Engineering in Time

Snapshots of Technology

© 2015. All rights reserved.

AWS RDS - Using Fog to create a database instance

21 Nov 2013

Wanted to do a quick write up on how to create a mySQL RDS instance at Amazon with the ruby gem fog.

require 'fog'
connection = Fog::AWS::RDS.new(:aws_access_key_id => access_key, :aws_secret_access_key => secret_key, :region => "us-east-1")

#Create a security group
result = connection.security_groups.create("DBSecurityGroupName" => "mynewdatabase-sg", "DBSecurityGroupDescription" => "For my new database")

security_group = connection.security_groups.get("mynewdatabase-sg")

#Add some trusted IP Addresses
security_group.authorize_cidrip("162.243.110.173/32")

#Add a trusted EC2 security group
security_group.authorize_ec2_security_group("mywebservers-sg")

#Build the database
database_options = {}
database_options.store("AllocatedStorage",5) #GBs
database_options.store("AutoMinorVersionUpgrade",true)
database_options.store("MultiAZ",true) #suggested for redundancy/high availability
database_options.store("BackupRetentionPeriod",7) #days
database_options.store("DBInstanceClass","db.m1.small")
database_options.store("DBName","mydb")
database_options.store("DBParameterGroupName","default.mysql5.6")
database_options.store("DBSecurityGroups",[ "mynewdatabase-sg" ])
database_options.store("Engine","mysql")
database_options.store("EngineVersion","5.6.13")
database_options.store("MasterUsername","mydbuser")
database_options.store("MasterUserPassword","mydbpassword")
database_options.store("Port",3306)
database_options.store("PreferredBackupWindow","01:00-01:30") #Run this just before the Maintenance Window
database_options.store("PreferredMaintenanceWindow","tue:02:00-tue:02:30")

result = connection.create_db_instance("mynewdatabase", database_options)

if result.status != 200
  puts "Unable to create the RDS instance"
end

#Get the database object
rds_instance = rds.servers.get("mynewdatabase")

#Let's wait until it's ready
while rds_instance.reload.state != "available"
  print "."
  sleep 30
end

#Let's add the workload type tag "production"
rds_instance.add_tags({"workload-type"=>"production"})

Now you should have a new mysql database in Amazon RDS.

Ubuntu Server Create New Linux Interface

20 Nov 2013

If you just added a new interface to your Ubuntu server, you'll want to find this interface and give it an IP address. Below are the steps to find it and add a static IP:

sudo lshw -C network #will tell you eth1 or similiar
sudo vi /etc/network/interfaces

auto eth1
iface eth1 inet static
  address 10.0.56.212
  netmask 255.255.255.0
  network 10.0.56.0
  broadcast 10.0.56.255

Save the /etc/network/interfaces file and now see if you get a connection with the below command:

sudo ifup eth1 && ifconfig

Now you should be able to ping the gateway:

ping 10.0.56.1

Apache http whitelist multiple IP Addresses

20 Nov 2013

Here's a way to whitelist as many IP addresses as you want, using Apache rewrite module.

In the VirtualHost add this:

<ifmodule mod_rewrite.c>
  RewriteEngine On
  RewriteMap ips txt:/etc/apache2/allowed_ips
  RewriteCond ${ips:%{HTTP:X-Forwarded-For}|NOT-FOUND} =NOT-FOUND
  RewriteCond ${ips:%{REMOTE_ADDR}|NOT-FOUND} =NOT-FOUND
  RewriteRule ^(.*)$ https://google.com [R,L]
</ifmodule>

And this file is where you add the allowed IP addresses: /etc/apache2/allowed_ips

Contents:

192.168.1.45 -
192.168.1.47 -

Any other IP addresses trying to access your apache website will be redirected to google, or you can put a forbidden page there too. Just to note this setup is flexible enough to use a load balancer (X-Forwarded-For) or straight to the server (REMOTE_ADDR), no modification needed.

S3 Bucket - Precise Permissions

18 Nov 2013

Found a way to give precise permissions to prefixes underneath the main bucket. Create an IAM account, then assign this policy below. Now you can safety know that the IAM account will only be able to access items underneath the prefix development/, in the my_main_bucket.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
       "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::my_main_bucket"
      ],
      "Condition": {
        "StringLike": {
          "s3:prefix": "development/*"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "arn:aws:s3:::my_main_bucket/development/*"
      ],
      "Condition": {}
    }
  ]
}

Quick EBS LVM Setup

18 Nov 2013

Just a quick note on how to setup EBS in EC2 with LVM

pvcreate /dev/xvdb
vgcreate new_mount /dev/xvdb
lvcreate -l 100%FREE -n lvm new_mount
mkdir /new_mount
mkfs.ext4 /dev/mapper/new_mount-lvm
echo "/dev/mapper/new_mount-lvm /new_mount auto noatime 0 0" | sudo tee -a /etc/fstab
mount /dev/mapper/new_mount-lvm /new_mount