The Vault Admin is responsible for ensuring the vault service and its backend are available. They also manage the bringup process in the event of an outage, including coordination of the shamir secret holders during the process of unsealing the vault.
- Much more consideration for production :)
- Vault binary
For: https://www.reddit.com/r/aws/comments/5jf7fb/permissions_for_lambda_accessing_s3_buckets_in/
This is a little tricky, because it requires several different moving parts, specifically,
- the lambda task that you want to execute the copy must have IAM access to the bucket in the other account. This is not something that was obvious to me to begin with, although my use case was more complicated.
- the bucket policy on the destination account must be set to permit your lambda function to write to that bucket. For my special use cases, I have to upload a new bucket policy daily to the receiving buckets. Alternatively, the destination accounts could probably give your a cross-account IAM role to upload the bucket policy yourself.
- You will likely want to write your objects with the
bucket-owner-full-control
acl, http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html otherwise, the bucket owner may not be able to download them.
I got many errors while working on the Ansible Tower upgrade from v2.1.0 to v2.3.1. I faced many issues in this journey, so thought of documenting those here. | |
============== | |
ISSUES FIXED | |
============== | |
1) ./setup.sh script fails while trying to look for postgres user 'awx' | |
TASK: [postgres | determine if postgresql user exists] ************************ | |
fatal: [localhost] => error while evaluating conditional: pg_user_exists.stdout != '1' | |
2) Error while trying to upgrade supervisor |
DynamoDB is a powerful, fully managed, low latency, NoSQL database service provided by Amazon. DynamoDB allows you to pay for dedicated throughput, with predictable performance for "any level of request traffic". Scalability is handled for you, and data is replicated across multiple availability zones automatically. Amazon handles all of the pain points associated with managing a distributed datastore for you, including replication, load balancing, provisioning, and backups. All that is left is for you to take your data, and its access patterns, and make it work in the denormalized world of NoSQL.
The single most important part of using DynamoDB begins before you ever put data into it: designing the table(s) and keys. Keys (Amazon calls them primary keys) can be composed of one attribute, called a hash key, or a compound key called the hash and range key. The key is used to uniquely identify an item in a table. The choice of the primary key is particularl
Question: Can you write code implementing the consumer and producer pattern?
This is a classic concurrency problem where we have threads generating data to be consumed (producers) by other threads (consumers).
The implementation with POSIX threads can be a pain in the ass but it is quite straight forward in golang thanks to its concurrency constructs.
I've been using a lot of Ansible lately and while almost everything has been great, finding a clean way to implement ansible-vault wasn't immediately apparent.
What I decided on was the following: put your secret information into a vars
file, reference that vars
file from your task
, and encrypt the whole vars
file using ansible-vault encrypt
.
Let's use an example: You're writing an Ansible role and want to encrypt the spoiler for the movie Aliens.
MIT License | |
Copyright (c) 2021 Ryo Nakamura | |
Permission is hereby granted, free of charge, to any person obtaining a copy | |
of this software and associated documentation files (the "Software"), to deal | |
in the Software without restriction, including without limitation the rights | |
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
copies of the Software, and to permit persons to whom the Software is | |
furnished to do so, subject to the following conditions: |
- Recipes
- Anonymous GET access
- Anonymous GET access - match HTTP referrer
- Full access for specific IAM user/role
- GET/PUT/DELETE access to specific path within a bucket
- Restricted LIST & PUT/DELETE access to specific path within a bucket
- Full access (and S3 console) for specific IAM users
- Bucket and object delete deny
packer build packer.json 2>&1 | sudo tee output.txt | |
tail -2 output.txt | head -2 | awk 'match($0, /ami-.*/) { print substr($0, RSTART, RLENGTH) }' > sudo ami.txt |