable" ]]; then
    open https://okta-login
    echo "please wait until web page loads ... "
    read -p "Press any key to continue... " -n1 -s
    echo ""
    basecred='/Users/username/.aws/credentials.base'
    newcreds='/Users/username/Downloads/credentials'
    creds='/Users/username/.aws/credentials'
    if [ ! -f $newcreds ]; then
      echo 'No AWS credentials.'
      exit
    else
      cat $newcreds $basecred > $creds
      echo 'New AWS credentials.'
      sleep 3
      rm -f $newcreds
    fi
  else
    echo "You are already logged in to AWS."
  fi
else 
  echo "Skipping AWS ... "
fi

#!/bin/bash ## CHECK IF LOGGED IN TO GCP read -p "Login to GCP? (y/n) : " login_gcp if [[ $login_gcp = "y" ]]; then file1="/Users/username/code/etc/auth-gcp.txt" gcloud auth print-identity-token 1> /dev/null 2> $file user=$(gcloud config list account --format "value(core.account)") auth=$(cat "$file" | head -n 1) rm -f $file1 if [[ $auth == "Reauthentication required." ]] || [[ $user != "first.last@domain.com" ]]; then echo "Logging in to Google Cloud Platform." gcloud auth login gcloud auth application-default login open https://okta-login else echo "You are already logged in to Google Cloud Platform." fi else echo "Skipping GCP ... " fi ## CHECK IF LOGGED IN TO AWS read -p "Login to AWS? (y/n) : " login_aws if [[ $login_aws = "y" ]]; then file2=""/Users/username/code/etc/auth-aws.txt"" aws sts get-caller-identity 2> $file2 expired=$(tail -n +2 "$file2") rm -f $file2 if [[ $expired =~ "expired" ]] || [[ $expired =~ "Unable" ]]; then open https://okta-login echo "please wait until web page loads ... " read -p "Press any key to continue... " -n1 -s echo "" basecred='/Users/username/.aws/credentials.base' newcreds='/Users/username/Downloads/credentials' creds='/Users/username/.aws/credentials' if [ ! -f $newcreds ]; then echo 'No AWS credentials.' exit else cat $newcreds $basecred > $creds echo 'New AWS credentials.' sleep 3 rm -f $newcreds fi else echo "You are already logged in to AWS." fi else echo "Skipping AWS ... " fi

Filed Under: Cloud, Linux Tagged With: aws, gcp, login, script

GCP List of BMS Servers

September 15, 2022

Here’s how to list Bare Metal Servers in Google Cloud Platform via gcloud.

gcloud bms instances list --region REGION --project PROJECT

gcloud bms instances list --region REGION --project PROJECT

Result

NAME            ID                 PROJECT         REGION       MACHINE_TYPE           CLIENT_IPS    PRIVATE_IPS                    STATE
server-001      at-xxxxxxx-svr001  project-01      us-central1  o2-ultramem-896-metal  10.0.0.1      192.168.253.1,192.168.252.1    RUNNING
server-002      at-xxxxxxx-svr002  project-02      us-central1  o2-ultramem-896-metal  10.0.0.2      192.168.253.2,192.168.252.2    RUNNING

NAME ID PROJECT REGION MACHINE_TYPE CLIENT_IPS PRIVATE_IPS STATE server-001 at-xxxxxxx-svr001 project-01 us-central1 o2-ultramem-896-metal 10.0.0.1 192.168.253.1,192.168.252.1 RUNNING server-002 at-xxxxxxx-svr002 project-02 us-central1 o2-ultramem-896-metal 10.0.0.2 192.168.253.2,192.168.252.2 RUNNING

Obviously you can see the same from GCP’s Console.

Filed Under: Cloud Tagged With: bms, gcp, instances, list

GCP Role Policy Binding

September 6, 2022

How to display the policy binding.

gcloud compute instances get-iam-policy SERVER --project=PROJECT_ID --zone=ZONE

gcloud compute instances get-iam-policy SERVER --project=PROJECT_ID --zone=ZONE

Result

# There is no binding policy
etag: ACAB
 
# There is a binding policy
bindings:
- members:
  - serviceAccount:SERVICEACCOUNT
  role: organizations/xxxxxxxxxxxx/roles/ROLE
etag: xxxxxxxxxxx=
version: 1

# There is no binding policy etag: ACAB # There is a binding policy bindings: - members: - serviceAccount:SERVICEACCOUNT role: organizations/xxxxxxxxxxxx/roles/ROLE etag: xxxxxxxxxxx= version: 1

Add a role binding policy

gcloud compute instances add-iam-policy-binding SERVER \
--project=PROJECT_ID \
--zone=ZONE \
--member=serviceAccount:SERVICEACCOUNT \
--role="organizations/xxxxxxxxxxxx/roles/ROLE"

gcloud compute instances add-iam-policy-binding SERVER \ --project=PROJECT_ID \ --zone=ZONE \ --member=serviceAccount:SERVICEACCOUNT \ --role="organizations/xxxxxxxxxxxx/roles/ROLE"

Remove a role binding policy

gcloud compute instances remove-iam-policy-binding SERVER \
--project=PROJECT_ID \
--zone=ZONE \
--member=serviceAccount:SERVICEACCOUNT \
--role="organizations/xxxxxxxxxxxx/roles/ROLE"

gcloud compute instances remove-iam-policy-binding SERVER \ --project=PROJECT_ID \ --zone=ZONE \ --member=serviceAccount:SERVICEACCOUNT \ --role="organizations/xxxxxxxxxxxx/roles/ROLE"

Filed Under: Cloud Tagged With: binding, gcp, policy, role, vm

GCP Extend ext4 Boot Volume

July 28, 2022

Here’s how to extend an ext4 boot volume.

gcloud compute disks resize DISK_NAME --size DISK_SIZE --zone ZONE --project PROJECTID

gcloud compute disks resize DISK_NAME --size DISK_SIZE --zone ZONE --project PROJECTID

Resize the file system. Example / is on sda3.

growpart /dev/sda 3
resize2fs /dev/sda3

growpart /dev/sda 3 resize2fs /dev/sda3

Filed Under: Cloud, Linux Tagged With: boot, ext4, extend, gcloud, gcp, growpart, resize2fs, volume

GCP Create Service Account via Terraform

June 27, 2022

How to create service account in GCP via Terraform.

provider "google" {
  project = "your_project_id"
}
resource "google_service_account" "service_account" {
  account_id   = "your-service-account-name"
  display_name = "test service account built by terraform"
}

provider "google" { project = "your_project_id" } resource "google_service_account" "service_account" { account_id = "your-service-account-name" display_name = "test service account built by terraform" }

Filed Under: Cloud Tagged With: create, gcp, service account, terraform

GCP CloudShell via Terminal

June 20, 2022

Connect to your CloudShell environment from your terminal.

$ gcloud cloud-shell ssh
Welcome to Cloud Shell! Type "help" to get started.
first.last@cloudshell $
first.last@cloudshell $

$ gcloud cloud-shell ssh Welcome to Cloud Shell! Type "help" to get started. first.last@cloudshell $ first.last@cloudshell $

Once logged in, you can set your project.

first.last@cloudshell $ gcloud config set project $PROJECT_ID

first.last@cloudshell $ gcloud config set project $PROJECT_ID

Filed Under: Cloud Tagged With: cloud shell, connect, gcp, terminal

GCP Move VM to another VPC

June 19, 2022

Here’s how to move a VM to another VPC.

Stop VM.

gcloud compute instances stop $INSTANCE_NAME \
--zone $ZONE_NAME \
--project $PROJECT_ID

gcloud compute instances stop $INSTANCE_NAME \ --zone $ZONE_NAME \ --project $PROJECT_ID

Move VM to another VPC.

gcloud compute instances network-interfaces update $INSTANCE_NAME \
--zone $ZONE_NAME \
--network-interface=nic0 \
--network $YOUR_NETWORK \
--subnetwork $YOUR_SUBNETWORK \
--project $PROJECT_ID

gcloud compute instances network-interfaces update $INSTANCE_NAME \ --zone $ZONE_NAME \ --network-interface=nic0 \ --network $YOUR_NETWORK \ --subnetwork $YOUR_SUBNETWORK \ --project $PROJECT_ID

Start VM.

gcloud compute instances start $INSTANCE_NAME \
--zone $ZONE_NAME \
--project $PROJECT_ID

gcloud compute instances start $INSTANCE_NAME \ --zone $ZONE_NAME \ --project $PROJECT_ID

Filed Under: Cloud Tagged With: gcp, move, vm, vpc

gsutil Describe Bucket

June 13, 2022

How to describe a GCP bucket.

gsutil ls -L -b gs://my-bucket

gsutil ls -L -b gs://my-bucket

Filed Under: Cloud Tagged With: bucket, describe, gcp, gsutil

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 16
  • Go to Next Page »
  • Home
  • About
  • Archives

Copyright © 2023