AWS Lambda to delete aws snapshots which are more than 2
import boto3
import datetime
def lambda_handler(event, context):
client = boto3.client('rds')
response = client.describe_db_instances()
for dba in response['DBInstances']:
snapshots = client.describe_db_snapshots(DBInstanceIdentifier=dba['DBInstanceIdentifier'], MaxRecords=50,SnapshotType='manual')['DBSnapshots']
print(dba['DBInstanceIdentifier']+' '+str(len(snapshots)))
snapshots.sort(key=getDate,reverse=True)
if len(snapshots) > 2:
num=0
for eachsnap in snapshots:
num=num+1
if num>2:
print('deleting '+ eachsnap['DBSnapshotIdentifier'])
client.delete_db_snapshot(DBSnapshotIdentifier=eachsnap['DBSnapshotIdentifier'])
def getDate(ele):
return ele['SnapshotCreateTime']
AWS Lambda to create a RDS Sanpshot
import boto3
import datetime
def lambda_handler(event, context):
client = boto3.client('rds')
response = client.describe_db_instances()
for dba in response['DBInstances']:
backup_name = 'backup-' + (dba['DBInstanceIdentifier'] + '-%s') % datetime.datetime.now().strftime("%y-%m-%d-%H-%M")
client.create_db_snapshot(
DBInstanceIdentifier=dba['DBInstanceIdentifier'],
DBSnapshotIdentifier= backup_name,
Tags=[
{
'Key': 'BackupType',
'Value': 'long-term'
},
]
)
print(backup_name+ "Snapshot Created")
Mount s3 bucket
Linux
- Add below policy to IAM role
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::/*"]
}
]
}
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::
}
]
}
- wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/s3fs/s3fs-1.74.tar.gz
- tar -zxvf s3fs-1.74.tar.gz
- sudo yum install gcc libstdc++devel gcc-c++ fuse fuse-devel curl-devel libxm12-devel openssl-devel mailcap
- cd s3fs-1.74
- sudo yum install libxml2-devel
- ./configure --prefix=/usr
- make
- make install
- s3fs -o iam_role="
"
Ubuntu:
- Add below policy to IAM role
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::/*"]
}
]
}
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::
}
]
}
- wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/s3fs/s3fs-1.74.tar.gz
- tar -zxvf s3fs-1.74.tar.gz
- sudo apt-get install build-essential libcurl4-openssl-dev libxml2-dev mime-support
- sudo apt-get install libfuse-dev libcurl4-openssl-dev libxml++2.6-dev libssl-dev
- cd s3fs-1.74
- ./configure --prefix=/usr
- make
- make install
- s3fs -o iam_role="
"
Iredmail Could not save new password. Encryption function missing
It's a bug of iRedMail, the latest Roundcubemail-1.2.0 changed sample config file of its password plugin, this causes iRedMail didn't correctly configure path of 'doveadm' command. Please fix it by following steps below:
*) Open file /opt/www/roundcubemail/plugins/password/config.inc.php, search parameter name "password_dovecotpw". Like this:
$config['password_dovecotpw'] =
*) You will find duplicate parameters, remove one of them, and make sure the remained one is set to:
$config['password_dovecotpw'] = '/usr/bin/doveadm pw';
Aws IAM Policy for S3 Bucket to put/get/list/delete
{
"Version": "2012-10-17",
"Id": "Policy1470210411143",
"Statement": [
{
"Sid": "Stmt123432456644",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12345678903:user/amaresh"
},
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::iam.sample.bucket",
"arn:aws:s3:::iam.sample.bucket/*"
]
}
]
}
"Version": "2012-10-17",
"Id": "Policy1470210411143",
"Statement": [
{
"Sid": "Stmt123432456644",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12345678903:user/amaresh"
},
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::iam.sample.bucket",
"arn:aws:s3:::iam.sample.bucket/*"
]
}
]
}
Policy to restrict S3 bucket access to specific IP addresses
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
http://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html
{
"Id": "Policy1470283588127",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt12345674345788",
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::iam.sample.bucket",
"arn:aws:s3:::iam.sample.bucket/*"
],
"Condition": {
"NotIpAddress": {
"aws:SourceIp": "183.82.101.68/27"
}
},
"Principal": "*"
}
]
}
http://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html
{
"Id": "Policy1470283588127",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt12345674345788",
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::iam.sample.bucket",
"arn:aws:s3:::iam.sample.bucket/*"
],
"Condition": {
"NotIpAddress": {
"aws:SourceIp": "183.82.101.68/27"
}
},
"Principal": "*"
}
]
}
Aws IAM Policy for user to start/stop Ec2 instance
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.html
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt14435321355",
"Action": [
"ec2:DescribeInstances"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:StopInstances",
"ec2:StartInstances"
],
"Resource": [
"arn:aws:ec2:us-east-1:1234567890:instance/i-1234567890abcder"
]
f
]
}
Action::
The action is the specific API action for which you are granting or denying permission
http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Operations.html
ec2:DescribeInstances -> allows user to view only instances
ec2:Describe* -> allows user to view all resources
Subscribe to:
Posts (Atom)