To get the AWS Account ID of the currently running Lambda Function using Node.js use the code below.
exports.handler = async (event, context) => {
const awsAccountId = context.invokedFunctionArn.split(':')[4]
console.log(awsAccountId)
};To get the AWS Region where your Lambda Function is running we need to access the Environment Variable AWS_REGION.
To access the environment variable AWS_REGION using Node.js Lambda Function we can use process.env.AWS_REGION.
If you want to get the values of Environment Variables in AWS Lambda using Node.js runtime follow the instructions below.
To access the Environment Variables of Lambda Functions using Node.js or javascript simply use the code below.
const environmentVariable = process.env.ENVIRONMENT_VARIABLELet’s say that my environment variable has a name of DB_USER, I will use the code below to get its value.
If you have been using a Raspberry Pi, you might have encountered that the screen sleeps or turns off after some time when you do not use the mouse or keyboard.
The turning off of the display when there is no activity in Raspberry Pi is called Screen Blanking. By default this is enabled.
Screen Blanking or sleeping is good if you want to save power, but distracting (sometimes annoying) if you are doing something in the Raspberry Pi.
To turn this feature off you do not have to install xscreensaver, you only need to disable it in the Raspberry Pi Configuration.
Follow the steps below to disable screen sleeping of your Raspberry Pi.
Click on the Menu button on the upper right (Raspberry Pi Icon) >> Preferences >> Raspberry Pi Configuration.
The C: Drive or root volume in AWS Workspaces cannot be seen if you open File Explorer.
This post will show how you can access the C: Drive when it is not shown.
If you want the C: Drive to be shown permanently then reading my post about it here will help.
Below are three ways you can access the C: Drive.
To access C: Drive with Windows File Explorer, go to the address bar and enter C:. This will bring you to the C: Drive.
If you have been using AWS Workspaces then you might have noticed that the C: Drive cannot be seen when you open Windows File Explorer.
The reason why the C: Drive is hidden in Workspaces is because it is the root volume. Users are discouraged from storing files in the root volume because when you need to Rebuild a workspace any changes that you made in the C: Drive will be wiped out. Only the D: Drive or the User Volume will be restored to what its previous snapshot.
There are some use cases when you need to access the C: Drive. It might also be possible that you just want to have the C: Drive visible.
Follow the steps below to make the C: Drive visible in Windows File Explorer in your Amazon Workspaces.
Click on Search icon and type regedit. Then click on regedit.
As a Security Best Practice we should always require IAM Users to have Multi-Factor Authentication (MFA) enabled when accessing the AWS Console.
The problem is how do we require users to configure MFA?
The IAM policy below can be used to require users to enable their MFA. If they do not have MFA, all their permissions will be denied. This will make access to your AWS Account more secure.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowViewAccountInfo",
"Effect": "Allow",
"Action": [
"iam:ListUsers",
"iam:ListMFADevices",
"iam:GetAccountPasswordPolicy",
"iam:GetAccountSummary"
],
"Resource": "*"
},
{
"Sid": "AllowChangeOwnPasswordsOnFirstLogin",
"Effect": "Allow",
"Action": [
"iam:ChangePassword",
"iam:GetUser"
],
"Resource": "arn:aws:iam::*:user/${aws:username}"
},
{
"Sid": "AllowChangeOwnPasswordsAfterMFAEnabled",
"Effect": "Allow",
"Action": [
"iam:GetLoginProfile",
"iam:UpdateLoginProfile"
],
"Resource": "arn:aws:iam::*:user/${aws:username}"
},
{
"Sid": "AllowManageOwnVirtualMFADevice",
"Effect": "Allow",
"Action": [
"iam:CreateVirtualMFADevice",
"iam:DeleteVirtualMFADevice"
],
"Resource": "arn:aws:iam::*:mfa/${aws:username}"
},
{
"Sid": "AllowManageOwnUserMFA",
"Effect": "Allow",
"Action": [
"iam:DeactivateMFADevice",
"iam:EnableMFADevice",
"iam:ListMFADevices",
"iam:ResyncMFADevice"
],
"Resource": "arn:aws:iam::*:user/${aws:username}"
},
{
"Sid": "DenyAllExceptListedIfNoMFA",
"Effect": "Deny",
"NotAction": [
"iam:ListUsers",
"iam:ListMFADevices",
"iam:ChangePassword",
"iam:GetUser",
"iam:CreateVirtualMFADevice",
"iam:DeleteVirtualMFADevice",
"iam:DeactivateMFADevice",
"iam:EnableMFADevice",
"iam:ListMFADevices",
"iam:ResyncMFADevice"
],
"Resource": "*",
"Condition": {
"BoolIfExists": {
"aws:MultiFactorAuthPresent": "false"
}
}
}
],
"Id": "RadishLogic.com MFA Required IAM Policy"
}The name of my IAM Policy is MFA-Required, you may use whatever name you desire to use.
When writing a CloudFormation Template that needs to use the value of an Elastic IP to a file inside an EC2 Instance, you will most likely encounter a Circular dependency between resources error.
I encountered this when configuring OpenSwan IPSec VPN in CloudFormation.
You can try the CloudFormation template below to see the error above.
Parameters:
AmazonLinux2AMIID:
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Resources:
ElasticIP:
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
InstanceId: !Ref EC2Instance
EC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref AmazonLinux2AMIID
InstanceType: t2.micro
KeyName: !Ref KeyName
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -ex
echo "${ElasticIP}" >> /EIPAddress.txtThe ChefDK is a package that includes everything you need to start using Chef. You will need this if you want to develop using chef.
Since I always use Amazon Web Services (AWS) EC2, I tend to choose Amazon Linux 2 even for projects using Chef.
Below is a step-by-step tutorial on how to install ChefDK in an EC2 instance running Amazon Linux 2.
SSH to your Amazon Linux 2 EC2 Instance and run the command below.
curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -c current -P chefdkThis will install the latest version of ChefDK.
For production systems we should specify the specific version of ChefDK or else this will install the version. To do this we need to add the -v option in the end of the command.
Below is an example where we install ChefDK version 4.7.73.
curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -c current -P chefdk -v 4.7.73Next is to check if chef was installed properly. Go to the Verification section of this post.
Go to https://downloads.chef.io/chefdk.
You may select your desired version for ChefDK. Default is the latest stable version.
Copy the URL for the latest version of Red Hat Enterprise Linux.
Continue reading How to install ChefDK in Amazon Linux 2Group Policy Management Console is one of the tools needed to do Active Directory Administration, especially if you want to control what Amazon Workspaces can do.
This is the same program that is launched when you run the command gpmc.msc on Windows Run.
To install Group Policy Management in Amazon Workspaces Windows 10, follow the tutorial below.
Open Start Menu, then click Server Manager.
Click Add roles and features. The Add Roles and Features Wizard will be opened.
Continue reading How to Install Group Policy Management Tool in Amazon Workspaces Windows 10