Viewing posts tagged AWS

Kubernetes : Django, Redis, Frontend, Nginx (reverse proxy & ingress) setup on Bare Metal Server & CICD Guide

Follow Below Steps in sequence. FYI I have created EC2 on AWS.

  1. Create ubuntu 20 LTS instance. open 22, 80, 443 port.
  2. Enable net.bridge.bridge-nf-call-iptables
sudo su
cat > /etc/sysctl.d/20-bridge-nf.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
sysctl --system

     3. Install Docker...

Copy files from one AWS S3 bucket to another with public permission

Here is what you may looking for : 

AWS Cognito setup to work with AWS s3 identity based uploads

1. In AWS S3 console:
    Set CORS as below to your bucket.
<?xml version="1.0" encoding="UTF-8"?>
  <CORSConfiguration xmlns="">
2. In Cognito Console Set User Pool:
Manage User Pools > Custom settings > Name Pool "TestPool" > "sign themselves up?" only administrator > No verification (nor email nor phone) > App clients > Add an app client > "TestPoolApp" > check "generate client secret" > Note down pool id and ARN , App client id and app client secret.
3. In Cognito Console Set Federated Identities:
Click on "Federated Identities" > Name "Identity pool name" > In "Authentication providers" > "cognito" tab > Set details of prev step. > "Custom" tab set developer name. > Create > Edit your `Auth_Role` > Set following:
"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Action": [
"Resource": [
"Effect": "Allow",
"Action": [
"Resource": [
Note : With this user can upload files to only directory key named with its identity id.

4. Get ARN of above auth rule and also Note down identity pool id.

Now you can create api that can return identity id and token so client sdk can upload to s3 directly.

AWS Code Deploy and Pipeline with github integration guide

1. In your EC2 instance ( Ubuntu 16.04 ):
sudo apt-get update
sudo apt-get install python-pip ruby wget
cd /home/ubuntu
wget https://aws-codedeploy-<<bucket-region>>
chmod +x ./install
sudo ./install auto
sudo service codedeploy-agent start
sudo systemctl enable codedeploy-agent
2. Create Tag in your EC2.
Select Instance > Tags tab
3. IAM Roles
- Create role > From AWS Service Role > Select "AWS CodeDeploy" > Name it "codedeploy_service_role"
- Again Open that "codedeploy_service_role" and Attach policies > "AWSCodePipelineFullAccess"
4. IAM Policy
- Create Policy > "Create Your Own Policy" > Name it "CodeDeployEC2" >
"Version": "2012-10-17",
"Statement": [
"Action": [
"Effect": "Allow",
"Resource": "*"
- Save it.
5. IAM (For EC2)
- Create Role > From AWS Service Role > Select "Amazon EC2" > From policies search above and select it > Name it "EC2CodeDeployRole"
6. EC2
- Select Instance > Action > Instance Settings > Attach Replace IAM Roles > Select "EC2CodeDeployRole"
7. appspec.yml  file in your repo root

- This file contains your before deploy (ex git clone, pull) and after deploy (running db migrations, restart server) bash scripts locations. so create them. and push to your deploy branch.

8. Code Deploy console
- Select "Custom deployment" > Provide Application Name and group name > Select "In-place deployment" > Select your EC2 tag that created earlier > Select "OneAtTime" configuration > Select "codedeploy_service_role" in Service Role > Create.
9.  Code pipeline console
- Name it > Source Location > Github > Connect it (will need org permission) and you must be owner of repo > Select repo > deploy branch > In Build provider "No build" > In Deployment provider "AWS CodeDeploy" > Select app name and deploy group name created in prev step > In AWS Service Role "Create New Role" > Create Pipeline

Hope this step by step guide helps !!

AWS IPv6 address to Existing EC2 and VPC Guide

Apple now forcing app developers to upload IOS builds with backend apis having support of IPv6 only. So sooner or later you have to add support of ipv6. 

Here is guide to setup ipv6 in AWS having ubuntu instance.

1. Go to VPC console and select existing vpc:
Actions > Edit CIDRs > in block "VPC IPv6 CIDRs" Associate auto IPv6 CIDR Block > Update
2. Go to VPC console > Subnets > Select subnets one by one and do following for all or yours selected one:
Actions > Edit IPV6 CIDRs > Associate auto IPv6 CIDR Block > Update
Actions > Modify Auto Assign IP Settings > Check both ipv4 and ipv6

3. Go to VPC Console > Route Tables :