Author:
erics , July 29th, 2021
SUMMARY: Needed to create an AWS IAM Policy to allow a user access to create and delete EBS snapshots. This script also needed to be able to list volumes:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
{
"Version" : "2012-10-17" ,
"Statement" : [
{
"Sid" : "VisualEditor0" ,
"Effect" : "Allow" ,
"Action" : [
"ec2:DeleteSnapshot" ,
"ec2:ModifySnapshotAttribute" ,
"ec2:CreateSnapshots" ,
"ec2:ResetSnapshotAttribute" ,
"ec2:CreateSnapshot"
] ,
"Resource" : [
"arn:aws:ec2:*:ACCOUNT_ID_HERE:volume/*" ,
"arn:aws:ec2:*:ACCOUNT_ID_HERE:snapshot/*" ,
"arn:aws:ec2:*:ACCOUNT_ID_HERE:instance/*"
]
} ,
{
"Sid" : "VisualEditor1" ,
"Effect" : "Allow" ,
"Action" : [
"ec2:DescribeSnapshotAttribute" ,
"ec2:DescribeVolumes" ,
"ec2:DescribeSnapshots"
] ,
"Resource" : "*"
}
]
}
How-To's , Technology Tags: Amazon , AWS , Create , Delete , howto , IAM , JSON , Policy , Snapshot , tips , User , volume No comments
Author:
erics , July 29th, 2021
I was getting error “You must specify a region” when running any aws CLI command. The fix: Using the aws command:
aws configure set region us - east - 1 -- profile demo
which will automatically add the following to the file ~/.aws/config:
[ profile demo ]
region = us - east - 1
You many simply edit the ~/.aws/config file yourself and append the same thing:
vi ~ / . aws / config
[ profile demo ]
region = us - east - 1
How-To's , Technology Tags: AWS , aws cli , aws command , aws configure , aws set , cli , Command , Config , configure , Error , Region , You must specify a region No comments
Author:
erics , July 28th, 2021
SUMMARY: Needed to create an AWS IAM Policy to allow a user access to two buckets and their associated CDN’s in WordPress W3 Total Cache
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{
"Version" : "2012-10-17" ,
"Statement" : [
{
"Sid" : "VisualEditor0" ,
"Effect" : "Allow" ,
"Action" : "s3:ListBucket" ,
"Resource" : "arn:aws:s3:::wyzaerd-demo-prod"
} ,
{
"Sid" : "VisualEditor1" ,
"Effect" : "Allow" ,
"Action" : [
"s3:PutObject" ,
"s3:GetObject" ,
"s3:DeleteObject" ,
"s3:PutObjectAcl"
] ,
"Resource" : "arn:aws:s3:::wyzaerd-demo-prod/*"
} ,
{
"Sid" : "VisualEditor2" ,
"Effect" : "Allow" ,
"Action" : "s3:ListBucket" ,
"Resource" : "arn:aws:s3:::wyzaerd-demo-dev"
} ,
{
"Sid" : "VisualEditor3" ,
"Effect" : "Allow" ,
"Action" : [
"s3:PutObject" ,
"s3:GetObject" ,
"s3:DeleteObject" ,
"s3:PutObjectAcl"
] ,
"Resource" : "arn:aws:s3:::wyzaerd-demo-dev/*"
} ,
{
"Sid" : "VisualEditor4" ,
"Effect" : "Allow" ,
"Action" : [
"s3:ListAllMyBuckets" ,
"cloudfront:ListDistributions"
] ,
"Resource" : "*"
}
]
}
How-To's , Technology Tags: Amazon , AWS , Bucket , CDN , CloudFront , howto , IAM , JSON , Policy , S3 , tips , User , W3 Total Cache No comments
Author:
erics , July 16th, 2021
PROBLEM: Email delivery to Google was failing with a “Service Unavailable” error:
relay = aspmx . l . google . com . [ IPv6 : 2607 : f8b0 : 400d : c0c :: 1a ] , dsn = 5.0.0 , stat = Service unavailable
Note that the network address for the destination is shown as IPv6! That is the root cause of the issue: 1. Sendmail is sending mail from the IPv6 address instead of the IPv4 address 2. Google rejects IPv6 senders without proper reverse […]
How-To's , Technology Tags: Amazon , Amazzon Linux , AWS , Delivery , DSN , Email , howto , IPv4 , IPv6 , Linux , make , Restart , SendMail , sendmail.cf , sendmail.mc , service , Service Unavailable , SPF , tips , Unavailable No comments
Author:
erics , June 10th, 2021
I wanted to change instance type from t2 to t3, but got an error when i went to start the instance:
An error occurred ( InvalidParameterCombination ) when calling the StartInstances operation :
Enhanced networking with the Elastic Network Adapter ( ENA ) is required for the 't3.large' instance type . Ensure that your instance 'i-04ae4c6f7bfa96e51' is enabled for ENA .
I found this AWS docs page: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking-ena.html Below are the steps I need to follow on AWS Linux 1. Summary Steps Pre-flight tests on t2 modinfo ena -> see “ERROR: modinfo: could not […]
How-To's , Technology Tags: AWS , AWS Linux , AWS Linux 1 , Family , howto , Instance , Instance Family , Instance Type , Linux , t2 , t3 , tips , Type No comments
Author:
erics , February 19th, 2021
First, use lsblk to see the raw partitions:
# df -hT
Filesystem Type Size Used Avail Use % Mounted on
/ dev / nvme0n1p1 xfs 20G 2.8G 18G 14 % /
# lsblk
NAME MAJ : MIN RM SIZE RO TYPE MOUNTPOINT
nvme0n1 259 : 0 0 40G 0 disk
├─nvme0n1p1 259 : 1 0 20G 0 part /
└─nvme0n1p128 259 : 2 0 1M 0 part
Note how the partition at 259:1 is only 20GB, while the entire disk at 259:0 is 40GB. A partition resize is required in this case.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# sudo growpart /dev/nvme0n1 1
CHANGED : partition = 1 start = 4096 old : size = 41938911 end = 41943007 new : size = 83881951 end = 83886047
# lsblk
NAME MAJ : MIN RM SIZE RO TYPE MOUNTPOINT
nvme0n1 259 : 0 0 40G 0 disk
├─nvme0n1p1 259 : 1 0 40G 0 part /
└─nvme0n1p128 259 : 2 0 1M 0 part
# df -hT
Filesystem Type Size Used Avail Use % Mounted on
/ dev / nvme0n1p1 xfs 20G 2.8G 18G 14 % /
# sudo xfs_growfs -d /
meta - data = / dev / nvme0n1p1 isize = 512 agcount = 11 , agsize = 524159 blks
= sectsz = 512 attr = 2 , projid32bit = 1
= crc = 1 finobt = 1 spinodes = 0
data = bsize = 4096 blocks = 5242363 , imaxpct = 25
= sunit = 0 swidth = 0 blks
naming = version 2 bsize = 4096 ascii - ci = 0 ftype = 1
log = internal bsize = 4096 blocks = 2560 , version = 2
= sectsz = 512 sunit = 0 blks , lazy - count = 1
realtime = none extsz = 4096 blocks = 0 , rtextents = 0
data blocks changed from 5242363 to 10485243
# df -hT
/ dev / nvme0n1p1 xfs 40G 2.8G 38G 7 % /
If the XFS tools are not already installed , you can install them as follows :
sudo yum install xfsprogs
For an EXT4 filesystem, use the resize2fs command instead:
sudo resize2fs / dev / nvme0n1p1
For more information, please visit the AMW Docs: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recognize-expanded-volume-linux.html
How-To's , Technology Tags: Amazon , Amazon Linux 2 , AWS , df , df -hT , Disk , EBS , Expand , Filesystem , Grow , howto , Linux , Linux2 , lsblk , NVMe , partition , Resize , tips , volume , XFS No comments
Author:
erics , December 3rd, 2020
Problem While running the aws cli command from a Perl async command inside apid, I go the following error:
IOError : [ Errno 10 ] No child processes
Solution The issue turned out to be a bug in Python2.7, so I upgraded to Python3.4, then uninstalled and re-installed the aws cli software so that it used the proper Python34 version. Procedure
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
sudo - i
cd
## Upgrade Python
yum install python34
alternatives -- config python
## "Uninstall" old aws cli
mv / opt / aws / opt / aws . fcs
cd / usr / bin /
mv aws aws . fcs
mv aws_completer aws_completer . fcs
## Install new aws cli
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" - o "awscliv2.zip"
unzip awscliv2 . zip
. / aws / install - i / opt / aws - b / usr / bin
/ usr / bin / aws -- version
https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html […]
How-To's , Technology Tags: alternatives , API , apid , AWS , aws cli , AWS Linux , Broken , cli , Cloudformation , Command , Curl , Error , Exec , Execute , howto , IOError , Linux , No child processes , perl , Python , Python27 , Python34 , tips , Yum No comments
Author:
erics , November 18th, 2020
yum install https : //dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm
yum install mysql - community - server mysql - community - client mysql - community - common mysql - community - devel mysql - community - libs nagios - plugins - all nagios - plugins - mysql sysbench
grep 'temporary password' / var / log / mysqld . log
2020 - 11 - 18T15 : 17 : 13.884662Z 6 [ Note ] [ MY - 010454 ] [ Server ] A temporary password is generated for root @ localhost : ujtBqhNzE0 > 8
mysql_secure_installation - p 'ujtBqhNzE0>8'
systemctl enable -- now mysqld
mysql - uroot - p
mysql > ALTER USER 'root' @ 'localhost' IDENTIFIED BY 'secretStr0ngPassw0rd!' ;
How-To's , Technology Tags: AWS , AWS Linux , AWS Linux 2 , howto , Install , Linux , mysql , MySQL 8 , tips No comments
Author:
erics , May 6th, 2020
I ran letsencrypt-auto renew and got the following error:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
root @ prod06b : / etc / httpd / conf . d # /root/letsencrypt/letsencrypt-auto renew
Error : couldn 't get currently installed version for / opt / eff . org / certbot / venv / bin / letsencrypt :
Traceback ( most recent call last ) :
File "/opt/eff.org/certbot/venv/bin/letsencrypt" , line 7 , in < module >
from certbot . main import main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py" , line 2 , in < module >
from certbot . _internal import main as internal_main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/_internal/main.py" , line 10 , in < module >
import josepy as jose
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py" , line 41 , in < module >
from josepy . interfaces import JSONDeSerializable
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py" , line 7 , in < module >
from josepy import errors , util
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py" , line 7 , in < module >
import OpenSSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py" , line 8 , in < module >
from OpenSSL import crypto , SSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py" , line 12 , in < module >
from cryptography import x509
ImportError : No module named cryptography
The solution in this article gave me the answer:
sudo rm - rf / opt / eff . org / *
sudo pip install - U certbot
sudo certbot renew -- debug
Turns out Python was old at version 2.7, so did the following also:
sudo yum - y install python36
sudo alternatives -- config python
sudo pip install -- upgrade pip
Also had to change the cron job script to call certbot directly instead of letsencrypt-auto : vi /root/letsencrypt-cron.sh
#!/bin/sh
#
# letsencrypt-cron.sh
#
#OLD: if ! /root/letsencrypt/letsencrypt-auto renew > /var/log/letsencrypt/renew.log 2>&1 ; then
#NEW:
if ! / usr / bin / certbot renew > / var / log / letsencrypt / renew . log 2 > & 1 ; then
echo Automated renewal failed :
cat / var / log / letsencrypt / renew . log
exit 1
fi
apachectl graceful
How-To's , Technology Tags: AWS , AWS Linux , cert , Certbot , howto , Install , Linux , pip , Python , Renew , ssl , tips , upgrade , Yum No comments
Author:
erics , March 25th, 2020
I tried upgrading pip when prompted to do so: sudo pip install –upgrade pip This worked, but removed the system install in /usr/bin/pip and replaced it with /usr/local/bin/pip – NOT GOOD! The solution is as follows:
/ usr / local / bin / pip uninstall pip
yum remove python27 - pip
yum install python27 - pip
How-To's , Technology Tags: Amazon , Amazon Linux , AWS , CentOS , Downgrade , howto , Install , Linux , pip , pip install , pip uninstall , tips , Uninstall , upgrade , Yum No comments
erics, July 29th, 2021 
Categories: How-To's, Technology Amazon, AWS, Create, Delete, howto, IAM, JSON, Policy, Snapshot, tips, User, volume
| 
No comments 
