AWS permissions – own MFA
AWS IAM permissions to allow users to set up MFA devices for themselves. ${aws:username} restricts access to the logged on user only. “iam:ListUsers” allows them to navigate to their own user in...
View ArticleAWS permissions – monitoring services
AWS permissions intended for a group containing users that will monitor the environment, but should not have access to data and are not allowed to make any changes. Should allow members to check the...
View ArticleAWS permissions – restrict access to S3 bucket based on IP
A bucket policy that will deny access to anyone not coming from the specified IP addresses. Used in combination with IAM groups that allow access to S3, the net result will be that users will be...
View Articletcpdump – dump raw packets to file while also following on screen
The following will create a dump of raw network packets to a file, while continuously reading that file and displaying the packets on screen in human-readable format:/bin/sh -c "tcpdump -i any -w...
View Articleemrer – Python script to create EMR clusters as code
Emrer is a Python script that reads a YAML file and starts an EMR cluster as specified in that file. The main advantage over other EMR automation solutions is that it will take care of uploading the...
View ArticlePython module search order (Ansible 2.1 on El Capitan error)
Upgraded Ansible to version 2.1 on OS X El Capitan. First run, I get this error: AttributeError: 'EntryPoint' object has no attribute 'resolve' Googling for it, it seems like the cause is setuptools...
View ArticleAWS Encryption types
This post is mainly about SSE – Server Side Encryption. It was hard for me to understand, got quite confused along the way. The fact that the documentation on it is somewhat spread over several...
View ArticleGenerate self-signed TLS certificates – ECDSA edition
TL;DR:openssl ecparam -name secp521r1 -genkey -noout -out server.key openssl req -new -x509 -key server.key -out server.crt -days 730 Longer version First line generates an eliptic curve key, using the...
View Article