brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-12 06:54:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(aws): encrypt and decrypt with kms

Browse Source
This commit is contained in:
Michele Cereda
2024-07-17 18:33:10 +02:00
parent fe01ee4b08
commit d680e0c975
4 changed files with 49 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
knowledge base/cloud computing/aws/README.md
View File

@@ -351,6 +351,7 @@ Examples:
- [Rotating AWS KMS keys]
- [Image baking in AWS using Packer and Image builder]
- [Avoid the 60 minutes timeout when using the AWS CLI with IAM roles]
- [Using AWS KMS via the CLI with a Symmetric Key]
<!--
Reference
@@ -419,4 +420,5 @@ Examples:
[date & time policy conditions at aws - 1-minute iam lesson]: https://www.youtube.com/watch?v=4wpKP1HLEXg
[image baking in aws using packer and image builder]: https://dev.to/santhoshnimmala/image-baking-in-aws-using-packer-and-image-builder-1ed3
[introduction to aws iam assumerole]: https://aws.plainenglish.io/introduction-to-aws-iam-assumerole-fbef3ce8e90b
[using aws kms via the cli with a symmetric key]: https://nsmith.net/aws-kms-cli
[you might be clueless as to why aws assume role isn't working, despite being correctly set up]: https://medium.com/@kamal.maiti/you-might-be-clueless-as-to-why-aws-assume-role-isnt-working-despite-being-correctly-set-up-1b3138519c07

20
knowledge base/cloud computing/aws/cli.md
View File

@@ -108,6 +108,21 @@ aws iam detach-user-policy --user-name 'me-user' \
aws iam delete-user-policy --user-name 'me-user' --policy-name 'user-ro-access-bucket'
# Create new symmetric keys.
aws kms create-key
# Encrypt text.
aws kms encrypt --key-id '01234567-89ab-cdef-0123-456789abcdef' --plaintext 'My Test String'
aws kms encrypt --key-id '01234567-89ab-cdef-0123-456789abcdef' --plaintext 'My Test String' \
--query 'CiphertextBlob' --output 'text' \
| base64 --decode > 'ciphertext.dat'
# Decrypt files.
aws kms decrypt --ciphertext-blob 'fileb://ciphertext.dat'
aws kms decrypt --ciphertext-blob 'fileb://ciphertext.dat' --query 'Plaintext' --output 'text' \
| base64 --decode
# List hosted zones.
aws route53 list-hosted-zones
@@ -265,9 +280,11 @@ Solutions:
- [Improved CLI auto-prompt mode]
- [Install the Session Manager plugin for the AWS CLI]
- [Use an IAM role in the AWS CLI]
- [Using AWS KMS via the CLI with a Symmetric Key]
<!--
References
Reference
═╬═Time══
-->
<!-- Knowledge base -->
@@ -290,3 +307,4 @@ Solutions:
[install the session manager plugin for the aws cli]: https://docs.aws.amazon.com/systems-manager/latest/userguide/install-plugin-macos-overview.html#install-plugin-macos-signed
[quickstart]: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html
[use an iam role in the aws cli]: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html
[using aws kms via the cli with a symmetric key]: https://nsmith.net/aws-kms-cli

9
knowledge base/cloud computing/aws/ebs.md
View File

@@ -21,6 +21,11 @@ aws ec2 describe-volumes --output 'text' --filters 'Name=status,Values=available
</details>
Volumes can have their size **increased**, but **not** reduced.<br/>
After increase, the filesystem **must** be [extended][Extend the file system after resizing an EBS volume] to take
advantage of the change in size.<br/>
Apparently, Linux machines are able to do that automatically with a reboot.
## Snapshots
When created, snapshots are **incremental**.<br/>
@@ -45,6 +50,7 @@ take **up to 72h**.
- [Archive Amazon EBS snapshots]
- [Automate snapshot lifecycles]
- [Choose the best Amazon EBS volume type for your self-managed database deployment]
- [Extend the file system after resizing an EBS volume]
### Sources
@@ -52,6 +58,7 @@ take **up to 72h**.
- [Delete Unused AWS EBS Volumes]
- [`describe-volumes`][describe-volumes]
- [`delete-volume`][delete-volume]
- [How do I increase or decrease the size of my EBS volume?]
<!--
Reference
@@ -70,6 +77,8 @@ take **up to 72h**.
[delete-volume]: https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-volume.html
[describe-volumes]: https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-volumes.html
[documentation]: https://docs.aws.amazon.com/ebs/
[extend the file system after resizing an ebs volume]: https://docs.aws.amazon.com/ebs/latest/userguide/recognize-expanded-volume-linux.html
[how do i increase or decrease the size of my ebs volume?]: https://repost.aws/knowledge-center/ebs-increase-decrease-volume-size
[what is block storage?]: https://aws.amazon.com/what-is/block-storage/
<!-- Others -->