Category: Amazon AWS

  • Move Elastic IP from one AWS Account to Another

    Move Elastic IP from one AWS Account to Another

    AWS Elastic IP is a static, public IPv4 address that you can allocate and associate with your AWS resources, such as Amazon EC2 instances and Network Interface. It provides a persistent public IP address that remains associated with your resources even if they are stopped or restarted.

    Transferring an AWS Elastic IP address to another AWS account can be useful in scenarios where you want to migrate resources between accounts or share resources with another account.

    Enable Transfer (on source AWS Account)

    1. Log in to the AWS Management Console using the credentials of the source AWS account.
    2. Navigate to the EC2 Dashboard.
    3. In the left-hand menu, click on “Elastic IPs” under the “Network & Security” section.
    4. Select the Elastic IP address that you want to migrate to the other account.
    5. Click on the “Actions” button at the top of the Elastic IPs table.
    6. Choose “Enbale transfers” from the dropdown menu.
    7. It will show a popup page, where you need to enter destination AWS Account ID and confirm by typing enable. Click submit.

    Transfer AWS Elastic IP

    Accept Transfer on Destination AWS Account

    1. Log in to the AWS Management Console using the credentials of the destination AWS account.
    2. Navigate to the EC2 Dashboard.
    3. In the left-hand menu, click on “Elastic IPs” under the “Network & Security” section.
    4. Click on the “Actions” button at the top of the Elastic IP addresses page.
    5. Scroll down and select “Accept transfers”.
    6. In the popup, enter the IP address you need to accept, click “Submit” button, EIP will be transferred instantly.

    Accept Elastic IP Transfer

    Back to AWS

  • How to enable root ssh in Amazon Lightsail instance

    How to enable root ssh in Amazon Lightsail instance

    Amazon lightsail instances do not allow ssh root access by default. You have to log in as user “ubuntu” or “ec2-user”, then use the command “sudo” to become user root. This is done for security. There are some circumstances where you need to enable direct SSH login to lightsail server.

    How to enable root ssh in ubuntu lightsail instgance

    Login as user ubuntu, then edit the file 

    sudo vi /root/.ssh/authorized_keys

    In the file, you will notice the default ssh key has already been added. But in the front the line, you have the following string

    no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"ubuntu\" rather than the user \"root\".';echo;sleep 10"

    You need to remove this text, so you have the ssh key remaining in the file. SSH public key starts with the text ssh-rsa.

    Now you should be able to log in to the server with SSH user root and default ssh key file (pem file).

    Back to Amazon Lightsail

  • How to Upgrade PHP on Bitnami WordPress in AWS Lightsail

    How to Upgrade PHP on Bitnami WordPress in AWS Lightsail

    I have an old Bitnami WordPress server on the Amazon Lightsail server. Bitnami does not support upgrading the PHP version. The recommended solution is to create a new bitnami WordPress instance and migrate the website to the new lightsail instance. Since this server had many websites configured, I do not want to migrate the websites to the new bitnami WordPress instance. Here is how I upgraded the PHP version on bitnami Debian 10 server from PHP 7.3 to PHP 8.1

    What we do is install the PHP version provided by the OS. Then update php.ini to use the non-defult MySQL socket location used by the Bitnami server. Create a php-fpm pool that runs as the “daemon” user. After that, we update the Apache configuration to use the new PHP version.

    First, enable PHP repository

    apt -y install apt-transport-https lsb-release ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list

    Install PHP 8.1

    apt update
apt install -y  php8.1-bcmath php8.1-cli php8.1-common php8.1-curl php8.1-gd php8.1-imap php8.1-intl php8.1-mbstring php8.1-mysql php8.1-readline php8.1-soap php8.1-xml php8.1-xmlrpc php8.1-zip php8.1-fpm

    If you need a different version of PHP, change 8.1 with whatever version you need.

    Edit php.ini file

    vi /etc/php/8.1/fpm/php.ini

    Find

    [Pdo_mysql]
; Default socket name for local MySQL connects.  If empty, uses the built-in
; MySQL defaults.
pdo_mysql.default_socket=

    Replace with

    [Pdo_mysql]
; Default socket name for local MySQL connects.  If empty, uses the built-in
; MySQL defaults.
pdo_mysql.default_socket= "/opt/bitnami/mysql/tmp/mysql.sock"

    Find

    mysqli.default_socket =

    Replace with

    mysqli.default_socket = "/opt/bitnami/mysql/tmp/mysql.sock"

    Create a php-fpm pool file

    vi /etc/php/8.1/fpm/pool.d/wp.conf

    add

    [wordpress]
listen=/opt/bitnami/php/var/run/ww2.sock
user=daemon
group=daemon
listen.owner=daemon
listen.group=daemon
pm=dynamic
pm.max_children=5
pm.start_servers=2
pm.min_spare_servers=1
pm.max_spare_servers=3
pm.max_requests=5000

    This pool will listen on unix socket “/opt/bitnami/php/var/run/ww2.sock”.

    Enable and restart PHP 8.1 fpm service

    systemctl enable php8.1-fpm
systemctl restart php8.1-fpm

    Edit file

    vi /opt/bitnami/apache2/conf/bitnami/php-fpm.conf

    For some installations, file is located at

    vi /opt/bitnami/apache2/conf/php-fpm-apache.conf

    Inside you file find

    
  
  
  
    
      SetHandler "proxy:fcgi://www-fpm"

    Find

    www.sock

    Replace With

    www2.sock

    Restart Apache

    sudo /opt/bitnami/ctlscript.sh restart apache

    See Bitnami

  • How to Open Port in Amazon EC2 instance

    How to Open Port in Amazon EC2 instance

    By default Amazon EC2 only allow port 22 (SSH) on Linux servers and port 3389 (RDP) on Windows Instances. All other ports are closed for security reasons. Depending on your use case, you may need to open ports on the security group to allow connection to applications you run on the EC2 instance.

    Log in to the Amazon EC2 console.

    In the navigation pane, click instances. This will list all available Amazon EC2 instances. Find the instance ID of the EC2 instance where you need to open the port.

    AWS EC2 instance ID

    Click on the Instance ID to find more details about the Amazon EC2 server.

    AWS EC2 Security Group

    On the AWS EC2 Instance details page, click on the “Security” tab. Below you will see “security groups”. A security group is like a firewall, you can allow/disallow incoming and outgoing ports here. Click on the Security Group ID to go to the security group page.

    Amazon EC2 security group details

    Click on the “Edit inbound rules” button. You can add or remove rules on the “Edit inbound rules” page.

    Open Port in AWS

    To Ope a port, click on “Add rule” button.

    how to add inbound rules in aws ec2

    To open a port, you need to add a rule for the port by clicking “Add rule” button.

    You will get a new entry, where you need to select your rule.

    Type = This is a drop-down select box with the default value “Custom TCP”. You can find many predefined rules for common services like HTTP, HTTPS, MySQL, etc.. You can use Custom TCP or Custom UDP, then enter the port number you need to open.

    Port range = You can enter the port number to open on this text box.

    Source = This is IP add where you are allowed to connect. To allow all connections, use 0.0.0.0/0

    Description – optional = you can enter a note so you know what this port is used for.

    Once you added this, click on the “Save rule” button to save the rule. It will configure the security group to allow the port you added.

    aws ec2 open port 8080

    This screenshot shows the rules needed to Open Port 8080 on the AWS security group for Anyone.

    Back to Amazon EC2

  • How to export Amazon Route 53 DNS Zone

    How to export Amazon Route 53 DNS Zone

    To export DNS Records for a domain, you can use AWS CLI.

    First, you need to make an Access key to use with AWS CLI. To configure AWS CLI, run the command

    aws configure

    You need to enter “Access Key ID:” and “Secret Access Key”. You can generate these in the AWS console by clicking on your name in the right top corner. Then from the drop-down menu, select “Security Credentials”. This will take you to page

    https://us-east-1.console.aws.amazon.com/iam/home?region=us-east-1#/security_credentials

    In the above URL us-east-1, can be changed with any region code.

    AWS Security Credentials

    On this page, expand “Access keys (access key ID and secret access key)”, then to create Access Key, click on the “Create New Access Key” button.

    To list all DNS Zones, use the command

    aws route53 list-hosted-zones --output json

    From the result, you need to find the numeric id of the hosted zone.

    Example

    boby@sok-01:~$ aws route53 list-hosted-zones --output json
{
    "HostedZones": [
        {
            "Id": "/hostedzone/Z049372530XJK28PE5FZG",
            "Name": "serverok.in.",
            "CallerReference": "62949efe-088c-44fc-8f02-5f3f5b9fafc3",
            "Config": {
                "Comment": "My DNS Zone",
                "PrivateZone": false
            },
            "ResourceRecordSetCount": 18
        }
    ]
}
boby@sok-01:~$

    In the above example, the zone id is Z049372530XJK28PE5FZG

    To list all DNS records for the zone, use the command

    aws route53 list-resource-record-sets --hosted-zone-id ZONE_ID_HERE --output json

    You can use jq command to list DNS records in non json LogFormat

    aws route53 list-resource-record-sets --hosted-zone-id Z049372530XJK28PE5FZG --output json | jq -jr '.ResourceRecordSets[] | "\(.Name) \t\(.TTL) \t\(.Type) \t\(.ResourceRecords[]?.Value)\n"'

    In the above command, Z049372530XJK28PE5FZG is the zone id for the domain. Replace it with your DNS zone id.

    Back to Route 53