Author:
erics, May 9th, 2023
I have been using RSA SSH keys forever to login to my various AWS EC2 instances. With macOS Ventura 13.3.1 ssh failed with the “Permission Denied” error. Using ssh -vvv, I saw that the RSA key was now being rejected. After much research, I decided to implement new keys on the client (Ventura) side using […]
Categories: How-To's, Technology Tags: AWS, denied, ed25519, Error, Generate, howto, key, Linux, MacOS, Permission Denied, public, Public Key, ssh, ssh-keygen, sshd, tips, Ventura
| 
No comments
Author:
erics, April 17th, 2023
First, use the AWS Console to modify the volume to the desired size, in our example we want to go from 10GB to 25GB for the root filesystem For a Xen ext4 root volume
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
# df -h Filesystem Size Used Avail Use% Mounted on /dev/xvda1 9.8G 9.6G 26M 100% / /dev/xvdf 200G 99G 102G 50% /volumes/data # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT xvda 202:0 0 10G 0 disk └─xvda1 202:1 0 10G 0 part / xvdf 202:80 0 200G 0 disk /volumes/data # growpart /dev/xvda 1 CHANGED: disk=/dev/xvda partition=1: start=4096 old: size=20967390,end=20971486 new: size=52424670,end=52428766 # lsblk lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT xvda 202:0 0 25G 0 disk └─xvda1 202:1 0 25G 0 part / xvdf 202:80 0 200G 0 disk /volumes/data # resize2fs /dev/xvda1 resize2fs 1.43.5 (04-Aug-2017) Filesystem at /dev/xvda1 is mounted on /; on-line resizing required old_desc_blocks = 1, new_desc_blocks = 2 The filesystem on /dev/xvda1 is now 6553083 (4k) blocks long. # df -hT Filesystem Type Size Used Avail Use% Mounted on /dev/xvda1 ext4 25G 9.6G 15G 40% / /dev/xvdf xfs 200G 99G 102G 50% /volumes/data |
For NVMe First, use lsblk to see the raw partitions:
|
|
# df -hT Filesystem Type Size Used Avail Use% Mounted on /dev/nvme0n1p1 xfs 20G 2.8G 18G 14% / # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT nvme0n1 259:0 0 40G 0 disk ├─nvme0n1p1 259:1 0 20G 0 part / └─nvme0n1p128 259:2 0 1M 0 part |
Note how the partition at 259:1 is only 20GB, […]
Categories: How-To's, Technology Tags: Amazon, Amazon Linux 2, AWS, df, df -hT, Disk, EBS, Expand, Filesystem, Grow, howto, Linux, Linux2, lsblk, NVMe, partition, Resize, tips, volume, XFS
| No comments
Author:
erics, December 30th, 2022
Summary Use AWS CloudTrail as the basis for a simple Intrusion Detection System to monitor your AWS account for unwanted activity. Background While I follow best practices for security, it is always possible that a bad actor could obtain my credentials and gain access to my AWS account. Once access is gained, such criminals could […]
Categories: Technology Tags: Attack, AWS, Bad Actor, Cloud, CloudTrail, CloudWatch, Compromise, Crypto, DDOS, Detection, dos, howto, IDS, Intrusion, Intrusion Detection, Mining, tips, Vector
| No comments
Author:
erics, September 9th, 2021
The aws s3 sync command is slow and painful! I needed a more efficient way to sync to large buckets (prod to dev). Finally settled on RClone: https://rclone.org/docs/
|
|
cd {extracted zip dir} ./rclone config cat ~/.config/rclone/rclone.conf |
During rclone config I called remote “s3” ;-}
|
|
./rclone sync -v --progress --fast-list --checksum s3:wyzaerd-demo-prod s3:wyzaerd-demo-dev |
Categories: How-To's, Technology Tags: AWS, Bucket, howto, rclone, rsync, S3, s3s3, s3s3mirror, Sync, tips
| No comments
Author:
erics, August 4th, 2021
I wanted to use the same SSH keys for multiple AWS regions. As it turns out, AWS simply stores the public key when you download the private key as a .pem file. The solution is to simply generate the public key locally from the existing .pem, then import the public key using the same name […]
Categories: How-To's, Technology Tags: Amaon, AWS, Copy Key Pair, howto, key-pair, KeyPair, Linux, ssh-keygen, tips
| No comments
Author:
erics, July 29th, 2021
SUMMARY: Needed to create an AWS IAM Policy to allow a user access to create and delete EBS snapshots. This script also needed to be able to list volumes:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:DeleteSnapshot", "ec2:ModifySnapshotAttribute", "ec2:CreateSnapshots", "ec2:ResetSnapshotAttribute", "ec2:CreateSnapshot" ], "Resource": [ "arn:aws:ec2:*:ACCOUNT_ID_HERE:volume/*", "arn:aws:ec2:*:ACCOUNT_ID_HERE:snapshot/*", "arn:aws:ec2:*:ACCOUNT_ID_HERE:instance/*" ] }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "ec2:DescribeSnapshotAttribute", "ec2:DescribeVolumes", "ec2:DescribeSnapshots" ], "Resource": "*" } ] } |
Categories: How-To's, Technology Tags: Amazon, AWS, Create, Delete, howto, IAM, JSON, Policy, Snapshot, tips, User, volume
| No comments
Author:
erics, July 29th, 2021
I was getting error “You must specify a region” when running any aws CLI command. The fix: Using the aws command:
|
|
aws configure set region us-east-1 --profile demo |
which will automatically add the following to the file ~/.aws/config:
|
|
[profile demo] region = us-east-1 |
You many simply edit the ~/.aws/config file yourself and append the same thing:
|
|
vi ~/.aws/config [profile demo] region = us-east-1 |
Categories: How-To's, Technology Tags: AWS, aws cli, aws command, aws configure, aws set, cli, Command, Config, configure, Error, Region, You must specify a region
| No comments
Author:
erics, July 28th, 2021
SUMMARY: Needed to create an AWS IAM Policy to allow a user access to two buckets and their associated CDN’s in WordPress W3 Total Cache
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::wyzaerd-demo-prod" }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:PutObjectAcl" ], "Resource": "arn:aws:s3:::wyzaerd-demo-prod/*" }, { "Sid": "VisualEditor2", "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::wyzaerd-demo-dev" }, { "Sid": "VisualEditor3", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:PutObjectAcl" ], "Resource": "arn:aws:s3:::wyzaerd-demo-dev/*" }, { "Sid": "VisualEditor4", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "cloudfront:ListDistributions" ], "Resource": "*" } ] } |
Categories: How-To's, Technology Tags: Amazon, AWS, Bucket, CDN, CloudFront, howto, IAM, JSON, Policy, S3, tips, User, W3 Total Cache
| No comments
Author:
erics, July 16th, 2021
PROBLEM: Email delivery to Google was failing with a “Service Unavailable” error:
|
|
relay=aspmx.l.google.com. [IPv6:2607:f8b0:400d:c0c::1a], dsn=5.0.0, stat=Service unavailable |
Note that the network address for the destination is shown as IPv6! That is the root cause of the issue: 1. Sendmail is sending mail from the IPv6 address instead of the IPv4 address 2. Google rejects IPv6 senders without proper reverse […]
Categories: How-To's, Technology Tags: Amazon, Amazzon Linux, AWS, Delivery, DSN, Email, howto, IPv4, IPv6, Linux, make, Restart, SendMail, sendmail.cf, sendmail.mc, service, Service Unavailable, SPF, tips, Unavailable
| No comments
Author:
erics, June 10th, 2021
I wanted to change instance type from t2 to t3, but got an error when i went to start the instance:
|
|
An error occurred (InvalidParameterCombination) when calling the StartInstances operation: Enhanced networking with the Elastic Network Adapter (ENA) is required for the 't3.large' instance type. Ensure that your instance 'i-04ae4c6f7bfa96e51' is enabled for ENA. |
I found this AWS docs page: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking-ena.html Below are the steps I need to follow on AWS Linux 1. Summary Steps Pre-flight tests on t2 modinfo ena -> see “ERROR: modinfo: could not […]
Categories: How-To's, Technology Tags: AWS, AWS Linux, AWS Linux 1, Family, howto, Instance, Instance Family, Instance Type, Linux, t2, t3, tips, Type
| No comments
