Implement an implicit deny, explicit allow SCP.
Continue reading “AWS SCP”More on serverless computing
Previously, I’ve written about hosting an HTTP api on AWS api gateway. In this article, I’ll try to deploy a nodejs application on AWS ElasticBeanstalk.
Continue reading “More on serverless computing”My first attempt to serverless API hosting
Here, I’ll demonstrate how to host an HTTP api call on AWS using Lambda and Api Gateway.
Servers are good. But there are a lot of boring tasks when it comes to maintaining a server. If I just want to publish a simple API online, serverless seems a better choice. Let’s try create an HTTP api using AWS Lambda and ApiGateway.
Create a lambda function
Create a simple python function which prints the client’s source IP. Don’t worry when testing the function in lambda console fails.
import json
def lambda_handler(event, context):
return {
'statusCode': 200,
'headers': {'Content-type': 'application/json'},
'body': json.dumps({'your-ip': event['requestContext']['http']['sourceIp']})
}
Create an API gateway
On the api gatetway consone, create a simple HTTP API. Give the API a name and then leave everything else default. Once created, copy the URL of the apigateway from console. That is where the API is exposed.
Next, create a route for the apigateway. Here I create a route for GET to go to /. This API call will be read only so only GET request is needed.
For authorization, I’ll let it remain open which is the default setting.
Next, create an integration. Choose “ANY /” route, and set the integration target to the above lambda function. Ensure “Grant API Gateway permission to invoke your Lambda function” is enabled.
Moment of truth
Open the apigateway URL and the message is displayed. The actual result has been redacted.
▶ http https://85nd6u7qdi.execute-api.ap-southeast-1.amazonaws.com/
HTTP/1.1 200 OK
Apigw-Requestid: dhO71jfiSQ0EPPg=
Connection: keep-alive
Content-Length: 29
Content-Type: application/json
Date: Fri, 09 Apr 2021 14:03:30 GMT
{
"your-ip": "1.2.3.4"
}
Adding a custom domain name
The last step is to put this API on a custom domain name. Initially, I just created a cname on Cloudflare but that didn’t work. I even configured a CORS to allow the custom domain. Turns out I need to use the custom domain setting in api gateway.
First, create a certificate on ACM. Next, create a new custom domain on api gateway. Under API mappings, map the custom domain to my API. Finally, create a CNAME record, pointing the custom domain to the API gateway domain name (which is different from the apigateway URL).
▶ http https://myip.one27.cf
HTTP/1.1 200 OK
Apigw-Requestid: dkAVOhMpSQ0EJPg=
Connection: keep-alive
Content-Length: 29
Content-Type: application/json
Date: Sat, 10 Apr 2021 10:14:31 GMT
{
"your-ip": "1.2.3.4"
}
Red Hat Enterprise – no-cost-subscription
Use Red Hat Enterprise Linux for free.
Shortly after Red Hat announced the shift of focus of CentOS , they released a no-cost subscription for Red Hat Enterprise Linux. In short, they now allow a single user to run 16 Red Hat VMs at no cost. Here is how to get it.
Continue reading “Red Hat Enterprise – no-cost-subscription”Create nginx dav share for use with Enpass
setup private nginx dav share for Enpass.
Enpass is my favorite password manager. It works on Linux and Mac, and it can sync the password vault to cloud storage. Here, I’ll show you how to setup your own nginx dav share. I prefer not to store my passwords on public cloud.
Continue reading “Create nginx dav share for use with Enpass”My adventure on MikroTik
Recently, I came across the MikroTik routers and so happen I need to troubleshoot a site-to-site VPN issue.
Recently, I came across the MikroTik routers and so happen I need to troubleshoot a site-to-site VPN issue. MikroTik providers the RouterOS for anyone to install in a virtual environment. There is also an AMI on AWS. Here I’ll demonstrate how to get it to connect to AWS VPN in no time.
Continue reading “My adventure on MikroTik”Add a keyboard shortcut on Ubuntu
Tired of typing the same thing repeatedly?
If you need to type a certain string on regular basis, you may want to set it up as a keyboard shortcut. But one cannot just associate a hot key with the string. Here is how to do it on Ubuntu without installing any extra package.
Continue reading “Add a keyboard shortcut on Ubuntu”Use oathtool to generate 2FA code
In this example, I’ll be using the oathtool on Ubuntu to generate 2FA code. I’ll be using this for 2FA authentication against AWS access.
Continue reading “Use oathtool to generate 2FA code”Connecting to VPC with AWS Client VPN
Connect to your VPC with AWS Client VPN.
AWS Client VPN allows users to connect to their VPC securely over the Internet. On AWS side, we configure client VPN endpoint. On the user side, we install the AWS VPN client software.
Here is a diagram demonstrating how we can use AWS Client VPN to connect to multiple VPCs.
Read on to see how it’s set up.
Continue reading “Connecting to VPC with AWS Client VPN”Automate docker image build and push
Build and publish docker image with a CI/CD
I’m experimenting with Jenkins and I’m starting to like it. In this page, I’m going to demonstrate how to configure Jenkins to build docker image and push it to my registry automatically.
Continue reading “Automate docker image build and push”