key

Cross Account KMS keys

by Ulysses · Feb 2, 2021

If you have multiple AWS accounts, you can setup a customer-managed KMS (key management service) in the AWS Key Management Service, to secure requests or services between the two AWS accounts. The customer-managed KMS key is tied to an identity such as an IAM user or role. In addition to users and roles, other AWS accounts can be added to grant access. KMS can be symmetric or asymmetric. It’s symmetric be default. To grant access to the other account, you need to add the AWS Account Id to the key. It’s 12 digit number unique to each AWS account.

Once a key is created, the valid key ID can be used in a AWS SDK to access resources from the other AWS account.

EFS Encryption

by Ulysses · Dec 3, 2020

If you have an existing EFS that’s unencrypted, you can encrypt it be creating a snapshot using AWS Backup, and then restoring the file system to a new EFS with encryption. If you choose to restore in a directory in the same file system, it will not be encrypted. It has to be a new EFS. In addition, you’ll be asked to select which encryption key to use. The default key will work, unless you have your own.

SCP with a Key

by Ulysses · Oct 22, 2020

SCP is a secure copy utility in Linux. You’ll need access to your system. In this example, a pem key is used to authenticate to a host. SCP copies filename.ext to the home directory of ec2-user. It’s important to add the target directory, otherwise it will not work.

Here’s how to use SCP with a key from local to server.

scp -i key.pem filename.ext user@server:/home/user

From server to local. Run the command from local machine.

scp user@server:/home/user/file.txt /local/directory

Copy SSH Key to Server

by Ulysses · Jun 16, 2020

Here’s the command to copy a secret key to a remote server.

ssh-copy-id user@servername

This assumes you already generated a key.

AWS CLI Add User

by Ulysses · Dec 4, 2019

Here’s how to add an AWS user using the CLI.

aws iam create-user --user-name john.doe \
--tags Key='Name',Value='John Doe' Key='Role',Value='Admin'

Create an access key for the user.

aws iam create-access-key --user-name john.doe

GCP Create Service Account Key

by Ulysses · Sep 22, 2019

Here’s how to create a key for the GCP Service Account.

Create Key.

gcloud iam service-accounts keys create ~/key.json \
  --iam-account service-name@project-id.iam.gserviceaccount.com

Activate Key

gcloud auth activate-service-account service-name@project-id.iam.gserviceaccount.com \
--key-file=key.json

Revoke Key.

gcloud auth revoke service-account@project-id.iam.gserviceaccount.com

Delete Key

gcloud iam service-accounts keys delete key-id \
    --iam-account service-name@project-id.iam.gserviceaccount.com

SFTP with AWS Keys

by Ulysses · Jul 24, 2019

How to use SFTP with AWS Keys.

sftp -i "yourkey" ec2-user@your-server

To copy files to server. File will copied to user’s home directory.

sftp> put file.txt .