This is just a simple tweak that I like to add to hosts to remind the user which host they are connecting to. This message will print in the terminal window on ssh login, until its changed or removed. MotD = Message of the Day. A message that prints to
The CloudWatch agent will not work properly without the permissions configured. This was the fastest way I found to get CloudWatch talking correctly. Create IAM Role – https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/create-iam-roles-for-cloudwatch-agent-commandline.html Attach Role to EC2 instance – https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/attach-iam-role.html Install Cloudwatch on the EC2 instance Install CloudWatch Agent sudo yum install amazon-cloudwatch-agent -y Install
So you’ve followed best practices and configured your container to use a user other than root for its requirements. Nice job. The security experts are convinced this will keep your container, pod, and cluster all more secure. However, sometime in the near future, a completely unforeseen and impossible issue pops
This worked better than I expected. Converting the DB data to JSON is a one-way action. Well, at least I do not know of a way to convert it back. I did not want to install mongo-tools on the server. So after creating the dump I zipped the files up
Once you have a working ingress in place, you may want to restrict access to it by IP. Fortunately, K8s makes this pretty easy with a simple annotation. Edit the ingress Near the top should be the annotations metadata.annotations Add the following annotation and update it with the desired IPs
I needed this for a scenario where the client could not authenticate to S3 but still needed to be able to download files from the S3. So I created this policy which allows all files to be downloaded but restricts access to the download action (s3:GetObject) by source IP. Since
We have hundreds of clients where I work, and now some of us, finally, get to use Macs. We use mRemoteNG for managing ssh connections on Windows, but we needed a solution for Macs. We needed an easy-to-use solution that allowed us to control who had access where. One of
Create IAM Role (Service Account) and attach the policy Run the following command– Update <clustername> with the correct cluster name– Update <role-name> with the role name (example: app-ebs-csi-role)– Update or remove the <awscli-profile> depending on your configuration Install CSI Driver Add the AWS CSI Driver Repo Update Repos Install
After you’ve installed the AWS CSI Driver into your cluster, you must create a storage class to use the driver. Create a file called ebs-sc.yaml and paste in the following contents. Apply with the following