In AWS’ KMS What Is the Difference between Administrative Permissions and Usage Permissions of a CMK?

Question
A CMK is an encryption key. In Amazon Web Services, for CMKs (Customer Managed Keys) in KMS (Key Management Service), what is the difference between administrative permissions and key usage permissions?

Answer
Usage permissions enable (either IAM users or roles) to encrypt and decrypt data with the AWS KMS API.

Administrative permissions for a CMK allows either an IAM user or role to give usage permissions to other IAM users or roles through the API (and sometimes the web console).

 » Read more..

How Do You Retrieve an Application-Level Secret from AWS?

Problem scenario
You want to obtain a non-database secret from AWS and you know the name of the secret (in Secrets Manager) and the region it is in. What should you do?

Solution
Prerequisites
You have installed and configured the AWS CLI. If you need assistance with this, click on this posting if you can use pip or this posting if you cannot use pip.

 » Read more..

How Do You Troubleshoot the Error “Secrets Manager cannot invoke the specified Lambda function.”?

Problem scenario
You try to store a secret, but you see this message:

“Your secret was created successfully but configuring rotation has failed

Secrets Manager cannot invoke the specified Lambda function. Ensure that the function policy grants access to the principal secretsmanager.amazonaws.com. “

What do you do?

Solution
Try this posting.

 » Read more..

How Do You Create a Puppet Manifest to Install Java?

Problem scenario
You have Puppet agent and Puppet Master set up and configured to work together. You are are running open source Puppet 5.x on Ubuntu servers in AWS. You want to install Java on the Puppet agent nodes. You tried to use the Java module.

On the Puppet Master server, you ran this: puppet module install puppetlabs-java –version 2.2.0

This is your site.pp file:

class { ‘java’ :
package =’java-1.8.0-openjdk-devel’,  » Read more..

Why Cannot You Ping an IP Address of an AWS Server When the Security Group Should Allow for Pinging?

Problem scenario
In AWS you manually added a Security Group rule for the source of a given IP address. This IP address is either the internal or external IP address. You can ping one of them (either the internal or external IP address). Why cannot you ping each IP address?

Solution
Check to see if a firewall is running on the Linux server.

 » Read more..

How Do You Create and Store an Application-Level Secret on the AWS Cloud?

Problem scenario
You want to create and save an application-level secret in AWS. What do you do?

Solution
Use Secrets Manager.

Procedures

  1. Log into the AWS console.
  2. Go to “Secrets Manager”
  3. Click “Store a new secret”
  4. For the secret type choose “Other type of secrets”.
  5. For the left-most field,

 » Read more..

How Do You Set the S3 Policy to Archive after 60 Days?

Problem scenario
You want items in an S3 bucket to be archived automatically after they are 60 days old. What do you do?

Solution
1. Log into the AWS console.
2. Click on your S3 bucket.
3. Click on the “Management” tab on the right.
4. Click on “Add lifecycle rule”
5. Give the rule a name.

 » Read more..

How Do You Delete an Aurora Database when You Get an Error about It Not Being Started?

Problem scenario
You are trying to delete an Aurora database but you get this error: “This database is not started.” What do you do?

Possible Solution #1 (with the web console)
1. Log into the web console.
2. Go to “Amazon RDS”.
3. Go to “Databases”
4. Click on the Aurora cluster of the database you want to delete or its parent.

 » Read more..

How Do You Troubleshoot the AWS Error “could not get token: NoCredentialProviders: no valid providers in chain. Deprecated.”

Problem scenario
You run this command: kubectl get svc

You receive this:
” could not get token: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors”

What should you do?

Solution
Install and configure the AWS CLI. If you need assistance with this, see this posting.

 » Read more..

How Do You Install pip on a RHEL Server in AWS?

Problem scenario
You want to install pip on a RedHat Enterprise Linux server in AWS.  What do you do?

Solution
Prerequisites
This assumes that Python has been installed. If it has not, run this command:
sudo yum -y install python3


Procedures

Run these two commands:
curl “https://bootstrap.pypa.io/get-pip.py” -o “get-pip.py”
sudo python3 get-pip.py # use python is python3 is not found
sudo ln -s /usr/local/bin/pip /usr/bin/pip

 » Read more..