Changing Root Access Key to IAM Users on AWS

I got an old AWS instance created way back 2009 when I was still learning and only way to access AWS resources through the API was through an access id and security access key. Unfortunately during that time there were no IAM yet. Fast forward a year or so this is highly insecure as those access keys have root access. Best practice is to use IAM and create a user which you add to a Group assigned with the specific policy permissions.

We got a notice from AWS that we need to either rotate or delete our access keys. But better way to do it is create a new user instead.
1. First go to AWS console then IAM, on your dashboard you would see something like this if you have an access key generated from the root.
Delete Root Access Key2. Click accordion tab to expand and click on Manage Security Credentials

3. Expand Access Keys (Access Key ID and Secret Access Key) and check any access keys and where you likely used them. In my case I use them for Amazon SES via PHP SimpleEmailService class.

4. Delete the access keys.

5. Go to on Groups, click Create a Group then Give a name, Attach Policy – AdministratorAccess and AmazonSESFullAcces, then save.

 

Groups

6. Go to User, click on Create User and download the new access key and access secret key.

7. Assign the user to the group.

That should be it.

Now update any of your files that you use the previous root key.

 

 

How to run on WordPress on a LEMP stack on Amazon EC2

At last, finally found time to move my blog on LEMP(Linux, Nginx, MySQL and PHP-FPM) stack and it just one of the many goals I have set for starting overhauling this blog and over the coming days I’ll be optimizing it further and come up with a fresh new design. I’ve been running this blog on Amazon EC2 LAMP stack on t1.micro instance. With micro instances you have limited processing power and memory. Running apache is kinda like an overkill, MySQL most often times crashes due to running out of memory and this layout design is outdated and not responsive. I’ve been focused too much on Salesforce development that I’ve completely snobbed this blog and first love which is designing, web development.

Here a short 3 part tutorial for setting up EC2, LEMP and WordPress

    Part 1 Setup EC2 instance

  • Sign up for AWS account
  • Create a new instance
  • Select Linux distro either Ubuntu 14.04 or higher (HVM preferred)
  • Select t2.micro instance and run through the wizard
  • Edit the security group and make sure you add SSH and HTTP rules
  • Then launch and download your key
  • Once launched get the public IP
  • On Mac SSH using pem key to the IP
    eg. sudo ssh -i my.pem ubuntu@1.1.1.1
  • Part 2 Setup Nginx,MySQL and PHP-FPM

  • Once connect make sure you update your distro local package (sudo apt-get update)
  • Next install nginx
    sudo apt-get install nginx
  • Install MySQL Server
    sudo apt-get install mysql-server
  • Setup MySQL structure
    sudo mysql_install_db
  • Run secure MySQL script and follow the prompts
    sudo mysql_secure_installation
  • Install PHP
    sudo apt-get install php5-fpm php5-mysql
  • Install PHP
    sudo apt-get install php5-fpm php5-mysql
  • Secure PHP
    sudo vi /etc/php5/fpm/php.ini
    Uncomment and set to cgi.fix_pathinfo=0
  • Restart PHP
    sudo service php5-fpm restart
  • Edit nginx configuration to read PHP
    sudo vi /etc/nginx/sites-available/default
  • Add index.php to be parsed
    index index.php index.html index.htm;
  • Restart nginx
    sudo service nginx restart
  • Setup server permissions
    sudo chown -R demo:www-data /var/www/html/*
    sudo chown -R www-data /var/www/wordpress
  • Sweet! Finally you can install your wordpress.

Configure WordPress Update on Ubuntu EC2 instance

EC2 instances uses SFTP and not FTP. Since you do not have a password. The easiest way to configure the WordPress update is via command line. SSH into your instance and enter the following.

sudo chown -R www-data /var/www/wordpress

sudo chmod -R 755 /var/www/wordpress

Troubleshoot AWS SimpleEmailService – Sender – RequestExpired

On our AWS EC2 instance email delivery stopped working without any notice. Customers started reporting that they are not receiving their emails. Better check your error logs.

If you find something like this.

PHP Warning: SimpleEmailService::sendEmail(): Sender – RequestExpired: Request timestamp: Sun, 15 Sep 2013 06:39:50 UTC expired. It must be within 300 secs/ of server time.\nRequest Id: 552d8117-1dd2-11e3-a1bc-29ded7e8e9e2\n

This basically means that the timestamp of our server is off and does match the Amazon Simple Email Service. It is off by almost 300 secs.

By why will our server time suddenly be off. It appears that server time needs to be synch to a central NTP server. You can try the following suggested solutions.

1. Update locally
Install the ntpdate package on your system.
#sudo apt-get install ntpdate
#sudo /usr/sbin/ntpdate 128.101.101.101

2. Run and check against existing NTP Servers
#sudo /usr/sbin/ntpdate 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org 2.north-america.pool.ntp.org 3.north-america.pool.ntp.org

Kudos to Mind Geek for the second solution.

Error on EC2 Command Line Interface Tool Mac OS X

Just recently Amazon Web Services(AWS) has started offering AWS Certifications for Solutions Architect. I got excited of the thought of having a new certification under my belt so I jumped back to getting myself acquainted back to AWS. One of my first thing I needed to do was to get up to speed with the latest enhancements and tools.

First thing is there is a new method for setting up EC2 Command Line Interface(CLI) Tool, new method prefers the AWS_ACCESS_KEY and the AWS_SECRET_KEY, the old method is going to be deprecated in the future.

If you try adding the AWS_ACCESS_KEY and AWS_SECRET_KEY and then removed the EC2_PRIVATE_KEY and EC2_CERT on your setup environment(~/.bash_profile). When you run any ec2 command like

ec2-describe-instances

You might run into this error.

Required option '-K, --private-key KEY' missing (-h for usage)

Took me awhile to figure it out but the error is caused by an oudated CLI Tool. Since the old tool does not recognize the AWS_ACCESS_KEY and AWS_SECRET_KEY on your environment even if they are properly setup.

The quick solution is upgrade the CLI Tool and replace the bin and lib on your /.ec2 folder. That should be it. One post just for that simple solution. Hope somebody find that useful.

BTW major updates are coming soon for this site. I’ll redesigning it and be moving this blog to a nginx server soon to speed it up.

Move WordPress site from shared hosting to Amazon EC2

This is a followup post from last week when I moved this blog from shared hosting on Bluehost.com to Amazon Web Services EC2 Micro instance.

Basically the steps are straightforward for your old host
1. First is backup all your files
2. Backup the database.

Next series of steps are for the AWS side, first is to create an account
3. Create an account by signing up at aws.amazon.com and go through all verification to get your account activated.
Read the rest of this entry »

Permissions are too open. Warning! Unprotected Private Key File

I’m planning on taking on a Linux certification exam soon so I’ll be dropping some quick fix and tricks here for notes.

If you are getting an error when trying to SSH to your server with your private key, this means your permissions are too open.

Quick fix enter the following the command line.

#chmod 600 mykeyfile.pem

Finally moved my blog hosting to be hosted on the Cloud with AWS EC2 Micro package

When I first signed up to Bluehost they advertise the $4.95 per month cost of shared hosting. But after your the first(year(s)) subscription runs out the monthly would be $8.95/month and that’s not so cheap. Since I’ve been into Cloud Computing for years and my not so active blog needs a new host I finally moved my blog hosting from shared hosting on bluehost to Amazon Web Services EC2 for FREE. I chose a Micro Instance with an Ubuntu Linux image and got setup my server setup in 5 mins.

Read the rest of this entry »

Installing GoDaddy SSL on an EC2 Ubuntu Instance in AWS

If you have sensitive data on your site, you may want to install an SSL Certificate to make it more secure. Here is a brief tutorial being on AWS EC2 Ubuntu instance on how to set it up.

My server settings are Apache2 and Ubuntu 9.x
Read the rest of this entry »

Amazon RDS instance time zone workarounds

If you have an EC2 instance to run your application and an RDS instance for your database. On your EC2 instance you are in luck as you can easily change the time zone of the machine. Like set it to GST or by location like below

# ln -sf ../usr/share/zoneinfo/Asia/Dubai /etc/localtime

Read the rest of this entry »