How Do You Know the Syntax of the JSON for the –policy-document Flag for Adding Policies to a Role in AWS?

0 Comments

One of the following scenarios apply:

Problem scenario #1
You want to run a command like this:
aws iam put-role-policy –role-name contintdelete-role –policy-name DELETEPOLICY –policy-document file://adminPolicy.json

But you do not know the syntax of the adminPolicy.json.

Problem scenario #2
You are trying to use the –policy-document flag with the command “aws iam put-role-policy”. But you get this error:

An error occurred (MalformedPolicyDocument) when calling the PutRolePolicy operation: Syntax errors in policy.

Continue reading “How Do You Know the Syntax of the JSON for the –policy-document Flag for Adding Policies to a Role in AWS?”

How Do You Troubleshoot an Error Trying to Delete a VPC, Network Interface, or Subnet ID?

0 Comments

One (or more) of the following problems is applicable:

Problem scenario #1
You are trying to delete an network interface in AWS. But you get an error “You are not allowed to manage ‘ela-attach’ attachments.” What should you do?

Problem scenario #2
You are trying to delete a subnet from AWS’ VPC. But you get this error:

Note that the following subnets cannot be deleted: The following subnets contain one or more network interfaces, …

Continue reading “How Do You Troubleshoot an Error Trying to Delete a VPC, Network Interface, or Subnet ID?”

How Can You Use CloudTrail for the First Time in Your AWS Account?

0 Comments

Problem scenario
You want to log or monitor AWS activity (e.g., AWS Management Console, AWS CLI, and/or AWS SDK actions). You do not want encryption because you are just testing it out. How do you use CloudTrail to do this?

Solution

  1. Log into AWS.
  2. Go to this link: https://console.aws.amazon.com/cloudtrail/
  3. Click “Create a trail”
  4. Enter a descriptive name for your trail.

Continue reading “How Can You Use CloudTrail for the First Time in Your AWS Account?”

How Do You Create Peering Connections to EC-2 Instances, inside VPCs, So They Can Communicate with Each Other?

0 Comments

Problem scenario
You want to use peering connections between two VPCs (in the same region) so that EC-2 instances in each VPC can communicate with each other. How do you do this?

Solution
Prerequisite
This assumes you have two VPCs already created in the same region. This assumes you have EC-2 instances also created.

i. Create one VPC.

Continue reading “How Do You Create Peering Connections to EC-2 Instances, inside VPCs, So They Can Communicate with Each Other?”

How Do You Connect to an EC-2 Instance in a VPC?

0 Comments

Problem scenario
You cannot reach the public IP address of an EC-2 instance. You get “Network connection timed out” errors. The EC-2 instance is in a VPC. You have configured the relevant Network ACLs of the VPC and the EC-2 instance’s Security Groups to allow connectivity from your workstation. What could be wrong?

Solution

  1. Make sure you have an Internet Gateway that has been created and attached to the relevant VPC.

Continue reading “How Do You Connect to an EC-2 Instance in a VPC?”

What Is the Syntax for Viewing ec2_instance_info Return Values in Ansible?

0 Comments

Problem scenario
You read about a supported data type (defined keys) in Ansible playbooks related to EC-2 servers in AWS. How do you view this data?

Solution

  1. Have a playbook (.yaml file) with the following syntax:

ec2_instance_info:
region: us-west-1
register: vara

  1. Refer to vara as a variable. Here is an example of how to see it:

debug:
msg: “{{ item.instance_id }}”
loop: “{{ vara.instances }}”

Continue reading “What Is the Syntax for Viewing ec2_instance_info Return Values in Ansible?”

How Do You Troubleshoot the CloudWatch Command Line Error “no outputs found, did you provide a valid config file”?

0 Comments

Problem scenario
You think your amazon-cloudwatch-agent.toml file has been misconfigured. You run “amazon-cloudwatch-agent-ctl” but you get an error about “no outputs found, did you provide a valid config file.” What should you do about this error?

Solution

  1. Use amazon-cloudwatch-agent-config-wizard to create the configuration file. From the command line it will walk you through step-by-step directions in text.
  2. Assuming the default configuration has been saved as “AmazonCloudWatch-linux” (based on how you responded above),

Continue reading “How Do You Troubleshoot the CloudWatch Command Line Error “no outputs found, did you provide a valid config file”?”

Why Does “aws ssm” Return False Messages about a Package Being Installed?

0 Comments

Problem scenario
You run an “aws ssm” command. It returns that a given package has been installed. You know the package is not really installed. What is the reason for the discrepancy?

Solution
A previous “aws ssm” command may have run successfully. But later someone may have deleted specific files without using “aws ssm”. This is a limitation of “aws ssm”.

Continue reading “Why Does “aws ssm” Return False Messages about a Package Being Installed?”

How Do You Find which IAM Roles Your EC-2 User Account Has?

0 Comments

Problem scenario
You want to see what IAM permissions a given Linux user on an EC-2 instance has. You tried going to the web console for AWS. You were unable to find the user (e.g., ec2-user or ubuntu). How do you determine which roles the user is a member of?

Solution
From the OS, run this command:
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/s3access

Continue reading “How Do You Find which IAM Roles Your EC-2 User Account Has?”

How Do You Find and Delete Azure Services (e.g., Disks) That Cause You an Expense?

0 Comments

Problem scenario
In Azure’s “Cost analysis” (in the Cost Management + Billing section), you see expenses associated with storage. How do you find “standard * managed disks” in your account for the purpose of deleting them?

Solution
1. Go here: https://portal.azure.com/#blade/HubsExtension/BrowseAll
2. Sort by “Type”.
3. Find “Disk” and click on the radio buttons near those and click on “Delete”

Continue reading “How Do You Find and Delete Azure Services (e.g., Disks) That Cause You an Expense?”