What Are Eight Ways of Rotating AWS IAM Keys?

Problem scenario
You want to rotate AWS IAM keys across a unique set of different AWS accounts. You want to evaluate many different options. What can you do to rotate AWS IAM keys?

Eight Possible Solutions

  1. Manually rotate them with the AWS Console.
  2. Using AWS Lambda
  3. Using Boto3 http://theodorejsalvo.com/post/2018/08/16/rotate-iam-access-keys/
  4. Using CloudFormation https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-create-generic-template.html
    (This also uses Lambda)
  5. Using Terraform
  6. Using AWS Config Managed Rule
    https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
  7. https://aws-rotate-iam-keys.com
  8. Serverless.com

See also this Amazon posting and this other one that delves into automation.

 » Read more..

How Do You Find a File by Name in GitHub (when it is not otherwise showing up)?

Problem scenario
You are searching GitHub for a file by its name. But for some reason it is not showing up in the results. What should you do?

Solution
Use the “filename:” option in the search terms before the name of the file you are looking for.
org:coolorgname filename:rio.yml

For some reason this “filename:” option returns more results. (This solution is supported by https://stackoverflow.com/questions/18991908/is-it-possible-to-search-for-a-particular-filename-on-github.)

 » Read more..

How Do You Install “inspec” with gem from the Command Line?

Problem scenario
You want to install the inspec gem. What do you do?

Solution
Run this:
gem install inspec
(Taken from https://mitre-inspec-developer.netlify.app/installation/linuxinstall.html )

Does the inspec-bin command work? This may be a newer version that is already installed.

If you installed Ruby with root, which is not recommended according to https://stackoverflow.com/questions/24706277/error-sudo-gem-command-not-found, you may need to use “sudo” before the gem command.

 » Read more..

How Do You Troubleshoot “Some of the defined forwarded ports would collide” after Running a Chef Kitchen or Ansible Molecule Command?

Problem scenario
You run a kitchen or molecule command. It fails with an error about ports. What should you do?

Solution
Find what other machines are running in your VPC. This error message seems to be relevant to Vagrant (because if you google it, you will see Vagrant-related postings). If you are using Vagrant, run this command: vagrant global-status

If you are not using Vagrant,

 » Read more..

How Do You Terminate a Process Listening on a Given TCP Port?

Problem scenario
There is a process listening on a TCP port on your Linux system. How do you end it?

Solution
Assuming you want to terminate the process 5555, this is how you would find the PID:

sudo lsof -i :5555

To kill the process, the output of the above command will show you a PID. Run this command where 111222333 is the PID number you found above:

sudo kill -9 111222333  » Read more..

How Do You Unlock a GitHub Repository when You Only Know Its Name?

Problem scenario
You want to unlock a GitHub repository. You know the name of the repo. (When you browse to it in a web browser, you see that it is locked, and you cannot see the files inside as normal.) How do you unlock it?

Solution
You need to find the migration GUID for the locked repository. Then you need to run a command on it.

 » Read more..

How Do You Troubleshoot “Command ‘build’ not found”?

Problem scenario
You are trying to run a script in Linux. But you get the error “Command ‘build’ not found.” What should you do?

Solution
Are you sure the term build should be executing? Is the real command “bash”? There may be a typo or mistake.

 » Read more..

How Do You List the Kafka Topics when You Cannot Find the kafka-topics.sh File?

Problem scenario
You cannot find kafka-topics.sh. But you want to list the Kafka topics. What should you do?

Solution
Find the kafka-topics binary file. Use something like this (but replace “localhost” with the server name of Zookeeper and “2181” with the TCP port number):

kafka-topics –list –zookeeper localhost:2181

(This was adapted from https://stackoverflow.com/questions/44405663/list-all-kafka-topics.)

 » Read more..

How Do You Troubleshoot the Error “failed to run custom build command for openssl-sys v0.9.60”?

Problem scenario
You ran: sudo bash build_rust.sh

It failed with this message: “error: failed to run custom build command for openssl-sys v0.9.60”

Solution
Run this:
sudo apt -y install pkg-config

 » Read more..

What AWS CLI Command Can You Run to List Roles with EKS Access?

Problem scenario
You want to list IAM roles that have access to EKS. You have the AWS CLI installed and jq installed. What should you do?

Solution
Run this command:

aws iam list-roles | jq -r ‘.Roles[] | select(.AssumeRolePolicyDocument.Statement[].Principal.Service==”eks.amazonaws.com”)’  » Read more..