AWS, Database Administrator

Manage the DynamoDB table with AWS CLI

Leave a comment

Introduction

You can use the AWS Console Manager to manage the DynamoDB table, alternatively, you can manage the DynamoDB table with AWS CLI in Linux as below.

Prerequisites

Before starting, you should have the following prerequisites configured

  • An AWS account
  • AWS CLI on your computer
  • Download and unzip the sample data, i will use sample data from the DynamoDB Developer Guide

Guide to creating and managing the DynamoDB table with AWS CLI

Topics

  • Create the DynamoDB table with AWS CLI
  • Load the data using the batch-write-item AWS CLI into DynamoDB table
  • DynamoDB table scan CLI command
  • DynamoDB table Query CLI command
  • DynamoDB table Query and Sort CLI command
  • DynamoDB table Scan and filter with CLI command
  • Insert data to DynamoDB table with CLI command
  • Update data to DynamoDB table with CLI command
  • Delete data of DynamoDB table with CLI command
  • Delete a value from a list type with the CLI command
  • DynamoDB transaction with CLI command
  • Using the Global Secondary Index
  • Delete Global Secondary Index with CLI command
  • Amazon DynamoDB point-in-time recovery (PITR) CLI command
  • Delete Amazon DynamoDB table CLI command

Create the DynamoDB table with AWS CLI

The following AWS CLI example creates DynamoDB tables with name ProductCatalog, Forum, Thread, Reply

aws dynamodb create-table \
--table-name ProductCatalog \
--attribute-definitions \
AttributeName=Id,AttributeType=N \
--key-schema \
AttributeName=Id,KeyType=HASH \
--provisioned-throughput \
ReadCapacityUnits=10,WriteCapacityUnits=5
aws dynamodb create-table \
--table-name Forum \
--attribute-definitions \
AttributeName=Name,AttributeType=S \
--key-schema \
AttributeName=Name,KeyType=HASH \
--provisioned-throughput \
ReadCapacityUnits=10,WriteCapacityUnits=5

aws dynamodb create-table \
--table-name Thread \
--attribute-definitions \
AttributeName=ForumName,AttributeType=S \
AttributeName=Subject,AttributeType=S \
--key-schema \
AttributeName=ForumName,KeyType=HASH \
AttributeName=Subject,KeyType=RANGE \
--provisioned-throughput \
ReadCapacityUnits=10,WriteCapacityUnits=5

aws dynamodb create-table \
--table-name Reply \
--attribute-definitions \
AttributeName=Id,AttributeType=S \
AttributeName=ReplyDateTime,AttributeType=S \
--key-schema \
AttributeName=Id,KeyType=HASH \
AttributeName=ReplyDateTime,KeyType=RANGE \
--provisioned-throughput \
ReadCapacityUnits=10,WriteCapacityUnits=5

This command returns the following result.

To verify that DynamoDB has finished creating, use the command

aws dynamodb describe-table --table-name ProductCatalog | grep TableStatus

This command returns the following result. When DynamoDB finishes creating the table, the value of the TableStatus field is set to ACTIVE

Load the data using the batch-write-item AWS CLI into DynamoDB table

Load the sample data using the batch-write-item CLI

aws dynamodb batch-write-item --request-items file://ProductCatalog.json
aws dynamodb batch-write-item --request-items file://Forum.json
aws dynamodb batch-write-item --request-items file://Thread.json
aws dynamodb batch-write-item --request-items file://Reply.json

This command returns the following result. After each data load, you should get this message saying that there were no Unprocessed Items

DynamoDB table scan CLI command

The scan will do a full table scan and return the items in 1MB chunks. Scanning is the slowest and most expensive way to get data out of DynamoDB. Try running a scan on the DynamoDB table

aws dynamodb scan --table-name Forum

This command returns the following result.

Read data from a DynamoDB table with the CLI command

GetItem is the fastest and cheapest way to get data out of DynamoDB as you must specify the full Primary Key so the command is guaranteed to match at most one item in the table.

The default behavior for DynamoDB is eventually consistent reads.

The following AWS CLI example reads an item from the ProductCatalog

aws dynamodb get-item --table-name ProductCatalog --key '{"Id":{"N":"101"}}'

There are many useful options for the get-item command, a few that get used regularly are:

  • –consistent-read : Specifying that you want a strongly consistent read
  • –projection-expression : Specifying that you only want certain attributes returned in the request
  • –return-consume-capacity : Tell us how much capacity was consumed by the request
aws dynamodb get-item \
    --table-name ProductCatalog \
    --key '{"Id":{"N":"101"}}' \
    --consistent-read \
    --projection-expression "ProductCategory, Price, Title" \
    --return-consumed-capacity TOTAL

This command returns the following result.

Performing this request consume 1.0 RCU, because this item is less than 4KB. If we run the command again but remove the –consistent-read option, this command returns the following result.

aws dynamodb get-item \
    --table-name ProductCatalog \
    --key '{"Id":{"N":"101"}}' \
    --projection-expression "ProductCategory, Price, Title" \
    --return-consumed-capacity TOTAL

You can do this either through the DynamoDB API or PartiQL, a SQL-compatible query language for DynamoDB.

PartiQL

aws dynamodb execute-statement --statement "SELECT ProductCategory, Price, Title FROM ProductCatalog WHERE Id=101" --return-consumed-capacity TOTAL

DynamoDB table Query CLI command

Just the Partition Key value query

aws dynamodb query \
    --table-name Reply \
    --key-condition-expression 'Id = :Id' \
    --expression-attribute-values '{
        ":Id" : {"S": "Amazon DynamoDB#DynamoDB Thread 1"}
    }' \
    --return-consumed-capacity TOTAL

This command returns the following result.

Partition Key and Sort Key Query

aws dynamodb query \
--table-name Reply \
--key-condition-expression 'Id = :Id and ReplyDateTime > :ts' \
--expression-attribute-values '{
":Id" : {"S": "Amazon DynamoDB#DynamoDB Thread 1"},
":ts" : {"S": "2015-09-21"}
}' \
--return-consumed-capacity TOTAL

PartiQL

aws dynamodb execute-statement --statement "SELECT * FROM Reply WHERE Id='Amazon DynamoDB#DynamoDB Thread 1' And ReplyDateTime > '2015-09-21'" --return-consumed-capacity TOTAL

With Id is Primary Key and ReplyDateTime is Sort Key

If you want to limit results based on non-key attributes, we can use Filter Expressions

aws dynamodb query \
    --table-name Reply \
    --key-condition-expression 'Id = :Id' \
    --filter-expression 'PostedBy = :user' \
    --expression-attribute-values '{
        ":Id" : {"S": "Amazon DynamoDB#DynamoDB Thread 1"},
        ":user" : {"S": "User B"}
    }' \
    --return-consumed-capacity TOTAL

PartiQL

aws dynamodb execute-statement --statement "SELECT * FROM Reply WHERE Id='Amazon DynamoDB#DynamoDB Thread 1' And PostedBy = 'User B'" --return-consumed-capacity TOTAL

With PostedBy attributes at the filter-expression option, this command returns the following result.

DynamoDB table Query and Sort CLI command

  • –scan-index-forward : order items in ascending order of the sort key. This would be analogous in SQL to “ORDER BY ReplyDateTime ASC”
  • –no-scan-index-forward : order items in descending order of the sort key. This would be analogous in SQL to “ORDER BY ReplyDateTime DESC”
  • –max-items : limit the number of items
aws dynamodb query \
    --table-name Reply \
    --key-condition-expression 'Id = :Id' \
    --expression-attribute-values '{
        ":Id" : {"S": "Amazon DynamoDB#DynamoDB Thread 1"}
    }' \
    --max-items 1 \
    --scan-index-forward  \
    --return-consumed-capacity TOTAL

PartiQL

aws dynamodb execute-statement --statement "SELECT * FROM Reply WHERE Id='Amazon DynamoDB#DynamoDB Thread 1' ORDER BY ReplyDateTime ASC" --limit 1  --return-consumed-capacity TOTAL

This command returns the following result.

Now let’s try without setting a limit on the number of items

#DynamoDB API
aws dynamodb query --table-name Reply --key-condition-expression 'Id = :Id' --expression-attribute-values '{":Id" : {"S": "Amazon DynamoDB#DynamoDB Thread 1"}}' --no-scan-index-forward --output table

#PartiQL
aws dynamodb execute-statement --statement "SELECT * FROM Reply WHERE Id='Amazon DynamoDB#DynamoDB Thread 1' ORDER BY ReplyDateTime DESC" --output table

This is sorted in descending order by sort key ReplyDateTime.

DynamoDB table Scan and filter with CLI command

 Scan will do a full table scan, however, we can specify a Filter Expression which will reduce the size of the result set, but it will not reduce the amount of capacity consumed.

#DynamoDB API
aws dynamodb scan \
    --table-name Forum \
    --filter-expression 'Threads >= :threads AND #Views >= :views' \
    --expression-attribute-values '{
        ":threads" : {"N": "1"},
        ":views" : {"N": "50"}
    }' \
    --expression-attribute-names '{"#Views" : "Views"}' \
    --return-consumed-capacity TOTAL
#PartiQL
aws dynamodb execute-statement --statement "SELECT * FROM Forum WHERE Threads >= 1 And Views >= 50"

This command returns the following result.

Insert data to DynamoDB table with CLI command

Creates a new item, or replaces an old item with a new item. If an item that has the same primary key as the new item already exists in the specified table, the new item completely replaces the existing item.

Let’s insert a new item into the Reply table.

#DynamoDB API
aws dynamodb put-item \
    --table-name Reply \
    --item '{
        "Id" : {"S": "Amazon DynamoDB#DynamoDB Thread 2"},
        "ReplyDateTime" : {"S": "2022-04-27T17:47:30Z"},
        "Message" : {"S": "DynamoDB Thread 2 Reply 3 text"},
        "PostedBy" : {"S": "User C"}
    }' \
    --return-consumed-capacity TOTAL

#PartiQL
aws dynamodb execute-statement --statement "INSERT INTO Reply value {'Id' : 'Amazon DynamoDB#DynamoDB Thread 2','ReplyDateTime' : '2023-04-27T17:47:30Z','Message' : 'DynamoDB Thread 2 Reply 4 text','PostedBy' : 'User C'}"

This command returns the following result.

Let’s insert an existing item with the put-item command

#DynamoDB API
aws dynamodb put-item \
    --table-name Reply \
    --item '{
        "Id" : {"S": "Amazon DynamoDB#DynamoDB Thread 2"},
        "ReplyDateTime" : {"S": "2022-04-27T17:47:30Z"},
        "Message" : {"S": "DynamoDB Thread 2 Reply 5 text"},
        "PostedBy" : {"S": "User C"}
    }' \
    --return-consumed-capacity TOTAL

#PartiQL
aws dynamodb execute-statement --statement "INSERT INTO Reply value {'Id' : 'Amazon DynamoDB#DynamoDB Thread 2','ReplyDateTime' : '2023-04-27T17:47:30Z','Message' : 'DynamoDB Thread 2 Reply 6 text','PostedBy' : 'User C'}"

With put-item, if an item that has the same primary key as the new item already exists in the specified table, the new item completely replaces the existing item. But with PartiQL, if the table already has an item with the same primary key as the primary key of the item being inserted, DuplicateItemException is returned.

With put-item, to prevent a new item from replacing an existing item, use a conditional expression that contains the attribute_not_exists function with the name of the attribute being used as the partition key for the table. 

aws dynamodb put-item \
    --table-name Reply \
    --item '{
        "Id" : {"S": "Amazon DynamoDB#DynamoDB Thread 2"},
        "ReplyDateTime" : {"S": "2022-04-27T17:47:30Z"},
        "Message" : {"S": "DynamoDB Thread 2 Reply 5 text"},
        "PostedBy" : {"S": "User C"}
    }' \
    --condition-expression "attribute_not_exists(Id) AND attribute_not_exists(ReplyDateTime)"

Update data to DynamoDB table with CLI command

With the update-item command, we can edit an existing item’s attributes, or add a new item to the table if it does not already exist.

#DynamoDB API
aws dynamodb update-item \
    --table-name Forum \
    --key '{
        "Name" : {"S": "Amazon DynamoDB"}
    }' \
    --update-expression "SET Messages = :newMessages" \
    --condition-expression "Messages = :oldMessages" \
    --expression-attribute-values '{
        ":oldMessages" : {"N": "4"},
        ":newMessages" : {"N": "5"}
    }' \
    --return-consumed-capacity TOTAL

#PartiQL(update and show value before update)
aws dynamodb execute-statement --statement "Update Forum SET Messages = 6 WHERE Name='Amazon DynamoDB' RETURNING ALL OLD *" --return-consumed-capacity TOTAL

This command returns the following result.

Let’s update the attribute of the type map with the CLI

#DynamoDB API
aws dynamodb update-item \
    --table-name ProductCatalog \
    --key '{
        "Id" : {"N": "201"}
    }' \
    --update-expression "SET #Color = list_append(#Color, :values)" \
    --expression-attribute-names '{"#Color": "Color"}' \
    --expression-attribute-values '{
        ":values" : {"L": [{"S" : "Blue"}, {"S" : "Yellow"}]}
    }' \
    --return-consumed-capacity TOTAL

#PartiQL
aws dynamodb execute-statement --statement "Update ProductCatalog SET Color = list_append(Color,['White']) WHERE Id = 201 RETURNING ALL NEW *" --return-consumed-capacity TOTAL

This command returns the following result.

Delete data of DynamoDB table with CLI command

The delete-item the command is used command to delete an item from the DynamoDB table. Because it won’t report an error if the key doesn’t exist, we can use the delete-item command to confirm the existence of an item before deleting it.

#Confirm
aws dynamodb get-item \
    --table-name Reply \
    --key '{
        "Id" : {"S": "Amazon DynamoDB#DynamoDB Thread 2"},
        "ReplyDateTime" : {"S": "2023-04-27T17:47:30Z"}
    }'
#Delete
aws dynamodb delete-item \
    --table-name Reply \
    --key '{
        "Id" : {"S": "Amazon DynamoDB#DynamoDB Thread 2"},
        "ReplyDateTime" : {"S": "2023-04-27T17:47:30Z"}
    }' \
 --return-consumed-capacity TOTAL

This command returns the following result.

PartiQL delete statements for DynamoDB

If the DynamoDB table does not have any item with the same primary key as that of the item for which the DELETE is issued, SUCCESS is returned with 0 items deleted. If the table has an item with same primary key, but the condition in the WHERE clause of the DELETE statement evaluates to false, ConditionalCheckFailedException is returned.

#PartiQL delete
aws dynamodb get-item --table-name Reply --key '{
        "Id" : {"S": "Amazon DynamoDB#DynamoDB Thread 2"},
        "ReplyDateTime" : {"S": "2022-04-27T17:47:30Z"}
    }'
aws dynamodb execute-statement --statement "DELETE FROM Reply WHERE Id = 'Amazon DynamoDB#DynamoDB Thread 2' AND ReplyDateTime = '2022-04-27T17:47:30Z'"

Delete a value from a list type with the CLI command

Delete from a list type using update-item API

#Confirm
aws dynamodb get-item --table-name ProductCatalog --key '{ "Id" : {"N": "201"} }'

#Delete 'Yellow', 'White' from list
aws dynamodb update-item --table-name ProductCatalog --key '{ "Id" : {"N": "201"} }' \
    --update-expression "REMOVE #Color[3], #Color[4]" \
    --expression-attribute-names '{"#Color": "Color"}' \
    --return-consumed-capacity TOTAL

Delete from a list type use PartiQL update statements

#Confirm
aws dynamodb get-item --table-name ProductCatalog --key '{ "Id" : {"N": "201"} }'

#Delete 'Blue' from Color list
aws dynamodb execute-statement --statement "UPDATE ProductCatalog REMOVE Color[2] WHERE Id=201" --return-consumed-capacity TOTAL

This command returns the following result.

DynamoDB transaction with CLI command

DynamoDB API TransactWriteItems is a synchronous write operation that groups up to 100 action requests. These actions can target items in different tables, but not in different Amazon Web Services accounts or Regions, and no two actions can target the same item. For example, you cannot both ConditionCheck and Update the same item. The aggregate size of the items in the transaction cannot exceed 4 MB.

The following example runs multiple statements as a transaction.

#DynamoDB API
aws dynamodb transact-write-items --client-request-token TRANSACTION1 --transact-items '[
    {
        "Put": {
            "TableName" : "Reply",
            "Item" : {
                "Id" : {"S": "Amazon DynamoDB#DynamoDB Thread 2"},
                "ReplyDateTime" : {"S": "2023-04-27T17:47:30Z"},
                "Message" : {"S": "DynamoDB Thread 2 Reply 3 text"},
                "PostedBy" : {"S": "User C"}
            }
        }
    },
    {
        "Update": {
            "TableName" : "Forum",
            "Key" : {"Name" : {"S": "Amazon DynamoDB"}},
            "UpdateExpression": "ADD Messages :inc",
            "ExpressionAttributeValues" : { ":inc": {"N" : "1"} }
        }
    }
]'

#PartiQL
aws dynamodb execute-transaction --transact-statements "[
    {
        \"Statement\": \"INSERT INTO Reply value {'Id':'Amazon DynamoDB#DynamoDB Thread 2','ReplyDateTime':'2023-08-26T17:47:30Z','Message':'DynamoDB Thread 2 Reply 4 text','PostedBy':'User C'}\"
    },
    {
        \"Statement\": \"UPDATE Forum SET Messages=8 where Name='Amazon DynamoDB'\"
    }
]"

#Confirm
aws dynamodb get-item --table-name Forum --key '{"Name" : {"S": "Amazon DynamoDB"}}'

PartiQL allows you to save your JSON code to a file and pass it to the –transact-statements parameter. Alternatively, you can enter it directly on the command line.

This command returns the following result.

Using the Global Secondary Index

To speed up queries on non-key attributes, you can create a global secondary index. A global secondary index contains a selection of attributes from the base table, but they are organized by a primary key that is different from that of the table. 

#Before create GSI
aws dynamodb scan \
    --table-name Reply \
    --filter-expression 'PostedBy = :user' \
    --expression-attribute-values '{
        ":user" : {"S": "User A"}
    }' \
    --return-consumed-capacity TOTAL

#create GSI
aws dynamodb update-table \
    --table-name Reply \
    --attribute-definitions AttributeName=PostedBy,AttributeType=S AttributeName=ReplyDateTime,AttributeType=S \
    --global-secondary-index-updates '[{
        "Create":{
            "IndexName": "PostedBy-ReplyDateTime-GSI",
            "KeySchema": [
                {
                    "AttributeName" : "PostedBy",
                    "KeyType": "HASH"
                },
                {
                    "AttributeName" : "ReplyDateTime",
                    "KeyType" : "RANGE"
                }
            ],
            "ProvisionedThroughput": {
                "ReadCapacityUnits": 2, "WriteCapacityUnits": 2
            },
            "Projection": {
                "ProjectionType": "ALL"
            }
        }
    }
]'

#GSI confirm
aws dynamodb query \
    --table-name Reply \
    --key-condition-expression 'PostedBy = :pb' \
    --expression-attribute-values '{
        ":pb" : {"S": "User A"}
    }' \
    --index-name PostedBy-ReplyDateTime-GSI \
    --return-consumed-capacity TOTAL

This command returns the following result.

Delete Global Secondary Index with CLI command

#GSI delete
aws dynamodb update-table \
    --table-name Reply \
    --global-secondary-index-updates '[{
        "Delete":{
            "IndexName": "PostedBy-ReplyDateTime-GSI"
        }
    }
]'

This command returns the following result.

Amazon DynamoDB point-in-time recovery (PITR) CLI command

The following procedure shows how to use the AWS CLI to restore an existing table named ProductCatalog to the LatestRestorableDateTime.

#Confirm that point-in-time recovery is enabled
aws dynamodb describe-continuous-backups --table-name ProductCatalog

#Enable
aws dynamodb update-continuous-backups --table-name ProductCatalog --point-in-time-recovery-specification PointInTimeRecoveryEnabled=True

#delete data
aws dynamodb delete-item --table-name ProductCatalog --key '{"Id" : {"N": "205"}}'

#Restore the table to the LatestRestorableDateTime
aws dynamodb restore-table-to-point-in-time \
    --source-table-name ProductCatalog \
    --target-table-name ProductCatalogMinutesAgo \
    --use-latest-restorable-time

To enable PITR for the ProductCatalog table, run the following command.

aws dynamodb update-continuous-backups --table-name ProductCatalog --point-in-time-recovery-specification PointInTimeRecoveryEnabled=True

Confirm that point-in-time recovery is enabled for the ProductCatalog table by using the describe-continuous-backups command.

aws dynamodb describe-continuous-backups --table-name ProductCatalog

delete data from ProductCatalog

aws dynamodb delete-item --table-name ProductCatalog --key '{"Id" : {"N": "205"}}'

Restore the table to a point in time. In this case, the ProductCatalog table is restored to the LatestRestorableDateTime (~5 minutes ago) to the same AWS Region.

aws dynamodb restore-table-to-point-in-time \
    --source-table-name ProductCatalog \
    --target-table-name ProductCatalogMinutesAgo \
    --use-latest-restorable-time

Check PITR of ProductCatalogMinutesAgo table

We must manually set the following on the restored table:

  • Auto scaling policies
  • AWS Identity and Access Management (IAM) policies
  • Amazon CloudWatch metrics and alarms
  • Tags
  • Stream settings
  • Time to Live (TTL) settings
  • Point-in-time recovery settings

Delete Amazon DynamoDB table CLI command

The delete-table operation deletes a table and all of its items, any indexes on that table are also deleted. If you have DynamoDB Streams enabled on the table, then the corresponding stream on that table goes into the DISABLED state and the stream is automatically deleted after 24 hours.

aws dynamodb delete-table --table-name Forum

We can use the describe-table action to check the status of the table.

Conclusion

These steps provide a general AWS CLI (DynamoDB API and PartiQL for DynamoDB) of the process to manage DynamoDB. The specific configuration details may vary depending on your environment and setup. It’s recommended to consult the relevant documentation from AWS for detailed instructions on setting up. I hope will this be helpful. Thank you for reading the DevopsRoles page!

Manage the DynamoDB table with AWS CLI

Refer

https://amazon-dynamodb-labs.workshop.aws/hands-on-labs.html

https://docs.aws.amazon.com/cli/latest/

AWS, Bash Script, Database Administrator

Manage the Aurora PostgreSQL global database

Leave a comment

Introduction

You can use the AWS Console Manager to manage the Aurora PostgreSQL global database, alternatively, you can manage the Aurora PostgreSQL global database using the AWS CLI in Linux(AWS Cloud9 for my lab) as below.

Guide to creating and managing the Aurora PostgreSQL global database using the AWS CLI.

This lab contains the following tasks

Create Aurora Postgresql global database from a Regional cluster using AWS CLI

Add reader instances in the Secondary Aurora DB cluster using AWS CLI

Perform a Managed Planned Failover to the secondary region using AWS CLI

Detaches an Aurora secondary cluster from an Aurora global database cluster using AWS CLI

Prerequisites

For this walkthrough, you should have the following prerequisites configured:

  • Amazon Aurora PostgreSQL cluster in a single region
  • AWS CLI environment deployed
  • Cluster Parameter Group Name, VPC Security Group, and DB Subnet Group were deployed into the primary region and the secondary region

Detail Steps

Create Aurora Postgresql global database from a Regional cluster using AWS CLI

On the primary AWS Region, execute the below code using AWS CLI 

# Get current cluster ARN
CLUSTER_ID=`aws rds describe-db-clusters --db-cluster-identifier aupg-labs-cluster --query 'DBClusters[*].DBClusterArn' | jq -r '.[0]'`

# convert the Aurora Provisioned cluster to global
aws rds create-global-cluster  --global-cluster-identifier auroralab-postgres-global --source-db-cluster-identifier $CLUSTER_ID

This operation will take 2-5 minutes to complete. 

In the next step, perform the following actions using AWS CLI to add a secondary region.

# obtain KeyID of the KMS key in the secondary region
aws kms describe-key --key-id alias/aws/rds --region us-west-1 --query 'KeyMetadata.KeyId'

# create the secondary cluster
aws rds --region us-east-1 \
  create-db-cluster \
     --db-cluster-identifier auroralab-postgres-secondary \
     --global-cluster-identifier auroralab-postgres-global \
     --engine aurora-postgresql \
     --kms-key-id d71e19d3-24a3-48cb-9e7f-10fbd28ef271 \
     --engine-version 15.3 \
     --db-cluster-parameter-group-name rds-apgcustomclusterparamgroup \
     --db-subnet-group-name aupg-labs-db-subnet-group \
     --vpc-security-group-ids sg-0cdcd29e64fd436c6 \
     --backup-retention-period 7 --region us-west-1

This operation will take 5-10 minutes to complete. 

Add reader instances in the Secondary Aurora DB cluster using AWS CLI 

# Database Parameter group
DB_PARAMETER_GP=`aws rds describe-db-parameter-groups --region us-west-1 --query 'DBParameterGroups[*].DBParameterGroupName' | jq -r '.[0]'`

# Enhanced Monitoring role ARN
MONITOR_R=`aws iam get-role --role-name aupg-labs-monitor-us-west-2 --query 'Role.Arn' --output text`

# Add a Reader instance to the secondary Aurora DB cluster
aws rds --region us-west-1 \
  create-db-instance \
     --db-instance-identifier auroralab-postgres-instance1 \
     --db-cluster-identifier auroralab-postgres-secondary \
     --db-instance-class db.r6g.large \
     --engine aurora-postgresql \
     --enable-performance-insights \
     --performance-insights-retention-period 7 \
     --db-parameter-group-name $DB_PARAMETER_GP \
     --monitoring-interval 1 \
     --monitoring-role-arn $MONITOR_R \
     --no-auto-minor-version-upgrade

This operation will take 5-10 minutes to complete. 

Perform a Managed Planned Failover to the secondary region using AWS CLI

This method is recommended for disaster recovery. When you use this method, Aurora automatically adds back the old primary Region to the global database as a secondary Region when it becomes available again. Thus, the original topology of your global cluster is maintained.

Before failover

Failover

aws rds failover-global-cluster --global-cluster-identifier auroralab-postgres-global --target-db-cluster-identifier arn:aws:rds:us-west-1:XXXXXXXXX:cluster:auroralab-postgres-secondary

Now that the managed failover is completed.

To recover from an unplanned outage refer Recovering an Amazon Aurora global database from an unplanned outage

This alternative method can be used when managed failover isn’t an option, for example, when your primary and secondary Regions are running incompatible engine versions.

Detaches an Aurora secondary cluster from an Aurora global database cluster using AWS CLI 

aws rds remove-from-global-cluster --global-cluster-identifier auroralab-postgres-global --db-cluster-identifier arn:aws:rds:us-west-2:XXXXXXXX:cluster:aupg-labs-cluster

This operation will take 5-10 minutes to complete. 

Now that the detach is completed.

And latest, the global database can be deleted with a command, see the AWS CLI document here:

aws rds delete-global-cluster --global-cluster-identifier <value>

Conclusion

These steps provide a general AWS CLI of the process of managing the Aurora global Postgresql instance. The specific configuration details may vary depending on your environment and setup. It’s recommended to consult the relevant documentation from AWS for detailed instructions on setting up.

Manage the Aurora PostgreSQL global database

I hope will this be helpful. Thank you for reading the DevopsRoles page!

Kubernetes

Exploring the Docker and Kubernetes comparison

Leave a comment

Introduction

Docker and Kubernetes are both open-source container platforms that enable the packaging and deployment of applications. We will Unravel the Enigmatic Docker and Kubernetes comparison.

In the realm of modern software deployment, where technology evolves at the speed of light, two names reign supreme: Docker and Kubernetes.

These two technological titans have transformed the landscape of application development, but they often find themselves in the spotlight together, leaving many wondering: what’s the real difference between Docker and Kubernetes? Buckle up as we embark on an illuminating journey through the cosmos of containers and orchestration.

What is Docker: The Art of Containerization

Docker, launched in 2013, is the pioneer in containerization technology. At its core, Docker allows developers to package an application and its dependencies, including libraries and configurations, into a single unit called a container.

Imagine Docker as a master craftsman, wielding tools to sculpt applications into self-contained, portable entities known as containers. Docker empowers developers to encapsulate an application along with its dependencies, libraries, and configurations into a single unit. This container becomes a traveler, capable of seamlessly transitioning between development environments, testing stages, and production servers.

The allure of Docker lies in its promise of consistency. No longer must developers grapple with the frustrating “it works on my machine” dilemma. Docker containers ensure that an application behaves the same way regardless of where it’s run, minimizing compatibility woes and facilitating smoother collaboration among developers.

What is Kubernetes: The Cosmic Choreographer

While Docker handles the creation and management of containers, Kubernetes steps in to manage the orchestration and deployment of these containers at scale. Launched by Google in 2014, Kubernetes provides a powerful solution for automating, scaling, and managing containerized applications.

In this cosmic dance of software deployment, Kubernetes steps onto the stage as a masterful choreographer, orchestrating the movement of containers with finesse and precision. Kubernetes introduces the concept of pods groups of interconnected containers that share network and storage resources. This dynamic entity enables seamless load balancing, ensuring smooth traffic distribution across the dance floor of application deployment.

Yet, Kubernetes offers more than elegant moves. It’s a wizard of automation, capable of dynamically scaling applications based on demand. Like a cosmic conductor, Kubernetes monitors the performance of applications and orchestrates adjustments, ensuring that the performance remains stellar even as the audience and the users grow.

Docker and Kubernetes comparison

Docker vs Kubernetes Pros and cons

Key Differences and Complementary Roles

While Docker and Kubernetes fulfill distinct roles, they synergize seamlessly to offer a holistic solution for containerization and orchestration. Docker excels in crafting portable and uniform containers that encapsulate applications, while Kubernetes steps in to oversee the intricate dance of deploying, scaling, and monitoring these containers.

Consider Docker the cornerstone of containerization, providing the essential building blocks that Kubernetes builds upon. Through Docker, developers elegantly wrap applications and dependencies in containers that maintain their coherence across diverse environments, from the intimate realms of development laptops to the grand stages of production servers.

On the contrasting side of the spectrum, Kubernetes emerges as the maestro of container lifecycle management. Its genius lies in abstracting the complex infrastructure beneath and orchestrating multifaceted tasks load balancing, scaling, mending, and updating with automated grace. As organizations venture into vast container deployments, Kubernetes emerges as the compass, ensuring not only high availability but also the optimal utilization of resources, resulting in a symphony of efficiency.

In conclusion

Docker and Kubernetes, though distinct technologies are interconnected in the world of modern software deployment. Docker empowers developers to create portable and consistent containers, while Kubernetes takes the reins of orchestration, automating the deployment and scaling of those containers. Together, they offer a robust ecosystem for building, deploying, and managing applications in today’s fast-paced and ever-changing technology landscape.

Thank you for reading Docker and Kubernetes comparison. I hope will this your helpful. Thank you for reading the DevopsRoles page!

AWS, Database Administrator

Manage the RDS PostgreSQL instance using the AWS CLI

Leave a comment

Table of Contents

Introduction

You can use the AWS Console Manager to manage the RDS PostgreSQL instance, alternatively, you can manage the RDS PostgreSQL instance using the AWS CLI in Linux as below.

Guide to creating and managing the RDS PostgreSQL instance using the AWS CLI.

This lab contains the following tasks

Step 1: Install AWS CLI into the Cloud9 instance

Step 2: Create an RDS PostgreSQL Instance using the AWS CLI

Step 3: Configure the RDS PostgreSQL client on the Cloud9 instance

Step 4: Create Read-replica using the AWS CLI

Step 5: Promote Read Replica into a standalone instance using the AWS CLI

Step 6: Scale up the instance using the AWS CLI

Step 7: Migrating to a Multi-AZ DB cluster using the AWS CLI

Step 8: Promote this Multi-AZ read replica cluster to a stand-alone cluster using the AWS CLI

Step 9: Create a read replica from a Multi-AZ read replica cluster using the AWS CLI

Step 10: Check if the instance is Multi-AZ using the AWS CLI

Step 11: Convert the instance to Multi-AZ using the AWS CLI

Step 12: Create an SNS Topic and an RDS Event Subscription using the AWS CLI

Step 13: Perform failover of a Multi-AZ RDS instance using the AWS CLI

Step 14: View the instance’s backups using the AWS CLI

Step 15: Take a manual snapshot of the RDS instance using the AWS CLI

Step 16: Restores an instance from the latest manual snapshot using the AWS CLI

Step 17: Point in time restore the RDS instance using the AWS CLI

Step 18: Delete the RDS instances using the AWS CLI

Step 19: Upgrading the engine version of RDS instances using the AWS CLI

Detail Steps

Step 1: Install AWS CLI into the Cloud9 instance

sudo rm -rf /usr/local/aws
sudo rm /usr/bin/aws
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
rm awscliv2.zip

Step 2: Create an RDS PostgreSQL Instance cluster using the AWS CLI

read -s -p "Enter a Password: " MASTER_USER_PASSWORD
AWSREGION=`aws configure get region`
DBSUBNETGRP=XXXXXXX
DBSECGRP=XXXXXXX
EMROLEARN=XXXXXXX
RDSKMSKEY=XXXXXXX

aws rds create-db-instance \
	--db-instance-identifier rds-pg-labs \
	--db-name pglab \
	--engine postgres \
	--engine-version 13.8 \
	--master-username masteruser \
	--master-user-password $MASTER_USER_PASSWORD \
	--db-instance-class db.t2.micro \
	--storage-type io1 \
	--iops 1000 \
	--allocated-storage 100 \
	--no-multi-az \
	--db-subnet-group $DBSUBNETGRP \
	--vpc-security-group-ids $DBSECGRP \
	--no-publicly-accessible \
	--enable-iam-database-authentication \
	--backup-retention-period 1 \
	--copy-tags-to-snapshot \
	--auto-minor-version-upgrade \
	--storage-encrypted \
	--kms-key-id $RDSKMSKEY \
	--monitoring-interval 1 \
	--monitoring-role-arn $EMROLEARN \
	--enable-performance-insights \
	--performance-insights-kms-key-id $RDSKMSKEY \
	--performance-insights-retention-period 7 \
	--enable-cloudwatch-logs-exports '["postgresql","upgrade"]' \
	--deletion-protection \
	--region $AWSREGION

Step 3: Configure the RDS PostgreSQL client on the Cloud9 instance

sudo amazon-linux-extras install -y postgresql14
sudo yum install -y postgresql-contrib sysbench jq
AWSREGION=`aws configure get region`
sudo amazon-linux-extras install -y postgresql14
sudo yum install -y postgresql-contrib sysbench jq
AWSREGION=`aws configure get region`
export DBUSER="XXXXXX"
export DBPASS="XXXXXX"

export PGHOST=rds-pg-labs.XXXXXX.us-east-1.rds.amazonaws.com
export PGUSER=$DBUSER
export PGPASSWORD="$DBPASS"
echo "export DBPASS=\"$DBPASS\"" >> /home/ec2-user/.bashrc
echo "export DBUSER=$DBUSER" >> /home/ec2-user/.bashrc
echo "export DBENDP=$DBENDP" >> /home/ec2-user/.bashrc
echo "export AWSREGION=$AWSREGION" >> /home/ec2-user/.bashrc
echo "export PGUSER=$DBUSER" >> /home/ec2-user/.bashrc
echo "export PGPASSWORD=\"$DBPASS\"" >> /home/ec2-user/.bashrc
echo "export PGHOST=$DBENDP" >> /home/ec2-user/.bashrc

Now, Verify DB Instance as bellow
psql pglab

Step 4: Create Read-replica cluster using the AWS CLI

AWSREGION=`aws configure get region`

aws rds create-db-instance-read-replica \
	--db-instance-identifier rds-pg-labs-read \
	--source-db-instance-identifier rds-pg-labs \
	--db-instance-class db.t3.medium \
	--region $AWSREGION

Step 5: Promote Read Replica into a standalone instance cluster using the AWS CLI

AWSREGION=`aws configure get region`
aws rds promote-read-replica \
--db-instance-identifier rds-pg-labs-read \
--backup-retention-period 1 \
--region $AWSREGION

Step 6: Scale up the instance using the AWS CLI

AWSREGION=`aws configure get region`
aws rds modify-db-instance \
	--db-instance-identifier rds-pg-labs \
	--db-instance-class db.t3.large \
	--apply-immediately \
	--region $AWSREGION

Step 7: Migrating to a Multi-AZ DB cluster cluster using the AWS CLI

ARN=`aws rds describe-db-instances --db-instance-identifier rds-pg-labs --query 'DBInstances[].DBInstanceArn' --output text --region $AWSREGION`

aws rds create-db-cluster \
        --db-cluster-identifier rds-pg-labs-cluster \
        --engine postgres \
        --replication-source-identifier $ARN \
        --db-cluster-instance-class db.r5d.large \
        --storage-type io1 --iops 1000 \
        --region $AWSREGION \
        --db-subnet-group-name XXXXXXX

Please note the following message.

An error occurred (InvalidSubnet) when calling the CreateDBCluster operation: No default subnet was detected in VPC. Please contact AWS Support to recreate the default Subnets.

An error occurred (InvalidParameterCombination) when calling the CreateDBCluster operation: The combination of engine version 13.8 and DB instance class db.t3.medium isn’t supported for Multi-AZ DB clusters.

Step 8: Promote this Multi-AZ read replica cluster to a stand-alone cluster using the AWS CLI

aws rds promote-read-replica-db-cluster \
        --db-cluster-identifier rds-pg-labs-cluster

Step 9: Create a read replica from a Multi-AZ read replica cluster using the AWS CLI

aws rds create-db-instance-read-replica \
   --db-instance-identifier rds-pg-labs-cluster-replica \
   --source-db-cluster-identifier rds-pg-labs-cluster

Note: For RDS for PostgreSQL, the source Multi-AZ DB cluster must be running version 15.2-R2 or higher to create a DB instance read replica. See other Limitations in the Amazon RDS User Guide.

Step 10: Check if the instance is Multi-AZ using the AWS CLI

AWSREGION=`aws configure get region`
aws rds describe-db-instances \
	--db-instance-identifier rds-pg-labs \
	--query 'DBInstances[].MultiAZ' \
	--output text \
	--region $AWSREGION

Step 11: Convert the instance to Multi-AZ using the AWS CLI

aws rds modify-db-instance \
	--db-instance-identifier rds-pg-labs \
	--multi-az \
	--apply-immediately \
	--region $AWSREGION

Confirm that your instance is now Multi-AZ

Step 12: Create an SNS Topic and an RDS Event Subscription using the AWS CLI

Step 13: Perform failover of a Multi-AZ RDS instance using the AWS CLI

# connection to the database at 10-second intervals
while true;
do
psql pglab -c 'select now() ,inet_server_addr(), pg_postmaster_start_time() '; 
echo -e "\n\n"
sleep 10
done

# reboot the instance with failover
AWSREGION=`aws configure get region`
aws rds reboot-db-instance --db-instance-identifier rds-pg-labs --force-failover --region $AWSREGION

Before failover

Failover

Step 14: View the instance’s backups using the AWS CLI

AWSREGION=`aws configure get region`

# List the automated backups for the instance
m

# List the snapshots for the instance
aws rds describe-db-snapshots \
	--db-instance-identifier rds-pg-labs \
	--region $AWSREGION --output table

# Check the Latest Restorable Time (LRT) of the instance
aws rds describe-db-instances \
	--db-instance-identifier rds-pg-labs \
	--query 'DBInstances[].LatestRestorableTime' \
	--region $AWSREGION \
	--output text

Step 15: Take a manual snapshot of the RDS instance using the AWS CLI

AWSREGION=`aws configure get region`

aws rds create-db-snapshot \
	--db-instance-identifier rds-pg-labs \
	--db-snapshot-identifier manual-snapshot-rds-pg-labs \
	--region $AWSREGION

Step 16: Restores an instance from the latest manual snapshot using the AWS CLI

AWSREGION=`aws configure get region`
# Get the Latest Manual Snapshot ID
LATESTSNAP=`aws rds describe-db-snapshots --db-instance-identifier rds-pg-labs --snapshot-type manual \
    --query 'DBSnapshots | sort_by(@, &SnapshotCreateTime) | [-1].DBSnapshotIdentifier' \
    --output text --region $AWSREGION`

# Restore the Snapshot
aws rds restore-db-instance-from-db-snapshot \
	--db-instance-identifier rds-pg-labs-restore-manual-snapshot \
	--db-snapshot-identifier $LATESTSNAP \
	--db-instance-class db.m6g.large \
	--region $AWSREGION \
    --db-subnet-group-name XXXXXXX
# Monitor the progress and status of the restoration 
aws rds describe-db-instances --db-instance-identifier rds-pg-labs-restore-manual-snapshot \
	--query 'DBInstances[0].[DBInstanceStatus,Endpoint.Address]' \
    --output text --region $AWSREGION

Monitor the progress and status of the restoration

Step 17: Point in time restore the RDS instance using the AWS CLI

AWSREGION=`aws configure get region`
# Lookup the latest restore time for your database
LASTRESTORE=`aws rds describe-db-instances \
  --db-instance-identifier rds-pg-labs \
  --region $AWSREGION \
  --query 'DBInstances[0].LatestRestorableTime' \
  --output text`

# or list restore time for your database
aws rds describe-db-snapshots --db-instance-identifier rds-pg-labs \
    --snapshot-type automated \
    --query 'DBSnapshots[].{ID:DBSnapshotIdentifier,Status:Status,Type:SnapshotType,CreateTime:SnapshotCreateTime}' \
    --output table \
    --region $AWSREGION

# Restore the database to the latest restorable time
aws rds restore-db-instance-to-point-in-time \
    --source-db-instance-identifier rds-pg-labs \
    --target-db-instance-identifier rds-pg-labs-restore-latest \
    --restore-time $LASTRESTORE \
    --db-subnet-group-name XXXXXXX

# Monitor the progress and status of the restoration 
aws rds describe-db-instances --db-instance-identifier rds-pg-labs-restore-latest \
	--query 'DBInstances[0].[DBInstanceStatus,Endpoint.Address]' \
    --output text --region $AWSREGION

Step 18: Delete the RDS instances using the AWS CLI

# list RDS instance
aws rds describe-db-instances --query "DBInstances[*].[DBInstanceIdentifier,Engine,DBInstanceStatus,Endpoint.Address]" --output table

AWSREGION=`aws configure get region`
# delete RDS instance
aws rds delete-db-instance \
	--db-instance-identifier rds-pg-labs-restore-latest \
	--skip-final-snapshot \
	--delete-automated-backups \
	--region $AWSREGION

Step 19: Upgrading the engine version of RDS instances using the AWS CLI

AWSREGION=`aws configure get region`
aws rds modify-db-instance --db-instance-identifier rds-pg-labs --engine-version 14.8 --allow-major-version-upgrade --apply-immediately --region $AWSREGION
aws rds describe-db-instances --db-instance-identifier rds-pg-labs --region $AWSREGION --query 'DBInstances[*].EngineVersion'

Conclusion

These steps provide a general AWS CLI of the process of managing RDS instances. The specific configuration details may vary depending on your environment and setup. It’s recommended to consult the relevant documentation from AWS for detailed instructions on setting up.

Manage the RDS PostgreSQL instance using the AWS CLI

I hope will this be helpful. Thank you for reading the DevopsRoles page!

Linux

How to count files in Linux

Leave a comment

Introduction

A Beginner’s Guide How to count files in Linux. To count files in a directory in Linux, you can use the ls command along with some options to list the files in the directory and then pipe the output to the wc (word count) command

How to count files in Linux

Linux file-counting methods

Using the ls command and wc Commands

This method counts all entries in the directory, including subdirectories and special files.

ls -1 | wc -l

Using the find Command

If you want to count only regular files (excluding directories and other types of files), you can use the find command in combination with the -type f option.

find /path/to/directory -maxdepth 1 -type f | wc -l

Replace /path/to/directory with the actual path of the directory you want to count files in.

The -maxdepth 1 option ensures that find doesn’t go into subdirectories.

To count only text files in a directory as the command below

find . -name "*.txt" -type f | wc -l

Using the ls command with the grep command

This method is similar to the first one but filters the output using grep to exclude directories from the count.

ls -l | grep -v '^d' | wc -l

Here, the grep -v ‘^d’ command filters out lines that start with ‘d’ (indicating directories) from the ls output.

Counting Files with ‘tree’

You can count all files in a directory, including subdirectories as the command below

tree -a | tail -1

Conclusion

In this tutorial, How to count files in Linux. Choose the method that best fits your needs and use case. Each approach has its advantages, so consider the scope and specificity you require when counting files in Linux. I hope will this your helpful. Thank you for reading the DevopsRoles page!

Linux

Linux rename file with Dates in Batches

Leave a comment

Introduction

In this tutorial, we’ll explore the process of batch Linux rename file with the inclusion of dates. You can use the rename command or a combination of find commands and mv commands to batch rename files in a directory with new filenames containing dates in Linux.

Linux rename file with Dates

Today I want to share how to batch rename files in a directory to new filenames with dates in Linux only with one command

For example, in my directory, I have files named like this:

  • test123.txt
  • test456.txt
  • test789.txt

The result after running the command looks like this:

20230805” is the execution date.

  • test123_20230805.txt
  • test456_20230805.txt
  • test789_20230805.txt

Batch Renaming Files with Date Appended

find -name "test[0-9][0-9][0-9].txt" -type f -exec sh -c 'mv -f {} "$(dirname {})/$(basename {} .txt)_$(date +%Y%m%d).txt"' \;

This command searches for and renames files in the current directory (and subdirectories) with names in the format test###.txt (where ### represents three digits).

  • find -name "test[0-9][0-9][0-9].txt": Searches for files with names matching the pattern test###.txt.
  • -type f: Only searches for files (not directories).
  • -exec sh -c '...' \;: Executes the shell command for each file found.
  • mv -f {}: Renames the file (forcing if necessary).
  • "$(dirname {})/$(basename {} .txt)_$(date +%Y%m%d).txt": Renames the file by removing the .txt extension, appending the current date (in YYYYMMDD format), and then adding back the .txt extension.

For example, test001.txt would be renamed to test001_20240812.txt (assuming the current date is August 12, 2024).

The outcome of rename file in Linux is depicted in the image below:

Conclusion

Remember to back up your files before performing batch operations like this, just to be safe. Also, modify the date format and naming convention as per your requirements. I hope will this be helpful. Thank you for reading the DevopsRoles page!

Linux

Secure Your Linux Applications: Configure SELinux for applications and services

Leave a comment

Introduction

Security-Enhanced Linux is a powerful security system that is enabled, by default, on most Linux distributions based on RHEL. Here are the general steps to configure SELinux for applications and services:

In this blog, we will explore the process of configuring SELinux to safeguard your applications, providing a detailed understanding of SELinux modes, Booleans, custom policies, and troubleshooting tips.

For example, the Apache web server. Apache on RHEL-based distributions defaults to the /var/httpd directory as the document root and ports 80 (for HTTP) and 443 (for HTTPS) when installed.

You can use a different directory and port for a website might opt for /opt as the document root and port 8080.

Out of the box, SELinux denies those nonstandard options, so they must be configured to work properly.

configure SELinux for nonstandard configurations

You also need a user with sudo privileges.

Install Apache

First, you need to install the Apache web server on a Linux distribution such as Rocky Linux, AlmaLinux, or RHEL.

sudo dnf install httpd -y
sudo systemctl enable --now httpd

Install SELinux Utilities (if needed):

If SELinux is not installed on your system, install the necessary packages. The package names might vary depending on your Linux distribution. For example, on CentOS/RHEL systems, you can use:

sudo dnf install policycoreutils-python-utils setroubleshoot selinux-policy selinux-policy-targeted selinux-utils -y

Check the default ports

To verify SELinux is allowing Apache to serve sites via the default ports,

The output terminal

http_cache_port_t    tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t    udp 3130
http_port_t          tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t  tcp 5988
pegasus_https_port_t tcp 5989

For example, change the port Apache 80 to 9099 port.

sudo nano /etc/httpd/conf/httpd.conf

Change Listen 80 to Listen 9099

Change the document root

The first, To change the document root in httpd.conf file.

DocumentRoot “/var/www/html” to DocumentRoot “/opt/www”

Create, and change permissions for the new document root as the command line below:

sudo mkdir /opt/www
sudo chmod -R ug+w /opt/www
sudo nano /opt/www/index.html #Create index file

In that file, paste the following:

<!DOCTYPE html>
<html>
<body>

<h1>Apache Welcome Page</h1>
<p>Welcome to Apache.</p>

</body>
</html>

Restart Apache

In order to restart Apache, make SELinux aware of the new port.

sudo semanage port -a -t http_port_t -p tcp 9099
sudo systemctl restart httpd # Restart Apache

Make SELinux aware of the directory

To do this with the following command

sudo matchpathcon /var/www/html /opt/www
sudo semanage fcontext -a -t httpd_sys_content_t "/opt/www(/.*)?"
sudo restorecon -RFvv /opt/

Open port 9099 via the firewall

Open port 9099 as the command line below:

sudo firewall-cmd --permanent --zone=public --add-port=9099/tcp
sudo firewall-cmd --reload

SELinux Understand

Understand SELinux Modes

SELinux has three main modes: enforcing, permissive, and disabled. The enforcing mode enforces security policies, the permissive mode logs policy violations but does not block actions, and the disabled mode turns off SELinux.

For production use, you should typically set SELinux to enforcing mode. You can temporarily set it to permissive mode for debugging purposes.

Set SELinux modes

To set the SELinux mode, use the following command:

sudo setenforce <enforcing | permissive | disabled>

For example, to set it to enforcing mode:

sudo setenforce enforcing

Testing and Troubleshooting SELinux:

If issues arise, review SELinux logs in /var/log/audit/audit.log and system logs to identify potential problems.

SELinux Booleans:

You can list available Booleans and their statuses using the semanage boolean -l or getsebool -a command. To change a Boolean value, use the setsebool command.

View SELinux Context:

You can view the SELinux context for a specific file or directory using the ls -Z command.

Creating Custom SELinux Policies (Optional):

This involves using SELinux policy development tools like audit2allow and semodule to define the necessary rules.

Conclusion

Incorporating SELinux into your Linux system’s security posture can significantly improve its resilience against cyber threats.

By following the steps outlined in this guide, you’ll be well-equipped to configure SELinux effectively for your applications and services, bolstering the overall security of your Linux environment.

Remember to continually monitor and update your SELinux configurations to keep up with evolving security challenges. I hope will this your helpful. Thank you for reading the DevopsRoles page!

AWS

How to share your Route 53 Domains across AWS accounts

Leave a comment

Introduction

How to share your Route 53 Domains across AWS accounts via Route 53 hosted zone. What I will do here is that I already have a Production account with the domain, so I want to use this domain on the Test account to conduct my other activities.

Share your Route 53 Domains across AWS accounts

To share your Route 53 Domains across AWS accounts, you can follow these general steps

  • Create a Public Hosted Zone in the Test account: In the Test create a public hosted zone in Route 53 for the domain you want to use
  • Create a record in the Product account: In the account that owns the domain, create a record in Route 53 Hosted Zone for the domain you want to share.
  • Create a record in the Test account: in the Test account, create a record to route traffic to ALB

Step by step: Share your Route 53 Domains across the AWS account

  1. Create a Public Hosted Zone in the Test account

When you have to fill out the information and return to your Route 53 hosted zone, you need to copy the 4 lines inside the value box, which contains the nameserver information you need to use in the next step.

  1. Create a record in the Product account

Paste the 4 nameservers from your Test account Route 53 Hosted Zone into the value list.

  1. Create a record in the Test account

In the Test account, create a record to route traffic to ALB

  1. Test page

Conclusion

These steps provide a general overview of the process. The specific configuration details may vary depending on your environment and setup. It’s recommended to consult the relevant documentation from AWS for detailed instructions on setting up. I hope will this be helpful. Thank you for reading the DevopsRoles page!

Refer to: This lab html uses the template of ChandraLingam

Linux

Mastering the curl Command in Linux

Leave a comment

Introduction

How to master the curl command in Linux. In this article, we’ll explore the capabilities of curl and learn how to leverage its features to simplify your web-related operations.

The command line interface (CLI) is a powerful ally for Linux users, providing efficient ways to perform various tasks. Among the multitude of commands available, curl stands out as a versatile tool for making HTTP requests and interacting with different protocols.

What is the curl command?

curl is a command-line utility that allows you to transfer data to or from a server, supporting various protocols such as HTTP, HTTPS, FTP, SMTP, and more. With its extensive range of options, curl empowers users to send and receive data using different methods, customize headers, handle authentication, and automate web-related tasks.

Basic Usage

The syntax of curl is straightforward. It follows this general structure:

curl [options] [URL]

You can simply run curl followed by a URL to send a GET request and retrieve the content of a web page. For example:

curl https://devopsroles.com

How to Use Curl Command in Linux

Saving a File using the curl command

If you prefer to save the downloaded file with a different name, you can use the -o option followed by the desired filename.

curl -o index.html https://devopsroles.com

curl command to download a file from FTP Server

curl -v -u demo:password -O ftp://test.devopsroles.com/readme.txt

The command you provided is using curl to download a file from an FTP server using basic authentication. Here’s an explanation of the options used in the command:

  • -v: Enables verbose output, providing detailed information about the request and response.
  • -u demo:password: Specifies the username and password for basic authentication. Replace the demo with the actual username and password with the corresponding password.
  • -O: Saves the downloaded file with its original name.
  • ftp://test.devopsroles.com/readme.txt: Specifies the FTP URL from which the file should be downloaded. Replace test.devopsroles.com with the actual FTP server address and readme.txt with the file name you want to download.

Testing If a Server Is Available or Not

curl -I https://test.devopsroles.com/

You can use it to send an HTTP HEAD request to the specified URL in order to retrieve the response headers.

  • -I: Specifies that curl should send an HTTP HEAD request instead of the default GET request. This means that only the response headers will be retrieved, and not the entire content of the page.
  • https://test.devopsroles.com/: Specifies the URL to which the request will be sent. Replace test.devopsroles.com with the actual domain or website you want to retrieve the headers from.

Check Server Response Time

How to measure the total time taken for the HTTP request to the specified website.

curl -w "%{time_total}\n" -o /dev/null devopsroles.com

When you run this command, curl will initiate an HTTP request to the specified website and measure the total time taken for the request.

  • -w “%{time_total}\n”: Specifies a custom output format using the -w option. In this case, %{time_total} is a placeholder that represents the total time taken for the request, and \n is a newline character that adds a line break after the output. The total time is measured in seconds.
  • -o /dev/null: Redirects the response body to /dev/null, which is a special device file in Unix-like systems that discards any data written to it. By doing this, we discard the response body and only focus on measuring the time taken for the request.
  • devopsroles.com: Specifies the URL of the website to which the HTTP request will be sent. Replace devopsroles.com with the actual domain or website you want to measure the time for.

Accessing Cookies with curl Command

curl --cookie-jar cookies.txt https://test.devopsroles.com/

When you run this command, curl will establish an SSL/TLS-encrypted connection to the specified website and send an HTTP request. The response headers received from the server may include cookies, and curl will save these cookies to the specified “cookies.txt” file.

These cookies can be used for subsequent requests by providing the –cookie option and specifying the cookie file.

Setting User Agent Value with curl command

Uses curl to make an HTTP request to the specified website while setting a custom user-agent header.

curl --user-agent "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" test.devopsroles.com
  • –user-agent “Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)”: Sets the User-Agent header in the HTTP request. In this case, the specified user-agent string is “Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)”. The User-Agent header provides information about the client or browser making the request. By setting a custom user-agent, you can emulate a specific browser or client behavior.
  • test.devopsroles.com: Specifies the URL of the website to which the HTTP request will be sent. Replace test.devopsroles.com with the actual domain or website you want to access.

Conclusion

The curl command is a powerful ally for Linux users, providing extensive capabilities to interact with web services and protocols. With its simple syntax and rich set of options, curl empowers you to perform a wide range of tasks, from retrieving web pages to sending data and handling authentication. By mastering curl, you can streamline your web-related operations and enhance your command line prowess.

Whether you’re a developer, sysadmin, or simply an avid Linux user, curl is a tool worth exploring. Its versatility and flexibility make it an invaluable asset for interacting with web services from the command line. Thank you for reading the DevopsRoles page.

Linux

Creating Files in Linux: A Comprehensive Guide

Leave a comment

Introduction

Creating files in Linux, whether you are a system administrator, developer, or everyday user. Linux offers several methods to create files, giving you flexibility and convenience.

In this tutorial, we will explore different approaches to creating files in Linux, including command-line tools and text editors.

Creating Files in Linux

Method 1: Using the touch Command

The touch command is a versatile tool in Linux primarily used to update file timestamps. However, it can also create a new file if it doesn’t already exist.

To create a new file using the touch command, use the following syntax:

Replace filename.txt with the desired name and extension for your file. The touch command will create a new empty file with the specified name if it doesn’t already exist.

  • You can refer to the touch command in Linux with the example here.

Method 2: Using the echo Command and Output Redirection

Another method to create a file in Linux is by using the echo command in combination with output redirection.

To create a file and write content to it using echo, use the following syntax:

Replace “Content” with the desired content you want to write and filename.txt with the desired name and extension for your file. The > symbol redirects the output of the echo command to the specified file.

  • You can refer to the echo command in Linux with Examples here.

Method 3: Using a Text Editor

Linux provides various text editors that allow you to create and edit files. Some popular text editors include vi, vim, nano, and gedit. Using a text editor gives you more flexibility to create files and input content.

To create a file using a text editor, execute the respective command for the desired text editor, followed by the filename:

nano filename.txt
vi filename.txt
vim filename.txt

This command will open the specified text editor with a new file for editing. You can then start typing or paste existing content into the file. After making changes, save the file and exit the editor according to the editor’s instructions.

Conclusion

Creating files in Linux is a straightforward process with multiple methods at your disposal. The touch command allows you to quickly create empty files, while the echo command combined with output redirection lets you create files and populate them with content.

Additionally, text editors provide a more interactive approach to file creation, allowing you to input and edit content. Choose the method that suits your needs and preferences, and leverage the power of Linux to efficiently create and manage files on your system. I hope will this your helpful. Thank you for reading the DevopsRoles page!

Devops Tutorial

Exit mobile version