AWS S3 permissions

A quick tip on aws S3 permissions to a specific folder in a bucket.

{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"s3:Put*",
"s3:Get*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::nameofmybucket/profile/*"
]
}]
}

Try to avoid bucket root level permission as much as possible. Also, try to use cognito if the client wants to directly access aws resources.

Setting git on aws EC2 instance

Launch an EC2 instance of type Amazon Linux AMI from your aws console.

SSH into your ec2 instance
ssh -i ec2-user@my_ec2_ip_address

Update the instance
sudo yum update -y

install developer tools
sudo yum groupinstall -y "Development Tools"

install git
sudo yum install git

checkout the source code
git clone https://my.git.repo.git
cd my_local_git_folder
git checkout -f branch_to_cjeckout

Setting up redis on aws EC2 instance

Launch an EC2 instance of type Amazon Linux AMI from your aws console.

SSH into your ec2 instance
ssh -i ec2-user@my_ec2_ip

Update the instance
sudo yum update -y

Install the developer tools to compile the redis source
sudo yum groupinstall -y "Development Tools"

Install tcl
sudo yum install -y tcl

Download the latest redis source
wget http://download.redis.io/redis-stable.tar.gz

unzip the source
tar xvzf redis-stable.tar.gz

go to the redis folder and run the make command to compile the source
cd redis-stable
make
make test
sudo make install

to run the server, go to the src folder and run the daemonize command.
cd src
./redis-server --daemonize yes

Run the redis-cli command to check if server resonds.
redis-cli
ping

If the response is PONG then you are good to go 🙂

Setting up MySQL server on aws EC2 instance

Launch an EC2 instance of type Amazon Linux AMI from your aws console.

SSH into your ec2 instance
ssh -i ec2-user@my_ec2_ip_address

Update the instance
sudo yum update -y

Install the mysqld server
sudo yum install -y mysql55-server

start the mysqld instance
sudo service mysqld start

the following command ensure launches mysqld on server restart
sudo chkconfig mysqld on

run the following command to set password for root user and delete test databases.
sudo mysql_secure_installation

make a note of the root password 🙂

Let’s try to create a user and database. This way we can control the database access levels.
mysql -uroot -pmy_root_password

I’m going to create a db_demo with demo_user having password demo123.
CREATE DATABASE db_demo;
USE db_demo;
CREATE USER 'demo_user'@'localhost' IDENTIFIED BY 'demo123';
GRANT ALL PRIVILEGES ON *.* TO 'demo_user'@'localhost' WITH GRANT OPTION;
CREATE USER 'demo_user'@'%' IDENTIFIED BY 'demo123';
GRANT ALL PRIVILEGES ON *.* TO 'demo_user'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;

That’s it. You are all set.

Note:

  • details on mysql privileges can be found here
  • Don’t forget to open the default port 3306 if you want to access the database outside the ec2 instance boundary
  • useful mysqld commands
    • sudo service mysqld start
    • sudo service mysqld stop
    • sudo service mysqld restart
    • sudo service mysqld status

Connecting to Amazon EC2 server on Mac using Terminal app

Go to the folder where your .pem file is stored. You can retrieve the .pem file from your amazon account.

Launch the terminal app and run the  command

cd /folder/where/perm/file/stored/
ssh-add filename.pem

This should work fine most of the time and you should get a response similar to this.

Identity added:xxxxx

If the permission set on the .pem file aren’t correct then terminal will show this error

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0444 for 'filename.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
ec2-user@xx.xx.xx.xx:22: No such file or directory

To fix it, set the appropriate permissions.

chmod 400 filename.pem

Now, it’s time to connect to ec2 server.

ssh-add filename.pem
ssh ec2-user@xx.xx.xx.xx:22

If evrything works fine, then you should see this response on your terminal screen:

Last login: Tue Apr 23 03:34:27 2013 from xx.xx.xx.xx
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2012.09-release-notes/
There are 15 security update(s) out of 141 total update(s) available
Run "sudo yum update" to apply all updates.
Amazon Linux version 2013.03 is available.
-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8)
[ec2-user@ip-xx-xx-xx-xx ~]$