1. IAM User -> New User -> Demo_ECR Add Permissions policies 新增許可
a. 直接連接現有政策 AmazonEC2ContainerRegistryPowerUser
b. 建立policies -> Demo_ECR https://docs.aws.amazon.com/AmazonECR/latest/userguide/security-iam-awsmanpol.html
2. install aws cli tools windows https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-windows.html
3. aws ecr repositories -> private -> create repository input demo
Keep ooxxooxxooxxooxx.dkr.ecr.ap-northeast-1.amazonaws.com/demo
save
4. aws cli login powershell windows aws configure
go back IAM, show Demo_ECR -> 安全登入資料 security login
run 建立存取金鑰 create Access Key
copy new Access Key ID and AWS Secret Access Key
This problem, let me think my stupid manager and Smart Information Security Consultant before company.
Information Security Consultant Say GCP is very safe… Ya safe so customer lose.
https://www.tecmint.com/nginx-web-server-security-hardening-and-performance-tips/?fbclid=IwAR3WRK-N-buun8QIMDUbzes72-w6p8SKCxnzr0sGU_PFAyudPRbHiumtFu0
aws linux 官方
https://aws.amazon.com/tw/amazon-linux-ami/2017.09-release-notes/
ubuntu
https://segmentfault.com/a/1190000008395823
https://farer.org/2017/05/18/build-kernel-with-bbr-on-ec2-amazon-linux/
修改/etc/sysctl.conf文件,加入如下两行:
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
檢查
cat /proc/sys/net/ipv4/tcp_congestion_control
1、
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html#NATSG
1.1、Create instance form ami :ami-vpc-nat-hvm choese best new
***NAT AMI***
1.2、
Check.IPv4 forwarding is enabled and ICMP redirects are disabled in /etc/sysctl.d/10-nat-settings.conf
IPv4 forwarding =1
Run.A script located at /usr/sbin/configure-pat.sh runs at startup and configures iptables IP masquerading.
Here have problem, so must delete POSTROUTING
sudo iptables -t nat -D POSTROUTING 1
2、
https://holtstrom.com/michael/blog/post/400/Port-Forwarding-Gateway-via-iptables-on-Linux.html
eth0 10.0.0.219 52.78.165.129
eth1 10.0.1.149
web server 10.0.1.249
iptables -vxnL –line-numbers
iptables -t nat -vxnL –line-numbers
http://docs.aws.amazon.com/zh_cn/AWSEC2/latest/UserGuide/ebs-expand-volume.html#recognize-expanded-volume-linux
1、AWS console EC2 resizse
2、login EC2
2.1、 lsblk get info to disk size. Is resize ok?
2.2 resize2fs /dev/xvda1
If 2.2 finish, then resize faild. follow 2.3
2.3 parted /dev/xvda
2.3.1 parted> print all -> get disk real size
2.3.2 parted> resizepart
2.3.3 parted> 1
2.3.4 parted End?>put size is 2.3.1
2.3.5 parted>exit
then 2.2 again. If ok then 2.1 check age.
PS:
2.3.4 End?> -1
-1 最大磁碟空間
package main
import (
“fmt”
“log”
“net/http”
“io/ioutil”
“github.com/gorilla/mux”
“github.com/smartystreets/go-aws-auth”
)
func stopEC2InstanceHandler(w http.ResponseWriter, req *http.Request) {
vars := mux.Vars(req)
w.Write([]byte(fmt.Sprintf(“stopEC2InstanceHandler: %v \n\n”, vars[“id”])))
var Action = “StopInstances” //check aws website
var Version = “2016-11-15” //need to check api version from aws website
//regoin need to check url from aws website. ex: ap-northeast-2
//some region no support some action
apiUrl := “https://ec2.