Sep 15, 2017
#aws
#ip
#policy
Policy to restrict IAM AWS API requests to a specific set of IP addresses.
{ "Version": "2012-10-17", "Statement": { "Effect": "Deny", "Action": "*", "Resource": "*", "Condition": { "NotIpAddress": { "aws:SourceIp": [ "10.13.0.0/16", "72.55.175.70/32", "10.100.0.0/16" ] } } } } After applying this policy others may need to be applied or in case all in one required, something like this can be used:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Deny", "Action": "*", "Resource": "*", "Condition": { "NotIpAddress": { "aws:SourceIp": [ "10.
…
Aug 12, 2017
#terraform
#vpc
#aws
Example of a full VPC setup using terraform, including VPN and using the default subnet:
resource "aws_vpc" "test" { cidr_block = "10.100.0.0/16" enable_dns_hostnames = "true" enable_dns_support = "true" tags { Name = "test" } } output "vpc_id" { value = "${aws_vpc.test.id}" } resource "aws_internet_gateway" "igw" { vpc_id = "${aws_vpc.test.id}" tags { Name = "internet gateway" } } resource "aws_subnet" "public-a" { vpc_id = "${aws_vpc.test.id}" cidr_block = "10.100.0.0/24" availability_zone = "eu-central-1a" tags { Name = "public A" } } output "subnet-public-a" { value = "${aws_subnet.
…
May 31, 2017
#aws
#network ACL
AWS network ACL deny rule To block full access from an list of IP’s within AWS:
$ count=0; for i in `cat ips.txt` count=$((count + 1)) && aws ec2 create-network-acl-entry --network-acl-id acl-XXXXXXXX --ingress --rule-number $count --protocol all --port-range From=0,To=65535 --cidr-block $i/32 --rule-action deny In where ips.txt is a file containing the IP addresses, for example:
169.254.2.2 169.254.1.2 ... WARNING The default limit for a single network ACL rules set by AWS is 20 for ingress and 20 for egress rules including the default rules.
…
May 30, 2017
#aws
#meta-data
AWS meta-data Instance metadata is data about your instance that you can use to configure or manage the running instance. Instance metadata is divided into categories. For more information, see Instance Metadata Categories.
To view all the categories:
curl http://169.254.169.254/latest/meta-data/ To obtain the private IP address:
curl http://169.254.169.254/latest/meta-data/local-ipv4 To obtain the public IP address:
curl http://169.254.169.254/latest/meta-data/public-ipv4 To obtain the ssh public key:
curl http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key To obtain the instance name:
…
Sep 27, 2016
#uptime
#aws
AWS >= 657 days OS: FreeBSD 8.2 AWS: us-east-1 Type: t1.micro
…
Aug 30, 2016
#aws
#autoscaling
#remap
If doing more than 100 requests implying the AWS CLI associate-address sub-command, subsequent calls will cost $0.10 each, so If doing to much scale in/out or have a monitoring/automated tool that frecuenly make API calls using this sub-command, the bill is not going to be cheap:
Scale in (remove instances) Scale out (add instances) Long story short, The associate-address sub-command, is an idempotent operation, if you call “aws ec2 associate-address” with the same combination of instance and EIP as the one currently in place, it won’t return an error; instead, it will return and count as successful, regardless of whether an actual allocation was done or not.
…
Jun 18, 2016
#aws
#VPC
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
Things to keep in mind. Normalize your network First of all, do not invent IP’s, please use and create a normalized range using the private ranges: https://en.
…