IT notes

AWS Policy Access by IP

Policy to restrict IAM AWS API requests to a specific set of IP addresses. { "Version": "2012-10-17", "Statement": { "Effect": "Deny", "Action": "*", "Resource": "*", "Condition": { "NotIpAddress": { "aws:SourceIp": [ "10.13.0.0/16", "72.55.175.70/32", "10.100.0.0/16" ] } } } } After applying this policy others may need to be applied or in case all in one required, something like this can be used: { "Version": "2012-10-17", "Statement": [{ "Effect": "Deny", "Action": "*", "Resource": "*", "Condition": { "NotIpAddress": { "aws:SourceIp": [ "10.

Terraform Full Vpc

Example of a full VPC setup using terraform, including VPN and using the default subnet: resource "aws_vpc" "test" { cidr_block = "10.100.0.0/16" enable_dns_hostnames = "true" enable_dns_support = "true" tags { Name = "test" } } output "vpc_id" { value = "${aws_vpc.test.id}" } resource "aws_internet_gateway" "igw" { vpc_id = "${aws_vpc.test.id}" tags { Name = "internet gateway" } } resource "aws_subnet" "public-a" { vpc_id = "${aws_vpc.test.id}" cidr_block = "10.100.0.0/24" availability_zone = "eu-central-1a" tags { Name = "public A" } } output "subnet-public-a" { value = "${aws_subnet.

aws network acl

AWS network ACL deny rule To block full access from an list of IP’s within AWS: $ count=0; for i in `cat ips.txt` count=$((count + 1)) && aws ec2 create-network-acl-entry --network-acl-id acl-XXXXXXXX --ingress --rule-number $count --protocol all --port-range From=0,To=65535 --cidr-block $i/32 --rule-action deny In where ips.txt is a file containing the IP addresses, for example: 169.254.2.2 169.254.1.2 ... WARNING The default limit for a single network ACL rules set by AWS is 20 for ingress and 20 for egress rules including the default rules.

aws meta data

AWS meta-data Instance metadata is data about your instance that you can use to configure or manage the running instance. Instance metadata is divided into categories. For more information, see Instance Metadata Categories. To view all the categories: curl http://169.254.169.254/latest/meta-data/ To obtain the private IP address: curl http://169.254.169.254/latest/meta-data/local-ipv4 To obtain the public IP address: curl http://169.254.169.254/latest/meta-data/public-ipv4 To obtain the ssh public key: curl http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key To obtain the instance name:

aws uptime

AWS >= 657 days OS: FreeBSD 8.2 AWS: us-east-1 Type: t1.micro

aws ec2 associate address

If doing more than 100 requests implying the AWS CLI associate-address sub-command, subsequent calls will cost $0.10 each, so If doing to much scale in/out or have a monitoring/automated tool that frecuenly make API calls using this sub-command, the bill is not going to be cheap: Scale in (remove instances) Scale out (add instances) Long story short, The associate-address sub-command, is an idempotent operation, if you call “aws ec2 associate-address” with the same combination of instance and EIP as the one currently in place, it won’t return an error; instead, it will return and count as successful, regardless of whether an actual allocation was done or not.

AWS VPC

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS. Things to keep in mind. Normalize your network First of all, do not invent IP’s, please use and create a normalized range using the private ranges: https://en.