Upcoming class: Introduction to GCP Oct 15-16, 2018

Sign up here!

Google Cloud Platform is a rich suite of cloud computing services that works with a set of management tools to provide modular cloud services for computing, data storage, data analytics, machine learning, and more. It is important to understand how to properly evaluate and adopt cloud infrastructure because if done poorly, it can wreak havoc on the operations and security of sensitive resources. Migrating to the cloud should be measured and deliberate, based on a solid understanding of the effort involved, and a clear vision for the outcome.This training will provide a solid understanding of Google Cloud Platform. We will start with the basics before moving on to security and monitoring. We will then explore how to create a network, launch compute resources, and create storage resources before ending with operations and automation. You will get to see firsthand the various services that make up the GCP ecosystem along with their relationships to each other. The training will cover benefits of a cloud-based infrastructure and starting points for how these benefits can be achieved in GCP.

Upcoming Class: AWS Monitoring Strategies on August 31, 2018

Monitoring in AWS can lead to a complicated web of resources and workflows. Maximizing coverage of availability metrics, performance indicators, and security requires knowledge of several services and integration techniques. Log monitoring presents cost, storage, and retention challenges. This course is designed to shed light on monitoring strategies in AWS to eliminate gaps in monitoring, as well as explain differences between traditional monitoring choices and those available as part of the AWS ecosystem.

Sign up here!

How to setup and do the basics of CodeCommit with Bash - SSH

Amazon Web Services CodeCommit is a great, very cheap/free program that can be used to store and share code with others. Using the AWS free-tier you can have up to 5 IAM users, and 3 projects on the same account that share code to the same place. This is a simple how-to that should get everything up and running for you and hopefully answer any questions you might have.

1. Assuming that you already have an updated and working version of pip and Python installed you can install the AWS CLI by using this command

pip install awscli --upgrade –user

2. Create an IAM user that has codecommit access. Make sure that you check the box that allows Programatic Access and the other one that allows for AWS Management Console Access if those are things you want your account to have. You must select both of these for initial setup.

For best security principles you should give the account the least access possible to do the job. For set up you can give the account the premade policy that allows only AWS codecommit access. Also be sure to save the access key ID and the secret access key. You will need these.

While in the setup phase of the account, navigate to the “Security Credentials” tab. Once there generate SSH credentials for your account.

You can also generate HTTPS Git credentials for codecommit if you think you’ll use HTTPS to connect to the codecommit repository at all.

Once the account has been made, if you are using the command line interface, use the aws configure command to set up your CLI with your IAM account.  This should be your output:

aws configure

access key ID: (enter access key ID)

secret access key: (enter secret access key)

default region name (us-east-1): (type the availability zone you want, one listed is the current region selected)

default output (text): (this can be changed to JSON if you prefer)

note: make sure the default region is the same one that plan to put your repository is in

3. Next you need to make sure that Git is installed on your computer, you can download it here

https://git-scm.com/downloads

4. When you made your new IAM user there should have been a URL that you can use to log into AWS management console. Log in now, and naviagate to CodeCommit.

Click the blue “create” button and make your first repository. Give it a name and a description and you can also set up SNS notifications amongst other things at this stage if you so choose.

I called my repository “testrepo”

5. Now make sure that you have an SSH key pair. If you already have one you can skip this step. You can use an existing one, or make a new one with the keygen command. Before running the command, I’d recommend that you change into your /.ssh directory. Mine was under /Users/”username-here”/.ssh/

cd /Users/username-here/.ssh/

Then you can run the keygen command to make your ssh key pair. Once you run the command it will ask you what you want to name your key pair. For the sake of this we’ll call ours “testkeypair”

ssh-keygen

Enter file in which to save the key (/Users/username/.ssh/id_rsa): testkeypair

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in testkeypair.

Your public key has been saved in testkeypair.pub.

The key fingerprint is:

SHA256:q6WB1IrmHEe+eUOCKAxR+3Q/QzbL4XD3QrYd418sBro username@usernames-MBP

The key's randomart image is:

+---[RSA 2048]----+

| ..              |

|.  .             |

| .. . o * + +    |

|.  o o O B * + . |

|o. .+ . S + + o o|

|o..=.o.  + o o o |

|. + =o. o E   .  |

| + o oo=         |

|  o o.o.         |

+----[SHA256]-----+

After running the command the key pair is available for use. There will be 2 files saved into the directory you were in at the time of creation, one named “testkeypair” and one named “testkeypair.pub”.

6. Once your key pair has been completely made you can run the “cat” command to view the contents of the file that you made. “cat” into the public file so that you can see the contents for copy and paste purposes
cat ~/.ssh/testkeypair.pub

Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/

In the IAM console, in the navigation pane, choose Users, and from the list of users, choose your IAM user.

On the user details page, choose the Security Credentials tab, and then choose Upload SSH public key.

Paste the contents of your SSH public key into the field, and then choose Upload SSH public key.

Copy or save the information in SSH Key ID (for example, APKAEIBAERJR2EXAMPLE).

7. On your computer, use a text editor to create a config file in the ~/.ssh directory, and then add the following lines to the file, where the value for User is the SSH key ID you copied earlier:

Host git-codecommit.*.amazonaws.com

  User APKAEIBAERJR2EXAMPLE

  IdentityFile ~/.ssh/testkeypair

If you gave your private key file a name other than testkeypair, be sure to change that

Save and name this file config.

From the terminal, run the following command to change the permissions for the config file:

chmod 600 config

Run the following command to test your SSH configuration:

ssh git-codecommit.us-east-1.amazonaws.com

You will be asked to confirm the connection, as git-codecommit.us-east-1.amazonaws.com is not yet included in your known hosts file. The AWS CodeCommit server fingerprint is displayed as part of the verification (a9:6d:03:ed:08:42:21:be:06:e1:e0:2a:d1:75:31:5e for MD5 or 3lBlW2g5xn/NA2Ck6dyeJIrQOWvn7n8UEs56fG6ZIzQ for SHA256).

If you are having problems connecting you can try troubleshooting with the –v parameter so that you can see where things went wrong.

ssh -v git-codecommit.us-east-1.amazonaws.com

8. Assuming that everything went smoothly you can now clone your git repository and make your first commit.

git clone ssh://git-codecommit.us-east1.amazonaws.com/v1/repos/testrepo

Assuming that this is a brand new repository that you are connecting to, it will give you a warning telling you that you may have cloned an empty repository.

This command clones an identical repository that will be stored on your local drive. This keeps a copy of everything you have made and will stay there until you push it to the cloud. You will also need to run pulls to make sure that your local repository is kept updated if others share the repository.

9.  Now you are ready to make your first commit. You can create a new file, I’m calling mine “CommitTest”. Just add some words or a phrase to the file to test if things work.

vi CommitTest

10. To verify that everything works, use the command git status, and you should get the following output:

git status

On branch master

No commits yet

Untracked files:

  (use "git add <file>..." to include in what will be committed)

      CommitTest.txt

nothing added to commit but untracked files present (use "git add" to track)

11. To add the text file to your next upload run the add command

git add CommitTest.txt

Now the test file is in the “to be uploaded” category

12. Now we can send it to the local repository on your computer with the commit command, and this should be the output assuming it sent correctly

git commit

[master (root-commit) 8e3ac5d] Adding CommitTest.txt to repo

 Committer: name <name@name-mbp.attlocal.net>

Your name and email address were configured automatically based

on your username and hostname. Please check that they are accurate.

You can suppress this message by setting them explicitly:

    git config --global user.name "Your Name"

    git config --global user.email you@example.com

After doing this, you may fix the identity used for this commit with:

      git commit --amend --reset-author

 1 file changed, 1 insertion(+)

 create mode 100644 CommitTest.txt

13. We can run the git status command again and this should be the output

git status

On branch master

Your branch is based on 'origin/master', but the upstream is gone.

  (use "git branch --unset-upstream" to fixup)

nothing to commit, working tree clean

14. Now you will push the contents of your local repository to your AWS repository using the push command.

git push -u origin master

Counting objects: 3, done.

Delta compression using up to 4 threads.

Compressing objects: 100% (2/2), done.

Writing objects: 100% (3/3), 320 bytes | 320.00 KiB/s, done.

Total 3 (delta 0), reused 0 (delta 0)

To ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/testrepo

 * [new branch]      master -> master

15. If you plan to share this repository with others, they will need to go through the same steps as you did as far as making sure they are SSH compatible, and really everything but making the actual repository.

This could mean that others are uploading code to the repository that you might want. For this you simply run a git pull command whenever your want to sync your repository with that of the cloud one.

git pull

Already up to date

My output says I’m already up to date, but if there were things to pull it would say it there.

16. This step shows you how to share with others.

Switch to your /tmp directory now.

Run git clone to pull down a copy of the repository into the shared repo:

git clone ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/testrepo shared-test-repo

This helps with making sure that there is no significant data loss as well as not overwriting your main repository

Now switch to your /tmp/ repository

cd /tmp/shared-test-repo

Run git config to add another user name and email address represented by placeholders other-user-name and other-email-address (for example, John Doe and johndoe@example.com). This makes it easier to identify the commits the other user made

git config --local user.name "other-user-name" git config --local user.email other-email-address

Use a text editor to create an example text file in the shared-test-repo directory. I called mine sharedtest.txt

vi sharedtest

Run git add to stage the change to the shared repo:

git add sharedtest.txt

Run git commit to commit the change to the shared repo:

git commit -m "Added sharedtest.txt"

Run git push to push your initial commit through the default remote name Git uses for your AWS CodeCommit repository (origin), from the default branch in your local repo (master):

git push -u origin master

Sources:

http://docs.aws.amazon.com/codecommit/latest/userguide/getting-started.html#getting-started-create-repo

http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html?icmpid=docs_acc_console_connect

Monitoring with AWS CloudTrail

Monitoring in the AWS ecosystem can cover a wider range of actions than an on-premise data center, including the ability to monitor the API events issued against your account. In this course, Monitoring with AWS CloudTrail, you'll learn how to integrate CloudTrail events with CloudWatch Logs through several real-world examples. First, you will learn about the CloudTrail entry format. Next, you will learn how to create metric filters. Finally, you will combine this knowledge into CloudWatch alarms and notifications. By the end of this course, you'll be able to identify opportunities for monitoring API events in your AWS account and effectively deploy metric filters with CloudWatch alarms for appropriate notifications and response.

 

https://www.pluralsight.com/courses/monitoring-aws-cloudtrail

 

Implementing Amazon inspector

Security in the cloud can be difficult to implement using tools designed for on-premise data centers. In this course, Implementing Amazon Inspector, you'll learn how to automate ongoing security audits using this service on EC2 instances. First, you'll explore how to install the Inspector Agent. Next, you'll learn about the various components of the service and how to create audits. Finally, you'll discover how to implement manual or fully automated ongoing reports with notifications based on the findings. By the end of this course, you'll have an understanding of Amazon Inspector and some of it's most important uses.

https://www.pluralsight.com/courses/amazon-inspector-implementing

Ready to WFH?

I was recently asked for for tips for working form home by Secrets to Being Smarter, a blog for "where devs, IT admins and creative pros go for news tips and more". I have been based out of the home for over 6 years and have found that there is more to consider than 'shall I work from the couch, or the kitchen table?'

If you're currently working from home, or considering taking the plunge, consider the tips offered in this post. http://www.pluralsight.com/blog/career/smarter-secrets-working-from-home-tips