DEV Community: ChungWei Wei

[Public Speech] 2024 Community Days Public Speech

ChungWei Wei — Sun, 03 Nov 2024 09:27:51 +0000

Record For My Public Speech Everytimes

Website

Deck

[AWS] How To Transfer S3 To Another Account S3 Bucket

ChungWei Wei — Sun, 08 Sep 2024 15:10:17 +0000

Situation

Need Transfer S3 Object To Another Account's S3 Bucket

How To

Part Account A (Source Account) Step 1

In IAM Service Create New Role For DataSync

After Created Role, Add Custom Policy, Change `"arn:aws:s3:::<destination-bucket-name>` & `"arn:aws:s3:::<destination-bucket-name>/*"`

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::<destination-bucket-name>"
    },
    {
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:ListMultipartUploadParts",
        "s3:PutObject",
        "s3:GetObjectTagging",
        "s3:PutObjectTagging"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::<destination-bucket-name>/*"
    }
  ]
}

Part Of Account B (Destination Account) Step 2

Create S3 Bucket For Destination, And Add Bucket Policy Source Account Role Name

Bucket Policy

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "DataSyncCreateS3LocationAndTaskAccess",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::120340392319:role/gw-demo-datasync"
            },
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListBucket",
                "s3:ListBucketMultipartUploads",
                "s3:AbortMultipartUpload",
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:ListMultipartUploadParts",
                "s3:PutObject",
                "s3:GetObjectTagging",
                "s3:PutObjectTagging"
            ],
            "Resource": [
                "arn:aws:s3:::gw-demo-des-bucket",
                "arn:aws:s3:::gw-demo-des-bucket/*"
            ]
        },
        {
            "Sid": "DataSyncCreateS3Location",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<account_id>:role/role-name"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::gw-demo-des-bucket"
        }
    ]
}

Part Account A (Source Account) Step 3

Change Custom Policy And Create DataSync Location

Source Account Location

Create Destination Location

aws datasync create-location-s3 \
  --s3-bucket-arn arn:aws:s3:::<destination-bucket> \
  --region <destination-bucket-region> \
  --s3-config '{
    "BucketAccessRoleArn":"arn:aws:iam::<source-account-id>:role/<source-datasync-role>"
  }'

After Create, You Can See Location Have Two Hosts

Part Account A (Source Account) Step 4

Then Create Tasks, Run That

Part Of Account B (Destination Account) Step 5

Verify Sync After Finished

Ref Doc URL

[Git] Git Push Get Hung Up Error

ChungWei Wei — Thu, 08 Aug 2024 16:44:11 +0000

Situation

When Run `git push` , The Log Show `fatal: the remote end hung up unexpectedly`

Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 10 threads
Compressing objects: 100% (3/3), done.
send-pack: unexpected disconnect while reading sideband packet
Writing objects: 100% (3/3), 9.94 MiB | 8.26 MiB/s, done.
Total 3 (delta 1), reused 0 (delta 0), pack-reused 0
fatal: the remote end hung up unexpectedly
Everything up-to-date

How To

Add Git Config And Re-Push Again

git config --local http.postBuffer 524288000

Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 10 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 9.94 MiB | 14.31 MiB/s, done.
Total 3 (delta 1), reused 0 (delta 0), pack-reused 0
remote: Validating objects: 100%
To https://git-codecommit.us-east-1.amazonaws.com/v1/repos/<your-repo>
   9115319..94a8c94  main -> main

Root Cause

The Git `http.postBuffer` Default Is 1 MiB, So Need Change Config

http.postBuffer
Maximum size in bytes of the buffer used by smart HTTP transports when POSTing data to the remote system. For requests larger than this buffer size, HTTP/1.1 and Transfer-Encoding: chunked is used to avoid creating a massive pack file locally. Default is 1 MiB, which is sufficient for most requests.

Note that raising this limit is only effective for disabling chunked transfer encoding and therefore should be used only where the remote server or a proxy only supports HTTP/1.0 or is noncompliant with the HTTP standard. Raising this is not, in general, an effective solution for most push problems, but can increase memory consumption significantly since the entire buffer is allocated even for small pushes.

[AWS] How To Get Parameter Store From EC2 UserData

ChungWei Wei — Tue, 02 Apr 2024 06:01:27 +0000

Situation

Get Parameter Store When EC2 Launch New Instance

How To

Add Parameter Store

Add Role Policy Into `IAM Instance Profile`

create new policy `get-demo-parameter` and attach to `iam instance profile`

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ssm:GetParameter",
            "Resource": "arn:aws:ssm:ap-northeast-1:<your-account-id>:parameter/<parameter-store-name>
        }
    ]
}

Launch New VM Instance And Add UserData

User Data Script

#!/bin/bash

export AWS_DEFAULT_REGION=ap-northeast-1

get_para=$(aws ssm get-parameter --name <parameter-name> --query Parameter.Value --output text)
echo $get_para > /tmp/para.txt

After Boot Finished

Debug From Cloud-Init Log



cat /var/log/cloud-init.log

[AWS] How To Connect Site To Site VPN With EdgeRouter X

ChungWei Wei — Mon, 22 Jan 2024 15:39:57 +0000

Environment

Cloud

CIDR : 172.31.0.0/16
Public : X.X.X.X

On-Premise

CIDR : 172.16.0.0/16
Public : Y.Y.Y.Y # How To ## Part of AWS
Create Customer Gateway (CGW) #### Create CGW

Enter Name tag, GP ASN, Certificate ARN

Create Virtual Private Gateway (VGW) #### Create VGW

Enter The Name, And Choice ASN

Attach VPC

Setting Route Table

Create Static Route Table
Create Site to Site VPN Connect

Create VPN Connect

Enter, Choice VPN Tunnel Information

Enter Tunnel Options

After Create Then Wait

Download Conf If Needed

Part of Edge Router X

ssh adm@fw

# Conf mode
configure

# Enable the auto-firewall-nat-exclude feature which automatically creates the IPsec firewall/NAT policies in the firewall.iptables
set vpn ipsec auto-firewall-nat-exclude enable

# Create the IKE / Phase 1 (P1) Security Associations (SAs) and enable Dead Peer Detection (DPD).
set vpn ipsec ike-group FOO0 key-exchange ikev1
set vpn ipsec ike-group FOO0 lifetime 28800
set vpn ipsec ike-group FOO0 proposal 1 dh-group 2
set vpn ipsec ike-group FOO0 proposal 1 encryption aes128
set vpn ipsec ike-group FOO0 proposal 1 hash sha1
set vpn ipsec ike-group FOO0 dead-peer-detection action restart
set vpn ipsec ike-group FOO0 dead-peer-detection interval 15
set vpn ipsec ike-group FOO0 dead-peer-detection timeout 30


# Create the ESP / Phase 2 (P2) SAs and enable Perfect Forward Secrecy (PFS)
set vpn ipsec esp-group FOO0 lifetime 3600
set vpn ipsec esp-group FOO0 pfs enable
set vpn ipsec esp-group FOO0 proposal 1 encryption aes128
set vpn ipsec esp-group FOO0 proposal 1 hash sha1

# Define the first AWS peer address
set vpn ipsec site-to-site peer <VGW_IP> authentication mode pre-shared-secret
set vpn ipsec site-to-site peer <VGW_IP> authentication pre-shared-secret <Secret_From_Download_File>
set vpn ipsec site-to-site peer <VGW_IP> connection-type initiate
set vpn ipsec site-to-site peer <VGW_IP> description ipsec-aws
set vpn ipsec site-to-site peer <VGW_IP> local-address <Your_Pub_IP>

# Link the SAs created above to the first AWS peer and bind the VPN to a virtual tunnel interface (vti0).
set vpn ipsec site-to-site peer 192.0.2.1 ike-group FOO0
set vpn ipsec site-to-site peer 192.0.2.1 vti bind vti0
set vpn ipsec site-to-site peer 192.0.2.1 vti esp-group FOO0

# Configure the RFC 3927 IP addresses on the virtual tunnel interfaces
set interfaces vti vti0 address 169.254.x.x/30

# Lower the TCP Maximum Segment Size (MSS) on the vti interfaces to 1379.
set firewall options mss-clamp interface-type vti
set firewall options mss-clamp mss 1379

# Set route table
set protocols static interface-route 172.31.0.0/16 next-hop-interface vti0

# Apply conf & save conf
commit ; save

# Verify ike
show vpn ipsec ike-group FOO0
 dead-peer-detection {
     action restart
     interval 15
     timeout 30
 }
 ikev2-reauth no
 key-exchange ikev1
 lifetime 28800
 proposal 1 {
     dh-group 2
     encryption aes128
     hash sha1

# Verify esp
show vpn ipsec esp-group FOO0
 compression disable
 lifetime 3600
 mode tunnel
 pfs enable
 proposal 1 {
     encryption aes128
     hash sha1
    }
# Verify ipsec
show vpn ipsec site-to-site peer

peer <AWS_VGW_IP> {
     authentication {
         mode pre-shared-secret
         pre-shared-secret <AWS_Secret>
     }
     connection-type initiate
     description ipsec-AWS
     ike-group FOO0
     local-address <Local_Pub_IP>
     vti {
         bind vti0
         esp-group FOO0
     }
 }

Wait To Tunnel Up

Verify

[AWS] How To Create Site To Site From EdgeRouter X With AWS

ChungWei Wei — Mon, 22 Jan 2024 15:10:11 +0000

Environment

Cloud

### CIDR : 172.31.0.0/16
### Public : X.X.X.X

On-Premise

### CIDR : 172.16.0.0/16
### Public : Y.Y.Y.Y # How To ## Part of AWS
### Create Customer Gateway (CGW) #### Create CGW

Enter Name tag, GP ASN, Certificate ARN

### Create Virtual Private Gateway (VGW) #### Create VGW

Enter The Name, And Choice ASN

Attach VPC

Setting Route Table

Create Static Route Table
Create Site to Site VPN Connect

Create VPN Connect

Enter, Choice VPN Tunnel Information

Enter Tunnel Options

After Create Then Wait

Download Conf If Needed

Part of Edge Router X

ssh adm@fw

# Conf mode
configure

# Enable the auto-firewall-nat-exclude feature which automatically creates the IPsec firewall/NAT policies in the firewall.iptables
set vpn ipsec auto-firewall-nat-exclude enable

# Create the IKE / Phase 1 (P1) Security Associations (SAs) and enable Dead Peer Detection (DPD).
set vpn ipsec ike-group FOO0 key-exchange ikev1
set vpn ipsec ike-group FOO0 lifetime 28800
set vpn ipsec ike-group FOO0 proposal 1 dh-group 2
set vpn ipsec ike-group FOO0 proposal 1 encryption aes128
set vpn ipsec ike-group FOO0 proposal 1 hash sha1
set vpn ipsec ike-group FOO0 dead-peer-detection action restart
set vpn ipsec ike-group FOO0 dead-peer-detection interval 15
set vpn ipsec ike-group FOO0 dead-peer-detection timeout 30


# Create the ESP / Phase 2 (P2) SAs and enable Perfect Forward Secrecy (PFS)
set vpn ipsec esp-group FOO0 lifetime 3600
set vpn ipsec esp-group FOO0 pfs enable
set vpn ipsec esp-group FOO0 proposal 1 encryption aes128
set vpn ipsec esp-group FOO0 proposal 1 hash sha1

# Define the first AWS peer address
set vpn ipsec site-to-site peer <VGW_IP> authentication mode pre-shared-secret
set vpn ipsec site-to-site peer <VGW_IP> authentication pre-shared-secret <Secret_From_Download_File>
set vpn ipsec site-to-site peer <VGW_IP> connection-type initiate
set vpn ipsec site-to-site peer <VGW_IP> description ipsec-aws
set vpn ipsec site-to-site peer <VGW_IP> local-address <Your_Pub_IP>

# Link the SAs created above to the first AWS peer and bind the VPN to a virtual tunnel interface (vti0).
set vpn ipsec site-to-site peer 192.0.2.1 ike-group FOO0
set vpn ipsec site-to-site peer 192.0.2.1 vti bind vti0
set vpn ipsec site-to-site peer 192.0.2.1 vti esp-group FOO0

# Configure the RFC 3927 IP addresses on the virtual tunnel interfaces
set interfaces vti vti0 address 169.254.x.x/30

# Lower the TCP Maximum Segment Size (MSS) on the vti interfaces to 1379.
set firewall options mss-clamp interface-type vti
set firewall options mss-clamp mss 1379

# Set route table
set protocols static interface-route 172.31.0.0/16 next-hop-interface vti0

# Apply conf & save conf
commit ; save

# Verify ike
show vpn ipsec ike-group FOO0
 dead-peer-detection {
     action restart
     interval 15
     timeout 30
 }
 ikev2-reauth no
 key-exchange ikev1
 lifetime 28800
 proposal 1 {
     dh-group 2
     encryption aes128
     hash sha1


# Verify esp
show vpn ipsec esp-group FOO0
 compression disable
 lifetime 3600
 mode tunnel
 pfs enable
 proposal 1 {
     encryption aes128
     hash sha1
    }
# Verify ipsec
show vpn ipsec site-to-site peer

peer <AWS_VGW_IP> {
     authentication {
         mode pre-shared-secret
         pre-shared-secret <AWS_Secret>
     }
     connection-type initiate
     description ipsec-AWS
     ike-group FOO0
     local-address <Local_Pub_IP>
     vti {
         bind vti0
         esp-group FOO0
     }
 }

Wait To Tunnel Up

Verify

[AWS] How To Add Basic Auth With Amazon CloudFront

ChungWei Wei — Thu, 28 Dec 2023 02:55:26 +0000

Situation

Want Set Basic Auth With AWS CloudFront

How To

Architecture

Conponent

Amazon S3
AWS CloudFront
AWS CloudFront Function

Part Of CloudFront Function

Create New CloudFront Function

Enter Function Name , And Choice js-1.0 Runtime

Enter The Code

Part Of CloudFront

Create New Behavior

On Function Associations, Choice Viewer request Setting `CloudFront Functions` And Select `Function Name`

Verify

[GCP] Google Cloud Certified - Professional Cloud Network Engineer

ChungWei Wei — Fri, 24 Nov 2023 19:42:44 +0000

這次準備的內容為 `GCP Certified - Professional Cloud Network Engineer` 的認證

學習路徑為依然為 Jayendra's Blog 與官方文件

考試相關內容如下：

120 分鐘內考 50 題選擇題, 包含多選
考試內容大多為網路方面的調整與選擇
Interconnect, Cloud Route, Shared VPC, Loan Balancer
有關於 GKE Cluster 與 Pod 的網段要稍稍計算一下
依照題型給予的狀況去選擇適合的 LoadBalancer 也有出現好幾題

最後, 就不免俗的放上證照 :D

[Docker] Build Flask Service Docker Image

ChungWei Wei — Sun, 15 Oct 2023 16:31:55 +0000

Env

All Component

### Alpine Linux Image With Python 3.12 ( recommendation )
### Python Package List
### Source Code

Image

Folder Tree

Build Image

File `dockerfile`

~/demo/docker-img/flask (master*) » cat dockerfile

FROM python:alpine3.18
WORKDIR /api
ADD ./files/ /api
RUN pip install -r requirements.txt
CMD python main.py

File `requirements.txt`

~/demo/docker-img/flask/files (master*) » cat requirements.txt
Click==8.1.7
Flask==3.0.0
itsdangerous==2.1.2
Jinja2==3.1.2
MarkupSafe==2.1.3
Werkzeug==3.0.0
requests==2.31.0

File `main.py`

#!/usr/bin/python3
# -*- coding: utf8 -*-

'''
author         GordonWei
date           10/15/2023
comment        Test Flask Website
'''

'''
Just test
'''

from flask import Flask, request, render_template
import flask, json

app = flask.Flask(__name__)
#app.config["DEBUG"] = True

commit = []

@app.route('/', methods=['GET'])
def home():
  return "<h1>Nothing, Just A Index!</h1>"

app.run(host='0.0.0.0', port='8008')

Build

docker build -t <your-img-name:tag> .

Demo

~/demo/docker-img/flask (master*) » docker build -t flask-demo:0.4 .
[+] Building 8.8s (9/9) FINISHED                                                                           docker:desktop-linux
 => [internal] load .dockerignore                                                                                          0.0s
 => => transferring context: 2B                                                                                            0.0s
 => [internal] load build definition from dockerfile                                                                       0.0s
 => => transferring dockerfile: 148B                                                                                       0.0s
 => [internal] load metadata for docker.io/library/python:alpine3.18                                                       0.0s
 => [1/4] FROM docker.io/library/python:alpine3.18                                                                         0.0s
 => [internal] load build context                                                                                          0.0s
 => => transferring context: 1.97kB                                                                                        0.0s
 => [2/4] WORKDIR /api                                                                                                     0.0s
 => [3/4] ADD ./files/ /api                                                                                                0.0s
 => [4/4] RUN pip install -r requirements.txt                                                                              8.6s
 => exporting to image                                                                                                     0.1s
 => => exporting layers                                                                                                    0.1s
 => => writing image sha256:e457f32666126e35eaca9bbe4aa55accc591a2ebfec2386203889262cbdce9cf                               0.0s
 => => naming to docker.io/library/flask-demo:0.4                                                                          0.0s

What's Next?
  View a summary of image vulnerabilities and recommendations → docker scout quickview

Verify

~/demo/docker-img/flask (master*) » docker images | grep flask-demo
flask-demo                                              0.4               e457f3266612   About a minute ago   76.6MB
flask-demo                                              0.3               50d74e0a22b0   2 days ago           76.6MB

Try Run

~/demo/docker-img/flask (master*) » docker run -idt -p 80:8008 flask-demo:0.4
3d886093528c70d7aed6c037674f059d83260b60a689ba633c342a162f430380

Screenshot

[AWS] How To Install Cloud Watch Agent To EC2 Linux With SSM

ChungWei Wei — Fri, 06 Oct 2023 12:18:11 +0000

Before Start

Part of AWS

Create new `Role` for EC2 or attach new policy to exist `Role`

### The Role Must Have
- ### CloudWatchAgentServerPolicy
- ### AmazonSSMManagedInstanceCore
- ### inline policy ssm:putparameter (if you want store your conf to Parameter Store)

Part of VM

Install `Collectd` if system don't have

apt update && apt install collectd -y

Install Cloud Watch Agent

In SSM console, choice `Run Command`

Select `AWS-ConfigureAWSPackage`

Setting like ref pic

Choice instance you need install's EC2

Then click `Run`

Setting Cloud Watch Agent Conf

Log into VM, run wizard command

/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard

Setting screen looks like these

================================================================
= Welcome to the Amazon CloudWatch Agent Configuration Manager =
=                                                              =
= CloudWatch Agent allows you to collect metrics and logs from =
= your host and send them to CloudWatch. Additional CloudWatch =
= charges may apply.                                           =
================================================================
On which OS are you planning to use the agent?
1. linux
2. windows
3. darwin
default choice: [1]:

Trying to fetch the default region based on ec2 metadata...
Are you using EC2 or On-Premises hosts?
1. EC2
2. On-Premises
default choice: [1]:

Which user are you planning to run the agent?
1. root
2. cwagent
3. others
default choice: [1]:

Do you want to turn on StatsD daemon?
1. yes
2. no
default choice: [1]:

Which port do you want StatsD daemon to listen to?
default choice: [8125]

What is the collect interval for StatsD daemon?
1. 10s
2. 30s
3. 60s
default choice: [1]:

What is the aggregation interval for metrics collected by StatsD daemon?
1. Do not aggregate
2. 10s
3. 30s
4. 60s
default choice: [4]:

Do you want to monitor metrics from CollectD? WARNING: CollectD must be installed or the Agent will fail to start
1. yes
2. no
default choice: [1]:

Do you want to monitor any host metrics? e.g. CPU, memory, etc.
1. yes
2. no
default choice: [1]:

Do you want to monitor cpu metrics per core?
1. yes
2. no
default choice: [1]:

Do you want to add ec2 dimensions (ImageId, InstanceId, InstanceType, AutoScalingGroupName) into all of your metrics if the info is available?
1. yes
2. no
default choice: [1]:

Do you want to aggregate ec2 dimensions (InstanceId)?
1. yes
2. no
default choice: [1]:

Would you like to collect your metrics at high resolution (sub-minute resolution)? This enables sub-minute resolution for all metrics, but you can customize for specific metrics in the output json file.
1. 1s
2. 10s
3. 30s
4. 60s
default choice: [4]:

Which default metrics config do you want?
1. Basic
2. Standard
3. Advanced
4. None
default choice: [1]:
2
Current config as follows:
{
    "agent": {
        "metrics_collection_interval": 60,
        "run_as_user": "root"
    },
    "metrics": {
        "aggregation_dimensions": [
            [
                "InstanceId"
            ]
        ],
        "append_dimensions": {
            "AutoScalingGroupName": "${aws:AutoScalingGroupName}",
            "ImageId": "${aws:ImageId}",
            "InstanceId": "${aws:InstanceId}",
            "InstanceType": "${aws:InstanceType}"
        },
        "metrics_collected": {
            "collectd": {
                "metrics_aggregation_interval": 60
            },
            "cpu": {
                "measurement": [
                    "cpu_usage_idle",
                    "cpu_usage_iowait",
                    "cpu_usage_user",
                    "cpu_usage_system"
                ],
                "metrics_collection_interval": 60,
                "resources": [
                    "*"
                ],
                "totalcpu": false
            },
            "disk": {
                "measurement": [
                    "used_percent",
                    "inodes_free"
                ],
                "metrics_collection_interval": 60,
                "resources": [
                    "*"
                ]
            },
            "diskio": {
                "measurement": [
                    "io_time"
                ],
                "metrics_collection_interval": 60,
                "resources": [
                    "*"
                ]
            },
            "mem": {
                "measurement": [
                    "mem_used_percent"
                ],
                "metrics_collection_interval": 60
            },
            "statsd": {
                "metrics_aggregation_interval": 60,
                "metrics_collection_interval": 10,
                "service_address": ":8125"
            },
            "swap": {
                "measurement": [
                    "swap_used_percent"
                ],
                "metrics_collection_interval": 60
            }
        }
    }
}
Are you satisfied with the above config? Note: it can be manually customized after the wizard completes to add additional items.
1. yes
2. no
default choice: [1]:

Do you have any existing CloudWatch Log Agent (http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html) configuration file to import for migration?
1. yes
2. no
default choice: [2]:

Do you want to monitor any log files?
1. yes
2. no
default choice: [1]:
2
Saved config file to /opt/aws/amazon-cloudwatch-agent/bin/config.json successfully.
Current config as follows:
{
    "agent": {
        "metrics_collection_interval": 60,
        "run_as_user": "root"
    },
    "metrics": {
        "aggregation_dimensions": [
            [
                "InstanceId"
            ]
        ],
        "append_dimensions": {
            "AutoScalingGroupName": "${aws:AutoScalingGroupName}",
            "ImageId": "${aws:ImageId}",
            "InstanceId": "${aws:InstanceId}",
            "InstanceType": "${aws:InstanceType}"
        },
        "metrics_collected": {
            "collectd": {
                "metrics_aggregation_interval": 60
            },
            "cpu": {
                "measurement": [
                    "cpu_usage_idle",
                    "cpu_usage_iowait",
                    "cpu_usage_user",
                    "cpu_usage_system"
                ],
                "metrics_collection_interval": 60,
                "resources": [
                    "*"
                ],
                "totalcpu": false
            },
            "disk": {
                "measurement": [
                    "used_percent",
                    "inodes_free"
                ],
                "metrics_collection_interval": 60,
                "resources": [
                    "*"
                ]
            },
            "diskio": {
                "measurement": [
                    "io_time"
                ],
                "metrics_collection_interval": 60,
                "resources": [
                    "*"
                ]
            },
            "mem": {
                "measurement": [
                    "mem_used_percent"
                ],
                "metrics_collection_interval": 60
            },
            "statsd": {
                "metrics_aggregation_interval": 60,
                "metrics_collection_interval": 10,
                "service_address": ":8125"
            },
            "swap": {
                "measurement": [
                    "swap_used_percent"
                ],
                "metrics_collection_interval": 60
            }
        }
    }
}
Please check the above content of the config.
The config file is also located at /opt/aws/amazon-cloudwatch-agent/bin/config.json.
Edit it manually if needed.
Do you want to store the config in the SSM parameter store?
1. yes
2. no
default choice: [1]:

What parameter store name do you want to use to store your config? (Use 'AmazonCloudWatch-' prefix if you use our managed AWS policy)
default choice: [AmazonCloudWatch-linux]

Trying to fetch the default region based on ec2 metadata...
Which region do you want to store the config in the parameter store?
default choice: [us-east-1]

Which AWS credential should be used to send json config to parameter store?
1. 12312312321312312(From SDK)
2. Other
default choice: [1]:

Successfully put config to parameter store AmazonCloudWatch-linux.
Program exits now.

Restart Cloud Watch Agent from SSM

Then click `Run`, and wait to success

Go To Cloud Watch dashboard verify

[Linux] How To Stop Ubuntu 22.04 Sleep With Command

ChungWei Wei — Sun, 16 Apr 2023 15:23:17 +0000

Situation

Prevent Machine Sleep

How To

Check `sleep.target` Status

root@desktop:~# systemctl status sleep.target
○ sleep.target - Sleep
     Loaded: loaded (/lib/systemd/system/sleep.target; static)
     Active: inactive (dead) since Wed 2023-03-29 00:02:04 CST; 6min ago
       Docs: man:systemd.special(7)

Feb 03 10:00:50 desktop systemd[1]: Reached target Sleep.
Mar 29 00:02:04 desktop systemd[1]: Stopped target Sleep.

Set `mask` In `sleep.target`,`suspend.target`, `hibernate.target` And `hybrid-sleep.target`

root@desktop:~# systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
Created symlink /etc/systemd/system/sleep.target → /dev/null.
Created symlink /etc/systemd/system/suspend.target → /dev/null.
Created symlink /etc/systemd/system/hibernate.target → /dev/null.
Created symlink /etc/systemd/system/hybrid-sleep.target → /dev/null.
root@desktop:~# systemctl status sleep.target
○ sleep.target
     Loaded: masked (Reason: Unit sleep.target is masked.)
     Active: inactive (dead) since Wed 2023-03-29 00:02:04 CST; 8min ago

Feb 03 10:00:50 desktop systemd[1]: Reached target Sleep.
Mar 29 00:02:04 desktop systemd[1]: Stopped target Sleep.

Done

[AWS] How To Query CloudWatch Logs Using Amazon Athena

ChungWei Wei — Mon, 03 Apr 2023 19:23:14 +0000

DEV Community: ChungWei Wei

[Public Speech] 2024 Community Days Public Speech

Record For My Public Speech Everytimes

[AWS] How To Transfer S3 To Another Account S3 Bucket

Situation

Need Transfer S3 Object To Another Account's S3 Bucket

How To

Part Account A (Source Account) Step 1

In IAM Service Create New Role For DataSync

After Created Role, Add Custom Policy, Change "arn:aws:s3:::<destination-bucket-name> & "arn:aws:s3:::<destination-bucket-name>/*"

Part Of Account B (Destination Account) Step 2

Create S3 Bucket For Destination, And Add Bucket Policy Source Account Role Name

Bucket Policy

Part Account A (Source Account) Step 3

Change Custom Policy And Create DataSync Location

Source Account Location

Create Destination Location

After Create, You Can See Location Have Two Hosts

Part Account A (Source Account) Step 4

Then Create Tasks, Run That

Part Of Account B (Destination Account) Step 5

Verify Sync After Finished

Ref Doc URL

[Git] Git Push Get Hung Up Error

Situation

When Run git push , The Log Show fatal: the remote end hung up unexpectedly

How To

Add Git Config And Re-Push Again

Root Cause

The Git http.postBuffer Default Is 1 MiB, So Need Change Config

[AWS] How To Get Parameter Store From EC2 UserData

Situation

Get Parameter Store When EC2 Launch New Instance

How To

Add Parameter Store

Add Role Policy Into IAM Instance Profile

create new policy get-demo-parameter and attach to iam instance profile

Launch New VM Instance And Add UserData

User Data Script

After Boot Finished

Debug From Cloud-Init Log

[AWS] How To Connect Site To Site VPN With EdgeRouter X

Environment

Cloud

On-Premise

Enter Name tag, GP ASN, Certificate ARN

Enter The Name, And Choice ASN

Attach VPC

Create Static Route Table

Create VPN Connect

Enter, Choice VPN Tunnel Information

Enter Tunnel Options

After Create Then Wait

Download Conf If Needed

Part of Edge Router X

Wait To Tunnel Up

Verify

[AWS] How To Create Site To Site From EdgeRouter X With AWS

Environment

Cloud

On-Premise

Enter Name tag, GP ASN, Certificate ARN

Enter The Name, And Choice ASN

Attach VPC

Setting Route Table

Create Static Route Table

Create Site to Site VPN Connect

Create VPN Connect

Enter, Choice VPN Tunnel Information

Enter Tunnel Options

After Create Then Wait

Download Conf If Needed

Part of Edge Router X

Wait To Tunnel Up

Verify

[AWS] How To Add Basic Auth With Amazon CloudFront

Situation

Want Set Basic Auth With AWS CloudFront

How To

Architecture

After Created Role, Add Custom Policy, Change `"arn:aws:s3:::<destination-bucket-name>` & `"arn:aws:s3:::<destination-bucket-name>/*"`

When Run `git push` , The Log Show `fatal: the remote end hung up unexpectedly`

The Git `http.postBuffer` Default Is 1 MiB, So Need Change Config

Add Role Policy Into `IAM Instance Profile`

create new policy `get-demo-parameter` and attach to `iam instance profile`

On Function Associations, Choice Viewer request Setting `CloudFront Functions` And Select `Function Name`

這次準備的內容為 `GCP Certified - Professional Cloud Network Engineer` 的認證

File `dockerfile`

File `requirements.txt`

File `main.py`

Create new `Role` for EC2 or attach new policy to exist `Role`

Install `Collectd` if system don't have

In SSM console, choice `Run Command`

Select `AWS-ConfigureAWSPackage`

Then click `Run`

Then click `Run`, and wait to success

Check `sleep.target` Status

Set `mask` In `sleep.target`,`suspend.target`, `hibernate.target` And `hybrid-sleep.target`

In Application Settings, Enter Your `Bucket Name` To SpillBucket, Then Click Deploy