~CloudopsDigest~

 1.Create cluster Command-  eksctl create cluster --name demo-cluster --region us-east-1 --fargate (15 to 20 min) 2. Once cluster is ready check if it is visible in EKS 3. aws eks update-kubeconfig --name demo-cluster --region us-east-1 output- Added new context arn:aws:eks:us-east-1:533267033126:cluster/demo-cluster to C:\Users\Raghvendra Singh\.kube\config 4. creating fargate profile Command (linux)- eksctl create fargateprofile \          --cluster demo-cluster \          --region us-east-1 \          --name alb-sample-app \          --namespace game-2048 windows- eksctl create fargateprofile --cluster demo-cluster --region us-east-1 --name alb-sample-app --namespace game-2048 5. Application deployment- kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/examples/2048/2048_full.yaml 6. After deploying this app, run few c...

 Step 1: Identify the Network Interface Run the following command to list all network interfaces and their current configurations: Command- ip a Identify the name of the interface for which you want to assign a static IP address (e.g., eth0, ens33, etc.). Step 2: Edit the Network Configuration File Network interfaces are configured in files located under /etc/sysconfig/network-scripts/. You need to edit the configuration file of the specific network interface. For example, if the interface is eth0, open its configuration file with: Command- sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0 Step 3: Modify the Configuration In the configuration file, you need to ensure that the settings reflect the manual IP address assignment. Update or add the following lines: TYPE=Ethernet BOOTPROTO=static NAME=eth0 DEVICE=eth0 ONBOOT=yes IPADDR=192.168.1.100    # Replace with your desired IP address NETMASK=255.255.255.0    # Replace with your appropriate netmask GATEWAY=192....

  Stop Jenkins: On Linux, use sudo service jenkins stop. On Windows, stop the Jenkins service from the Services window. Access the Jenkins Home Directory: By default, the home directory is located at /var/lib/jenkins/ on Linux and %JENKINS_HOME% on Windows. Remove the config.xml for Security: In the Jenkins home directory, locate the config.xml file. Open it in a text editor and search for the <useSecurity> tag. Change the value to false: xml Copy code <useSecurity>false</useSecurity> File will look like below- Save the file and exit. Start Jenkins: Start Jenkins again (sudo service jenkins start for Linux). Jenkins should now start without asking for a login, and you can create a new user or reset the credentials. Re-enable Security: Once you've logged in and set up new credentials, go back to the config.xml file. Set <useSecurity> back to true and restart Jenkins to enable security again.

  Creating a comprehensive security checklist for AWS involves considering various aspects of security, including identity and access management, data protection, network security, monitoring, and compliance. Here's a generalized checklist to help you ensure the security of your AWS environment: 1. Identity and Access Management (IAM):    - Use IAM to manage user access to AWS services and resources.    - Follow the principle of least privilege, granting only the permissions necessary for users' roles.    - Regularly review IAM policies and roles to remove unnecessary permissions.    - Enable multi-factor authentication (MFA) for privileged accounts.    - Rotate access keys and credentials regularly. 2. Data Protection:    - Encrypt data at rest using AWS Key Management Service (KMS) or other encryption mechanisms.    - Encrypt data in transit using SSL/TLS for communication bet...

XDR (Extended Detection and Response) and MDR (Managed Detection and Response) are terms used in the field of cybersecurity, specifically in the context of threat detection and response. Let's break down each term: 1. XDR (Extended Detection and Response):    Definition: XDR is a security solution that evolved from traditional Endpoint Detection and Response (EDR) systems. It expands the scope beyond endpoints to include various security telemetry sources such as network traffic, cloud services, and email.    - Key Features:       - Cross-Layered Detection: XDR integrates and correlates data from multiple security layers, providing a more comprehensive view of potential threats. This may include endpoints, networks, emails, and cloud services.       - Analytics and Automation: XDR leverages advanced analytics and automation to identify patterns and anomalies in the collected data. It often incorporates machine learning and artificial int...

Using the AWS console: Sign in to AWS console and navigate to https://console.aws.amazon.com/ec2/ From the left navigation choose snapshots option. Select the actionable snapshot, choose actions. Choose the Copy Snapshot option. Check the encryption option. Under the Master key choose the kms key (It is recommended to choose KMS CMK when EBS snapshot consist of highly sensitive data). Click on copy. Once the newly encrypted snapshot is ready old snapshot should be deleted. Using AWS CLI $> aws ec2 copy-snapshot --description [description-for-new-snapshot] --destination-region [region-name] --encrypted --kms-key-id [kms-key-id] ---source-region [region-name] --source-snapshot-id [actionable-snapshot-id] Command reference: https://docs.aws.amazon.com/cli/latest/reference/ec2/copy-snapshot.html $> aws ec2 delete-snapshot --snapshot-id [actionable-snapshot-id] --region [region-name] Command reference: https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-snapshot.html Note: App...

  Identity theft happens when anyone steals your personal information, like your name, Social Security number, or credit card info, and uses it for fraud or other criminal activities. Below are some tips to help prevent identity theft: ● Protect your personal information: Be cautious when giving out your personal information online and offline. Don't share your Social Security number, credit card number, or other sensitive information unless you trust the source and must provide it. ● Strong passwords: Strong and unique passwords for all your accounts are must. Also, avoid using the same password for multiple accounts. Use a password manager to store passwords securely. ● Monitor accounts: Frequently review your bank and credit card statements for unauthorized transactions, and check your credit report once a year for any suspicious activity. ● Phishing scams: Emails, texts, or phone calls asking for your personal information or credentials could be a scam. Avoid clicking on links ...

  In this blog we will learn "How to check SSL certificate  number of days for expiration of our domain" I am going to show here in a Linux environment by using Shell script.  Create file by the name checkssl.sh - sudo nano checkssl.sh Code- Copy this code and save file. data=`echo | openssl s_client -servername $1 -connect $1:${2:-443} 2>/dev/null | openssl x509 -noout -enddate | sed -e 's#notAfter=##'` ssldate=`date -d "${data}" '+%s'` nowdate=`date '+%s'` diff="$((${ssldate}-${nowdate}))" echo $((${diff}/86400)) Output- You will get result as below

1. Cost Optimization: a. Resource Right-Sizing: Begin by analyzing the current resources in use on AWS and Azure. Identify any over-provisioned instances or underutilized resources. Utilize AWS and Azure tools like AWS Trusted Advisor, AWS Cost Explorer, and Azure Cost Management to gain insights into resource utilization and make informed decisions on right-sizing. b. Reserved Instances and Savings Plans: Investigate opportunities to leverage Reserved Instances (RIs) on AWS and Savings Plans on Azure. These commitment-based options can lead to substantial cost savings over pay-as-you-go pricing. c. Auto-Scaling: Implement auto-scaling for AWS and Azure resources to dynamically adjust resource capacity based on demand. This ensures that you are not over-provisioning resources during peak times and are not paying for idle capacity during low-demand periods. d. Storage Optimization: Evaluate your data storage practices, including the use of different storage classes, data archiving, ...

  Let's go through each of these areas and discuss some resource cleanup best practices, considerations, and specific actions you can take in the AWS environment 1. EC2 Instances: Regularly review your running instances and identify those that are no longer needed. Terminate instances that are not actively in use. Consider using Amazon EC2 Auto Scaling to dynamically adjust the number of instances based on demand. This can help optimize costs and resource utilization.Use Elastic Load Balancing (ELB) to distribute traffic across multiple instances, improving availability and reducing the impact of instance failures. Consider using AWS Lambda or EC2 instance-based automation to schedule instance start and stop times, particularly for non-production instances. 2. Amazon S3 Buckets: Use AWS Identity and Access Management (IAM) policies to control access to S3 buckets and objects. Regularly audit your S3 buckets to ensure they are not publicly accessible unless required. Implement bucke...

  Below are the few AWS services for their potential cost factors: 1.Amazon S3: S3 storage pricing is based on the amount of data stored, data transfer, and number of requests. Costs can vary based on storage class (Standard, Intelligent-Tiering, Glacier, etc.) and region. 2.Amazon ECS: ECS pricing includes costs for the underlying EC2 instances or Faregate resources used to run containers, as well as networking and data transfer costs. 3.Amazon EMR : EMR pricing depends on the instance types used for the cluster, data storage, data transfer, and the processing power needed. 4.AWS IAM: IAM itself is generally not associated with direct costs; you're billed for the resources you manage using IAM. 5.Amazon QuickSight: QuickSight pricing is based on the number of users and the amount of data processed for visualization. 6.AWS Glue: Glue pricing considers factors such as the number of development units (DPU) used for ETL jobs and the amount of data processed. 7.AWS Lambda: Lambda...

  If you receive this error when sending email through SMTP. Please check below settings in that smtp  account. Step 1- Login into smtp account through web(Browser login) Step 2- Less Secure Apps (Inbox Side): Open this url in same tab after login https://myaccount.google.com/lesssecureapps?pli=1 Step 3- Settings should be same below.  

  To avoid entering your Git token key manually every time, you can use Git's credential helper to save and cache your credentials. The following steps outline how to set it up: 1.Open a terminal or command prompt. 2. Set up the Git credential helper by running the following command: git config --global credential.helper cache This command configures Git to use the cache credential helper, which will store your credentials in memory for a certain period of time. 3.Set the cache timeout (optional): git config --global credential.helper 'cache --timeout=3600' This command sets the cache timeout to 3600 seconds (1 hour). After this period of inactivity, Git will prompt you to enter your credentials again. 4.The next time you interact with a remote Git repository that requires authentication, enter your username and password (or token) as you normally would. Git will cache these credentials for the specified timeout period. From now on, you won't have to enter your Git toke...

How to delete AWS NAT gateway- If you no longer need a NAT gateway, you can delete it. After you delete a NAT gateway, its entry remains visible in the Amazon VPC console for about an hour, after which it's automatically removed. You cannot remove this entry yourself. Deleting a NAT gateway disassociates its Elastic IP address, but does not release the address from your account. If you delete a NAT gateway, the NAT gateway routes remain in a blackhole status until you delete or update the routes. Below are the steps to perform this task. 1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/. 2 .In the navigation pane, choose NAT Gateways. 3. Select the radio button for the NAT gateway, and then choose Actions, Delete NAT gateway. 4.When prompted for confirmation, enter delete and then choose Delete. How to delete AWS  interface- Below are the steps to perform this task 1.Open the Amazon VPC console at https://console.aws.amazon.com/vpc/. 2.In the navigation pane, ch...

To run an Elastic Beanstalk application on SSL (https), you need to perform the following steps: Obtain an SSL certificate: First, you need to obtain an SSL certificate for your domain. You can either purchase one from a certificate authority or use a free SSL certificate from Let's Encrypt.       2.  Upload the SSL certificate to AWS Certificate Manager (ACM): Once you have obtained   the SSL certificate, you need to upload it to the AWS Certificate Manager (ACM). ACM is a service that lets you manage SSL/TLS certificates for your AWS resources. 3. Configure your Elastic Beanstalk environment: Next, you need to configure your Elastic Beanstalk environment to use the SSL certificate. You can do this by adding a listener to your Elastic Load Balancer (ELB) that is used by your Elastic Beanstalk environment. 4. Configure your DNS: Finally, you need to configure your DNS to route traffic to the HTTPS endpoint. You can do this by adding a CNAME rec...

  Moving your career into the cloud can provide many benefits and opportunities for growth. Here are some reasons why you should consider it: 1. High demand: Cloud computing is in high demand as businesses and organizations shift their infrastructure and services to the cloud. This means that there are plenty of job opportunities in the field, and it's likely that the demand will continue to grow. 2. Flexibility: Cloud computing allows for greater flexibility in terms of where and when you work. Many cloud computing jobs can be done remotely, which can provide more flexibility in terms of scheduling and location. 3. Constant innovation: The cloud is a fast-paced and constantly evolving field, with new technologies and tools being developed all the time. This means that there is always something new to learn and new opportunities for growth. 4. Competitive salaries: Cloud computing professionals are in high demand, which can lead to competitive salaries and benefits. Opportuniti...

 AWS Cloud Financial Management involves effectively managing the cost of using AWS services to ensure that the organization achieves maximum value from its cloud investment. Here are some key concepts to consider for managing your AWS cloud financials: Understand the AWS pricing model: AWS offers a pay-as-you-go pricing model, which means that you only pay for what you use. However, it's important to understand the various pricing components, such as compute, storage, data transfer, and other services to plan for and optimize costs. Establish cost management practices: AWS offers various tools for monitoring and analyzing usage and costs, such as AWS Cost Explorer, AWS Budgets, and AWS Cost Anomaly Detection. Establishing cost management practices, including setting budgets, defining cost allocation tags, and regularly reviewing usage and costs, can help you manage and optimize your cloud spend. Optimize usage and costs: There are several strategies for optimizing your usage an...

AWS uses a pay-as-you-go pricing model, which means that you only pay for the services that you actually use, and you are not required to make any upfront payments or long-term commitments. This can be a cost-effective way to use cloud services, especially if your usage patterns are unpredictable or if you need to scale up or down quickly. There are several factors that can affect the cost of using AWS services, including: 1.The type and quantity of services that you use 2.The region where you use the services 3.The amount of data transfer or storage that you use 4.The duration of your usage To get a more detailed understanding of the pricing for specific AWS services, you can refer to the AWS pricing page: https://aws.amazon.com/pricing/ Additionally, AWS provides a cost management tool called AWS Cost Explorer that allows you to view and analyze your AWS costs, and provides recommendations on how to optimize your spending. You can learn more about AWS Cost Explorer here: https://aws....

AWS Core Security EPICs refer to the foundational security features and capabilities provided by Amazon Web Services (AWS) to ensure the security of customer data and resources in the cloud. EPICs stands for "Elevated Privileges Isolation and Control," which are key principles of cloud security. Identity and Access Management (IAM) - AWS IAM is a powerful tool that helps users manage access to AWS resources. It provides a centralized view of all users and resources, allowing administrators to create, manage, and enforce security policies. IAM enables administrators to create roles with specific permissions, set up policies that define which actions can be performed on resources, and manage users and groups. IAM also supports multi-factor authentication (MFA), which provides an extra layer of security for users. Network Security - AWS provides a wide range of security controls to help protect the network infrastructure. These include virtual private cloud (VPC), network acces...

               Monitoring  your network is essential for several               reasons, including: Security: Monitoring your network can help you identify potential security breaches or threats, such as unauthorized access or suspicious activity. It allows you to take action quickly to prevent or minimize any damage caused by a security incident. Performance: Monitoring your network can help you identify performance issues such as slow network speed or bandwidth constraints. You can then take action to optimize your network to improve its performance. Availability: Network downtime can result in lost productivity and revenue. Monitoring your network can help you identify and resolve issues quickly, reducing the amount of downtime your network experiences.                                          ...