In AWS’ KMS What Is the Difference between Administrative Permissions and Usage Permissions of a CMK?

Question
A CMK is an encryption key. In Amazon Web Services, for CMKs (Customer Managed Keys) in KMS (Key Management Service), what is the difference between administrative permissions and key usage permissions?

Answer
Usage permissions enable (either IAM users or roles) to encrypt and decrypt data with the AWS KMS API.

Administrative permissions for a CMK allows either an IAM user or role to give usage permissions to other IAM users or roles through the API (and sometimes the web console).

 » Read more..

How Do You Retrieve an Application-Level Secret from AWS?

Problem scenario
You want to obtain a non-database secret from AWS and you know the name of the secret (in Secrets Manager) and the region it is in. What should you do?

Solution
Prerequisites
You have installed and configured the AWS CLI. If you need assistance with this, click on this posting if you can use pip or this posting if you cannot use pip.

 » Read more..

How Do You Troubleshoot the Error “Secrets Manager cannot invoke the specified Lambda function.”?

Problem scenario
You try to store a secret, but you see this message:

“Your secret was created successfully but configuring rotation has failed

Secrets Manager cannot invoke the specified Lambda function. Ensure that the function policy grants access to the principal secretsmanager.amazonaws.com. “

What do you do?

Solution
Try this posting.

 » Read more..

How Do You Get PowerShell to Run Scripts?

Problem scenario
One of the following apply to you.

Problem scenario #1
You try a PowerShell command but you get an error like this “The ‘Login-AzureRmAccount’ command was found in the module ‘AzureRM.profile’, but the module could not be loaded.”

OR

Problem scenario #2
You try a PowerShell command but you get an error like this:

Files\WindowsPowerShell\Modules\AzureRM.profile\5.8.2\AzureRM.Profile.psm1 cannot be
loaded because running scripts is disabled on this system.

 » Read more..

How Do You Create a Puppet Manifest to Install Java?

Problem scenario
You have Puppet agent and Puppet Master set up and configured to work together. You are are running open source Puppet 5.x on Ubuntu servers in AWS. You want to install Java on the Puppet agent nodes. You tried to use the Java module.

On the Puppet Master server, you ran this: puppet module install puppetlabs-java –version 2.2.0

This is your site.pp file:

class { ‘java’ :
package =’java-1.8.0-openjdk-devel’,  » Read more..

Why Cannot You Ping an IP Address of an AWS Server When the Security Group Should Allow for Pinging?

Problem scenario
In AWS you manually added a Security Group rule for the source of a given IP address. This IP address is either the internal or external IP address. You can ping one of them (either the internal or external IP address). Why cannot you ping each IP address?

Solution
Check to see if a firewall is running on the Linux server.

 » Read more..

How Do You Create and Store an Application-Level Secret on the AWS Cloud?

Problem scenario
You want to create and save an application-level secret in AWS. What do you do?

Solution
Use Secrets Manager.

Procedures

  1. Log into the AWS console.
  2. Go to “Secrets Manager”
  3. Click “Store a new secret”
  4. For the secret type choose “Other type of secrets”.
  5. For the left-most field,

 » Read more..

How Do You Create a GCP VM to Be a Web Server?

Problem scenario
You have a GCP server. You can run curl commands to its URL via localhost. But with a URL constructed with the server’s external IP address the curl command times out. You cannot reach the URL from your workstation. How do you get the GCP server to present the web service to other machines?

Solution
Modify the firewall rule by following these steps below.

 » Read more..

How Do You Set the S3 Policy to Archive after 60 Days?

Problem scenario
You want items in an S3 bucket to be archived automatically after they are 60 days old. What do you do?

Solution
1. Log into the AWS console.
2. Click on your S3 bucket.
3. Click on the “Management” tab on the right.
4. Click on “Add lifecycle rule”
5. Give the rule a name.

 » Read more..

How Do You Delete an Aurora Database when You Get an Error about It Not Being Started?

Problem scenario
You are trying to delete an Aurora database but you get this error: “This database is not started.” What do you do?

Possible Solution #1 (with the web console)
1. Log into the web console.
2. Go to “Amazon RDS”.
3. Go to “Databases”
4. Click on the Aurora cluster of the database you want to delete or its parent.

 » Read more..