brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(gitlab): install gitlab's omnibus package in a ec2 instance

Browse Source
This commit is contained in:
Michele Cereda
2024-04-21 00:47:47 +02:00
parent a43eb84589
commit 20b718532b
7 changed files with 103 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
knowledge base/cloud computing/aws/ec2.md
View File

@@ -29,8 +29,13 @@ aws ec2 describe-instances --output text \
'Name=instance-state-name,Values=running' \
| xargs -ot aws ssm start-session --target
# Describe images by ID.
# Show images details.
aws ec2 describe-images --image-ids 'ami-8b8c57f8'
aws ec2 describe-images --filters \
'Name=name,Values=["al2023-ami-*"]' \
'Name=owner-alias,Values=["amazon"]' \
'Name=architecture,Values=["arm64","x86_64"]' \
'Name=block-device-mapping.volume-type,Values=["gp3"]'
```
</details>
@@ -48,6 +53,8 @@ See [EBS].
### Sources
- [Using instance profiles]
- [DescribeImages] API
- [`describe-images`][describe-images] CLI subcommand
<!--
References
@@ -60,6 +67,8 @@ See [EBS].
<!-- Files -->
<!-- Upstream -->
[describe-images]: https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html
[describeimages]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html
[using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
<!-- Others -->

36
knowledge base/cloud computing/aws/ssm.md
View File

@@ -8,10 +8,30 @@
## TL;DR
<details>
<summary>Requirements</summary>
- The IAM instance profile must have the correct permissions.<br/>
FIXME: specify.
- One's instance's security group and VPC must allow HTTPS outbound traffic on port 443 to the Systems Manager's
endpoints:
- `ssm.eu-west-1.amazonaws.com`
- `ec2messages.eu-west-1.amazonaws.com`
- `ssmmessages.eu-west-1.amazonaws.com`
If the VPC does not have internet access, one must have enabled VPC endpoints to allow that outbound traffic from the
instance.
- Also see <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-with-ec2-instance-connect-endpoint.html>
</details>
<details>
<summary>Usage</summary>
```sh
# Get connection statuses.
aws ssm get-connection-status --target 'instance-id'
# Start sessions.
aws ssm start-session --target 'instance-id'
@@ -23,14 +43,23 @@ aws ssm start-session \
```
</details>
<details>
<summary>Real world use cases</summary>
```sh
# Connect to instances if they are available.
instance_id='i-08fc83ad07487d72f' \
&& eval $(aws ssm get-connection-status --target "$instance_id" --query "Status=='connected'" --output text) \
&& aws ssm start-session --target "$instance_id" \
|| (echo "instance ${instance_id} not available" >&2 && false)
```
</details>
## Gotchas
- SSM starts shell sessions under `/usr/bin` ([source][how can i change the session manager shell to bash on ec2 linux instances?]):
- SSM starts shell sessions under `/usr/bin`
([source][how can i change the session manager shell to bash on ec2 linux instances?]):
> **Other shell profile configuration options**<br/>
> By default, Session Manager starts in the "/usr/bin" directory.
@@ -38,7 +67,8 @@ aws ssm start-session \
## Integrate with Ansible
Create a dynamic inventory named `aws_ec2.yml`.<br/>
It needs to be named like that to be found by the ['community.aws.aws_ssm' connection plugin][community.aws.aws_ssm connection].
It needs to be named like that to be found by the
['community.aws.aws_ssm' connection plugin][community.aws.aws_ssm connection].
```yml
# File: 'aws_ec2.yml'.