My first attempt to serverless API hosting

Here, I’ll demonstrate how to host an HTTP api call on AWS using Lambda and Api Gateway.

Servers are good. But there are a lot of boring tasks when it comes to maintaining a server. If I just want to publish a simple API online, serverless seems a better choice. Let’s try create an HTTP api using AWS Lambda and ApiGateway.

Create a lambda function

Create a simple python function which prints the client’s source IP. Don’t worry when testing the function in lambda console fails.

import json

def lambda_handler(event, context):
    return {
        'statusCode': 200,
        'headers': {'Content-type': 'application/json'},
        'body': json.dumps({'your-ip': event['requestContext']['http']['sourceIp']})

Create an API gateway

On the api gatetway consone, create a simple HTTP API. Give the API a name and then leave everything else default. Once created, copy the URL of the apigateway from console. That is where the API is exposed.

Click create to create the API

Next, create a route for the apigateway. Here I create a route for GET to go to /. This API call will be read only so only GET request is needed.

For authorization, I’ll let it remain open which is the default setting.

Next, create an integration. Choose “ANY /” route, and set the integration target to the above lambda function. Ensure “Grant API Gateway permission to invoke your Lambda function” is enabled.

Moment of truth

Open the apigateway URL and the message is displayed. The actual result has been redacted.

▶ http  
HTTP/1.1 200 OK
Apigw-Requestid: dhO71jfiSQ0EPPg=
Connection: keep-alive
Content-Length: 29
Content-Type: application/json
Date: Fri, 09 Apr 2021 14:03:30 GMT

    "your-ip": ""

Adding a custom domain name

The last step is to put this API on a custom domain name. Initially, I just created a cname on Cloudflare but that didn’t work. I even configured a CORS to allow the custom domain. Turns out I need to use the custom domain setting in api gateway.

First, create a certificate on ACM. Next, create a new custom domain on api gateway. Under API mappings, map the custom domain to my API. Finally, create a CNAME record, pointing the custom domain to the API gateway domain name (which is different from the apigateway URL).

▶ http
 HTTP/1.1 200 OK
 Apigw-Requestid: dkAVOhMpSQ0EJPg=
 Connection: keep-alive
 Content-Length: 29
 Content-Type: application/json
 Date: Sat, 10 Apr 2021 10:14:31 GMT
     "your-ip": ""

Red Hat Enterprise – no-cost-subscription

Use Red Hat Enterprise Linux for free.

Shortly after Red Hat announced the shift of focus of CentOS , they released a no-cost subscription for Red Hat Enterprise Linux. In short, they now allow a single user to run 16 Red Hat VMs at no cost. Here is how to get it.

Continue reading “Red Hat Enterprise – no-cost-subscription”

Add a keyboard shortcut on Ubuntu

Tired of typing the same thing repeatedly?

If you need to type a certain string on regular basis, you may want to set it up as a keyboard shortcut. But one cannot just associate a hot key with the string. Here is how to do it on Ubuntu without installing any extra package.

Continue reading “Add a keyboard shortcut on Ubuntu”

Connecting to VPC with AWS Client VPN

Connect to your VPC with AWS Client VPN.

AWS Client VPN allows users to connect to their VPC securely over the Internet. On AWS side, we configure client VPN endpoint. On the user side, we install the AWS VPN client software.

Here is a diagram demonstrating how we can use AWS Client VPN to connect to multiple VPCs.

Read on to see how it’s set up.

Continue reading “Connecting to VPC with AWS Client VPN”

Load Averages on Linux/UNIX systems

Load Averages on Linux/UNIX systems

When you run uptime or top, 3 load average numbers are displayed. They represent the 1, 5, and 15 minute load averages. In the following example, the 1 minute load average of my computer is 1.11.

▶ uptime
 22:31:24 up 13 days, 14:32,  1 user,  load average: 1.11, 0.56, 0.31

For years, I’ve used it in relative term. When a high number is shown and the system is still responsive, I set that as normal in mind. But that can’t be right. That is got to be a more scientific way of explaining the numbers. Turns out the answer is right in the man page of uptime.

System load averages is the average number of processes that are either in a runnable or uninterruptable state. A process in a runnable state is either using the CPU or waiting to use the CPU. A process in un‐ interruptable state is waiting for some I/O access, eg waiting for disk. The averages are taken over the three time intervals. Load averages are not normalized for the number of CPUs in a system, so a load aver‐ age of 1 means a single CPU system is loaded all the time while on a 4 CPU system it means it was idle 75% of the time.

man uptime

On a generic workload, let’s simplify the calculation and assume load averages is computed based solely on CPU usage. On a single core system, load averages of 1 means it’s completely busy with that 1 process for the past period of time. On a 16-core system, a load average of 16 the performance expectation should be the same. When interpreting the numbers on a monitoring system or setting up thresholds, we can divide the result by number of cores and multiple it with 100%.

Load averages is actually influenced not just by CPU. IO, network busyness, interrupts, or any other busy resource that prevents processes from completing all contribute. A process can be busy waiting for other resources to return. On some VM, even the random number pool can put the CPU on wait.

That said, load averages is a fairly holistic assessment of how busy a system is.

apache-2.2.34 and openssh-8.2p1 on EL6

Red Hat backports fixes and keep package versions as they are. At times, security scanners are not smart enough to know that. They’d complain the packages are out of date. Making it worse, apache 2.2 has reached EOL since 2018. And even though openssh is now on version 8.2, one will still find version 5.3 on EL6 systems.

Upgrading EL is not an easy task like Ubuntu. One will most likely need to build a new system and migrate things over. If that is an issue for you, install my repo and yum-plugin-priorities. Then install or update httpd-2.2.34 with yum.

curl -sqo /etc/yum.repos.d/headdesk.repo
yum -y install yum-plugin-priorities

While this gives you the very last version of apache 2.2, you may be asked to upgrade to apache 2.4. That’s a different game. IUS and SCL offer apache 2.4. Problem is, IUS’s apache does not work with php in the same repo. Their php are built to work with apache 2.2. So as Remi’s. SCL’s httpd24 and php work together, but they put files under a completely different location. And they stop making php packages at version 7.0, which is EOL.

It’s a mess. Migrate to FPM if you can.

Use the packages at your own risk. I cannot promise future updates. Your best option is to migrate to newer OS and rely on updates from the official distro.

RDP v10.0

Quick comparison of several RDP profiles.

I usually don’t care much about RDP version, as long as I can see the remote desktop clearly. I usually set the resolution to a small one with a lower color depth (15-bit). Recently, I realize RDP has been advanced quite a bit. I can get much better remote display quality. Below is a comparison of several protocols supported by Remmina.

Continue reading “RDP v10.0”