Tuesday, April 9, 2013
AWS - S3 - Apply bucket policy for public read and office IP read and write
Here's the sample S3 Bucket policy when you have a pulic read bucket but only restrict write/update access to office network
If you enable everyone list your bucket from permission menu, everyone could grep the whole list of our bucket object by browsing your root domain url
{
"Id": "Policy1346919974114",
"Statement": [
{
"Sid": "Stmt1346917860156",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::origin-pdf.domain.com/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"110.174.240.29/26",
"175.143.152.282/32"
]
}
},
"Principal": {
"AWS": [
"*"
]
}
},
{
"Sid": "Stmt1346919900506",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::origin-pdf.domain.com/*",
"Principal": {
"AWS": [
"*"
]
}
}
]
}
Saturday, April 6, 2013
DevOps Toolbox - Mount New volume to EC2
This should be a piece of coke for a most sysadmin, but if you only do it once in a blue moon(or start aging like me), you would probably spend 30mins googling. So I decided to write it down.
==
1. Attach the new EBS volume to your instance from console
2. Login into your instance on the command line and do and run
(# represents the command prompt):
# ls /dev
You should see that /dev/sdf has been created for you
# ls /dev
You should see that /dev/sdf has been created for you
3. Format /dev/sdf by running:
# mkfs.ext3 or mkfs.ext4 /dev/sdf
It will warn you that this an entire device. You should type y to allow the process to continue unless you want to create specific partitions on this device
# mkfs.ext3 or mkfs.ext4 /dev/sdf
It will warn you that this an entire device. You should type y to allow the process to continue unless you want to create specific partitions on this device
4. Create a directory to mount your new drive as on the
filesystem, for example we’ll use /var:
# mkdir /var (first mv var to var.bk)
# mkdir /var (first mv var to var.bk)
5. Add a reference in the fstab file to mount the newly
formatted drive onto the /files directory by running the following command:
# echo “/dev/sdb /files ext4 noatime 0 0″ >> /etc/fstab
# echo “/dev/sdb /files ext4 noatime 0 0″ >> /etc/fstab
6. Mount the drive by running:
# mount /var
# mount /var
7. Check your drive has mounted correctly with the expected
amount of file space by running:
# df -h /var
# df -h /var
It really is that simple, within a few cli commands you can
simply add 1GB to 1TB of storage at the drop of a hat!
Source: http://www.digitaltactics.co.uk/linux/how-to-mount-an-amazon-ebs-disk-as-a-drive-in-linux-centos/
Subscribe to:
Posts (Atom)