The ramblings of a computer geek
You can submit commands into an EC2 instance via SSM (Secure Systems Manager), rather than having to open SSH to the machine. From within an authenticated session using AWS CLI on your workstation machine, you can remotely send commands to be run within the instance itself. The commands will typically be run as “root” within … Read more
So you have an EC2 instance you’ve deployed from Terraform, but as part of the run of your template you want to run some other commands. Sure, you can use the “user data” section to run commands at deployment time, but what if you want to run something later on? Well, you can use a … Read more
A simple VPC deployment pattern which includes a simple configuration that has been tested and can be used to build a new infrastructure from. It uses Terraform and uses local state storage (within a directory called “state_data”), for production uses it is mandated to use some form of remote state storage. The pattern within the … Read more
Billing and Cost Management is a significant topic, however there are some basic baseline configurations that can be added to minimise the risk of ending up with unexpected bills. The configuration below provides the mandatory standard baseline configuration, note however within your particular use case the actual threshold values (for cost and/or percentage) may differ … Read more
AWS SSM Web (Services System Manager), is a way to manage your EC2 instances via the SSM tool, this provides a number of different features, the one I commonly use is SSM for reaching the console of an EC2 instance; without needing SSH. With SSM you can get to the console and a command line, … Read more
A simple example using AWS CloudFormation that creates an IAM User and then stores the user’s AccessKey and SecretKey within AWS Secrets Manager to get a hold of the value (which otherwise only exists once at creation). Assuming your user account has access to AWS Secrets Manager, you’ll then find it available here: Click “Retrieve … Read more
When using with Terraform with Keeper Secrets Manager (KSM) a provider is needed to be configured, the Keeper documentation details how this can be configured. Keeper: Terraform Provider Documentation. However, a short version can be found below. https://docs.keeper.io/en/keeperpam/secrets-manager/integrations/terraform You need to have already created a Keeper Secrets Manager (KSM) profile which you can use for authentication, this … Read more
Here’s a quick example of how you can use Terraform’s cidrsubnet function to streamline your use of IP Subnets and calculate a number of different subnets from a single CIDR range (or supernet). https://developer.hashicorp.com/terraform/language/functions/cidrsubnet Explaination The cidrsubnet function can be a bit weird when first looking at it. But we’re going to have an example … Read more
We use IaC (Infrastructure as Code) for the deployment and management of all cloud (AWS) workloads to ensure we can manage and update infrastructure and applications that are deployed in the cloud rapidily and on an ongoing basis, while maintaining flexibility, security and availability. However issues may occur when changes are made using automated processes, … Read more
Although you should be using a keypair for SSH authentication (and not exposing to the Internet), if you’re working with a throw-away or test instance you might just need password authentication to be enabled. Here’s how! Open the SSH configuration file. Set the line “PasswordAuthentication” to “yes”. Save and close. Restart the SSH daemon with: … Read more