AWS Lambda to delete aws snapshots which are more than 2



import boto3
import datetime


def lambda_handler(event, context):
    client = boto3.client('rds')
    response = client.describe_db_instances()
    for dba in response['DBInstances']:
    snapshots = client.describe_db_snapshots(DBInstanceIdentifier=dba['DBInstanceIdentifier'], MaxRecords=50,SnapshotType='manual')['DBSnapshots']
    print(dba['DBInstanceIdentifier']+' '+str(len(snapshots)))
    snapshots.sort(key=getDate,reverse=True)
    if len(snapshots) > 2:
        num=0
        for eachsnap in snapshots:
            num=num+1
            if num>2:
                print('deleting '+ eachsnap['DBSnapshotIdentifier'])
                client.delete_db_snapshot(DBSnapshotIdentifier=eachsnap['DBSnapshotIdentifier'])
               
def getDate(ele):
    return ele['SnapshotCreateTime']

AWS Lambda to create a RDS Sanpshot






import boto3
import datetime

def lambda_handler(event, context):
    client = boto3.client('rds')
    response = client.describe_db_instances()
    for dba in response['DBInstances']:
      backup_name = 'backup-' + (dba['DBInstanceIdentifier'] + '-%s') % datetime.datetime.now().strftime("%y-%m-%d-%H-%M")
      client.create_db_snapshot(
              DBInstanceIdentifier=dba['DBInstanceIdentifier'],
              DBSnapshotIdentifier= backup_name,
              Tags=[
                  {
                      'Key': 'BackupType',
                      'Value': 'long-term'
                  },
              ]
          )
      print(backup_name+ "Snapshot Created")

Mount s3 bucket



Linux

  1. Add below policy to IAM role
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::/*"]
}
]
}

  1. wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/s3fs/s3fs-1.74.tar.gz
  2. tar -zxvf s3fs-1.74.tar.gz
  3. sudo yum install gcc libstdc++devel gcc-c++ fuse fuse-devel curl-devel libxm12-devel openssl-devel mailcap
  4. cd s3fs-1.74
  5. sudo yum install libxml2-devel
  6. ./configure --prefix=/usr
  7. make
  8. make install
  9. s3fs -o iam_role=""
Ubuntu:

  1. Add below policy to IAM role
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::/*"]
}
]
}

  1. wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/s3fs/s3fs-1.74.tar.gz
  2. tar -zxvf s3fs-1.74.tar.gz
  3. sudo apt-get install build-essential libcurl4-openssl-dev libxml2-dev mime-support
  4. sudo apt-get install libfuse-dev libcurl4-openssl-dev libxml++2.6-dev libssl-dev
  5. cd s3fs-1.74
  6. ./configure --prefix=/usr
  7. make
  8. make install
  9. s3fs -o iam_role=""

Iredmail Could not save new password. Encryption function missing


It's a bug of iRedMail, the latest Roundcubemail-1.2.0 changed sample config file of its password plugin, this causes iRedMail didn't correctly configure path of 'doveadm' command. Please fix it by following steps below:

*) Open file /opt/www/roundcubemail/plugins/password/config.inc.php, search parameter name "password_dovecotpw". Like this:

$config['password_dovecotpw'] =

*) You will find duplicate parameters, remove one of them, and make sure the remained one is set to:
$config['password_dovecotpw'] = '/usr/bin/doveadm pw';

Aws IAM Policy for S3 Bucket to put/get/list/delete

{
"Version": "2012-10-17",
"Id": "Policy1470210411143",
"Statement": [
{
"Sid": "Stmt123432456644",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12345678903:user/amaresh"
},
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::iam.sample.bucket",
"arn:aws:s3:::iam.sample.bucket/*"
]
}
]
}

Policy to restrict S3 bucket access to specific IP addresses

http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

http://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html


{
"Id": "Policy1470283588127",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt12345674345788",
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::iam.sample.bucket",
"arn:aws:s3:::iam.sample.bucket/*"
],
"Condition": {
"NotIpAddress": {
"aws:SourceIp": "183.82.101.68/27"
}
},
"Principal": "*"
}
]
}


Aws IAM Policy for user to start/stop Ec2 instance


http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.html


{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt14435321355",
"Action": [
"ec2:DescribeInstances"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:StopInstances",
"ec2:StartInstances"
],
"Resource": [
"arn:aws:ec2:us-east-1:1234567890:instance/i-1234567890abcder"
]
f
]
}
Action::
The action is the specific API action for which you are granting or denying permission
http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Operations.html
ec2:DescribeInstances -> allows user to view only instances
ec2:Describe* -> allows user to view all resources