itsecureadmin.com

Category: Tip of the day!

  • IMDSv2 Calls w/ Older Boto3

    I had a recent problem where I needed to disable IMDSv1 on an older application that could not be upgraded. The boto3 version was 1.8.9 and would require significant changes to support IMDSv2. Instead of upgrading, I was able to set the AWS config and credentials using puppet, using the EC2 instance profile role. This […]

  • Accessing Docker as non-root user on Ubuntu 20.04

    After installing docker on Ubuntu 20.04, in order to run docker commands against the docker daemon, you must add the user to the docker group. If a permissions denied state persists, try logging out and back in again before running additional commands. The most common error message is: If you are using the ubuntu user, […]

  • Using minikube instead of Docker Desktop on Mac OS

    With the recent license changes on Docker Desktop, many users have switched to minikube on Mac. minikube is simple to setup and run, and also gives you kubernetes. Everyone should be using kubernetes. This assumes the user is using brew for package management and that Docker Desktop has been removed. After this installation, docker commands […]

  • Drain and Replace EKS Worker Nodes

    Unliked managed node groups, EKS worker node groups have to be recycled outside EKS after updating the AMI reference. I recently migrated all of my hosted sites from ECS to EKS and am using terragrunt/terraform for all infrastructure as code. I then upgraded the AMI that I used for the worker node groups and had […]

  • Find Windows Server Version from the Command Line

    Here is a useful command that will show which Windows Version is installed: systeminfo | findstr /B /C:”OS Name” /C:”OS Version”

  • Proxy SQL Services Reporting Server with HAProxy

    A common issue with SQL Server Reporting Services is to proxy the server so it is not exposed on the internet. This is difficult to do with nginx, apache, and others due to NTLM authentication, although nginx offers a paid version that supports NTLM authentication. One easy fix is to use HAProxy and use TCP […]

  • AWS Access Keys in S3 Bucket Policies

    I’ve seen what appeared to be AWS Access Keys in S3 bucket policies as an AWS principal in the past. I could never figure out why this was happening and nobody appeared to be adding them. The Access Key never showed up as a valid user Access Key in a search of IAM objects either. […]

  • Apache Airflow 1.10.2– Active Directory Authentication (via LDAP[s])

    This basic guide assumes a functional airflow deployment, albeit without authentication, or perhaps, with LDAP authentication under the legacy UI scheme. This guide also assumes apache airflow 1.10.2, installed via pip using MySQL and Redis. The guide also assumes Amazon Linux on an EC2 instance. Pre-requisites: An Active Directory service account to use as the […]

  • Adding Global Environment Variables to Jenkins via puppet…

    When using Jenkins in any environment, it’s useful to have variables related to that environment available to Jenkins jobs. I recently worked on a project where I used puppet to deploy global environment variables to Jenkins for use with AWS commands — typically to execute the awscli, one must have knowledge of the region, account, […]

  • Retrieving puppet facts from AWS System Manager

    AWS System Manager makes it easy to store and retrieve parameters for use across servers, services, and applications in AWS. One great benefit is storing secrets for use, as needed. I recently needed to retrieve some parameters to place in a configuration file via puppet and wrote a short script to retrieve these values as […]