Jahith's Tech Sharing

Saturday, June 4, 2022

Enterprise Architecture framework will provide blueprint for an enterprise to use and create an architecture. It provides principles, practices, tools, and approaches that help enterprise to follow and improve their standard.

Enterprise architecture majorly contains four types

Business Architecture: This will take a lead role to defines the business strategy and governance to develop proper architecture to achieve organizational goal

Data Architecture: This is core for organizational data strategy. It defines organization infrastructure like how data can be collected, transferred, and stored securely

Application Architecture: This defines technology, pattern and systems can be used in applications and how each system can interact each other to achieve business goal. It will help us to created logical and physical architecture

Technology Architecture: This will be helpful for organization to define tools and technology which will be helpful to achieve business goals.

EA Frameworks

1. Zachman Framework

This is an enterprise ontology and is a fundamental structure for enterprise architecture which provides a formal and structured way of viewing and defining an enterprise.

This framework typically represented as a 6x6 matrix.

The rows of this framework on describing six perspectives interrogatives of What, how, where, who, when and why. The columns of the framework describes specific viewpoint of a group of stakeholders

More details https://www.zachman.com/

2.TOGAF (The Open Group Architectural Framework)

A generic framework for developing architecture to meet different business needs. This is Widley used framework. This framework can be applied large to small enterprise.

This standard enforce business goals as architecture drives and provide set of practices as follows

ADM (Architecture Development Method)

ADM Guidelines and Technique

Architecture Content.

Enterprise Continuum

Capability Framework

More details https://pubs.opengroup.org/architecture/togaf9-doc/arch/

To Install phpMyAdmin in EC2 Instance

Following steps will help to install phpMyAdmin in EC2 Amazon linux2 instance. Following commands, should be run in the same order after SSH into EC2 instance

1. yum update -y

2. sudo amazon-linux-extras install -y php8.0

3. sudo yum install -y httpd

4. sudo systemctl start httpd

5. sudo systemctl enable httpd

6. sudo systemctl is-enabled httpd

7. sudo usermod -a -G apache ec2-user

8. sudo chown -R apache:apache /var/www

9. sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} \;

10. find /var/www -type f -exec sudo chmod 0664 {} \;

11. sudo yum install php-mbstring php-xml -y

12. sudo systemctl restart httpd

13. sudo systemctl restart php-fpm

14. cd /var/www/html

15. wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.gz

15. mkdir MdaStageDbAdmin && tar -xvzf phpMyAdmin-latest-all-languages.tar.gz -C MdaStageDbAdmin --strip-components 1

17. mv config.sample.inc.php config.inc.php

18 blowfish_secret generate https://phpsolved.com/phpmyadmin-blowfish-secret-generator/

19. config file

20. $cfg['TempDir'] = '/tmp';

Thursday, June 2, 2022

Enterprise Architecture

What is enterprise architecture?

Enterprise architecture (EA) is a process that help organization to define the business processes and IT structure to meet their needs in current and future goals.

Who is enterprise?

Any organization that shares common set of goals that is government agencies, corporation and large organizations may comprise multiple enterprises.

What is the benefit of enterprise architecture?

·         EA helps organization set and achieve their goals in systematic way
·         Efficiently plan their business strategy and set the target more realistically
·         It will introduce consistence business process and information across business unit
·         It will introduce more efficient IT operation

Why enterprise architecture?

Enterprise architecture will bring all business unit together to operate with single business process with automated way. Identify technical and process gab between business units and implement to operate integrated way to achieve business goals. Enterprise architecture will identify and analyze current technology and utilize those technology to operate business more efficiently

Is Any process/framework being available to follow?

Yes. There are lot of frameworks are available. Widely used few frameworks are

1. TOGAF ( The open group architecture framework)
2. Zachman Framework

How will frameworks help for enterprise?

Framework will provide a starting point and provide a common terminology. Frameworks are captured and defined based on the real-world example, so it will give a lot of value add instead of inventing new.

Saturday, February 12, 2022

Changing Existing AWS instance meta data from IMDSv1 to IMDSv2

· What is instance meta data?

AWS proving an instance meta service to get the instance details like hostname, ip address etc.,

IMDSv1 will provide request/response method to get the instance metadata details.

If instance support IMDSv1 then we can use following url to get instance metadata

http://169.254.169.254/latest/meta-data/

IMDSv2 is session oriented means we need to create a session token with valid duration and use the session token to get instance metadata. Generated session token is valid until the duration mentioned in the first, so application can use the same token until it expires. Once after it expired need to generate a new token.

Following sample command will help us to get ami-id in single call

TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \

&& curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/ami-id

· How to update instance meta data?

To enable IMDSv2. We can use following command

aws ec2 modify-instance-metadata-options

--instance-id <<mention instance Id>>

--http-tokens required

--http-endpoint enabled

To change the PUT response hop limit

aws ec2 modify-instance-metadata-options

--instance-id <<mention instance id>>

--http-put-response-hop-limit 3

--http-endpoint enabled

To Check instance metadata option

aws ec2 describe-instances --instance-ids <<mention instance id>>

To turn off access to instance metadata

aws ec2 modify-instance-metadata-options

--instance-id <<mention instance id>>

--http-endpoint disabled

· How it impacts?

IMDSv2 will help us to overcome Server-Side Request Forgery (SSRF). We don’t have a major impact other than if we are this in our application call.

The MetadataNoToken CloudWatch metric tracks the number of calls to the instance metadata service that are using IMDSv1. By tracking this metric will help us to identify when to migrate.

For more details please refer

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

Monday, August 23, 2021

Amazon SES IP addresses

Sometimes we may need to know SES IP address to mark them as whitelisted.

SES will maintain set of ipaddress to send emails. To know what are all those IP address

We need to run the following command in any Linux command prompt

dig TXT amazonses.com +short| grep 'v=spf1'

Once we execute will get following output

v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 ip4:69.169.224.0/20 ip4:23.249.208.0/20 ip4:23.251.224.0/19 ip4:76.223.176.0/20 ip4:54.240.64.0/19 ip4:54.240.96.0/19 ip4:52.82.172.0/22 -all

These IP ranges are used to send email. This may change, it is better to add SPF record to whitelist otherwise we keep on checking if there is any change, we need to update our IP list

Windows we need to use following command

nslookup -type=TXT amazonses.com | find "v=spf1"

Allow access S3 bucket to specific VPC endpoint and Ip address

Even though you make it S3 bucket is private, if someone knows the access key, he can access S3 bucket form anywhere using access key

If you want to restrict access to only to corporate network is possible in two ways

1. Allow access to specific VPC end point, So that it will allow to access bucket once you part of specific VPC

2. Allow access to specific IP Address

The above options will give addition level of security.

Allowing access to specific VPC end point

To write S3 policy you use policy editor or Notepad.

Step 1: Change the relevant places in the following XML and copy

{

"Version": "2012-10-17",

"Id": "<<policy Name>>",

"Statement": [

{

"Sid": "<<Any id>>",

"Effect": "Deny",

"Principal": "*",

"Action": "s3:*",

"Resource": [

"arn:aws:s3:::<<bucket Name>>",

"arn:aws:s3:::<<bucket Name>>/*"

"Condition": {

"StringNotEquals": {

"aws:SourceVpce": "<<VPC ID>>"

}

]

}

Step 2: Go to the S3 bucket in which you want to restrict

Step 3: Go to the permission tab

Step 4: Past the copied policy in “Bucket policy” Section and save

Allowing access to specific IPS

{

"Version": "2012-10-17",

"Id": "<<Policy Id>>",

"Statement": [

{

"Sid": "<<Policy ID>>",

"Effect": "Deny",

"Principal": "*",

"Action": "s3:*",

"Resource": [

"arn:aws:s3:::<<Bucket Name>>",

"arn:aws:s3:::<<Bucket Name>>",/*"

"Condition": {

"NotIpAddress": {

"aws:SourceIp": [

<<multiple Ips with comma separate>>

]

}

]

}

Note: if anything goes wrong you will not have access to bucket, you can remove policy only via root user access. Please careful before you do the change

The table '/tmp/mysql/#sql_xxxxx' is full in MYSQL

The table '/tmp/mysql/#sql_xxxxx' is full

The above-mentioned error may occur few different scenario.

We faced this issue suddenly when we updated our database from 8.0.21 to 8.0.23, After that when run a large query sometimes we started facing issue this.

Following discussion thread helped us to resolve this issue

https://bugs.mysql.com/bug.php?id=99100

Look like it is bug,

Based on this discussion in the forum, we found a solution changing following parameter in MYSQL config helped us.

internal_tmp_mem_storage_engine=Memory;