aws – Say When..

AWS IAM +1 to partayyyy

December 21, 2025 by EarpMoonWater, posted in aws, terraform

logged into AWS
- aws configure
Created 4 tf files
- main
- variables
- output
- tfvars

main.tf
provider "aws" {
  region = var.aws_region
}

# Create IAM user
resource "aws_iam_user" "example_user" {
  name = var.user_name
}

# Attach policy to the user
resource "aws_iam_user_policy_attachment" "example_user_policy" {
  user       = aws_iam_user.example_user.name
  policy_arn = var.policy_arn
}

# Create access keys for the user
resource "aws_iam_access_key" "example_user_key" {
  user = aws_iam_user.example_user.name
}

output.tf
output "iam_user_name" {
  value = aws_iam_user.example_user.name
}

output "access_key_id" {
  value = aws_iam_access_key.example_user_key.id
}

output "secret_access_key" {
  value     = aws_iam_access_key.example_user_key.secret
  sensitive = true
}

variables.tf
variable "aws_region" {
  description = "AWS region"
  type        = string
  default     = "us-east-1"
}

variable "user_name" {
  description = "IAM username"
  type        = string
  default     = "example-user"
}

variable "policy_arn" {
  description = "IAM policy ARN to attach"
  type        = string
  default     = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
}

terrform.tfvars
aws_region = "us-east-1"
user_name  = "terraform-user"
policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"

terraform fmt
terraform init
terraform plan
terraform apply

Lambda Magic for RDS

November 22, 2025November 22, 2025 by EarpMoonWater, posted in aws, terraform

Steps below to create:

To stop an RDS instance every 7 days using AWS Lambda and Terraform, below are the following concepts followed:

Explanation:

aws_iam_role.rds_stop_lambda_role and aws_iam_role_policy.rds_stop_lambda_policy: These define the necessary permissions for the Lambda function to interact with RDS and CloudWatch Logs.
aws_lambda_function.rds_stop_lambda: This resource defines the Lambda function itself, including its runtime, handler, associated IAM role, and the zipped code. It also passes the RDS_INSTANCE_IDENTIFIER and REGION as environment variables for the Python script.
aws_cloudwatch_event_rule.rds_stop_schedule: This creates a scheduled EventBridge rule using a cron expression. cron(0 0 ? * SUN *) schedules the execution for every Sunday at 00:00 UTC. Adjust this cron expression as needed for your desired 7-day interval and time.
aws_cloudwatch_event_target.rds_stop_target: This links the EventBridge rule to the Lambda function, ensuring the function is invoked when the schedule is met.
aws_lambda_permission.allow_cloudwatch_to_call_lambda: This grants EventBridge the explicit permission to invoke the Lambda function.
Lambda Function: A Python-based Lambda function that uses the AWS SDK (boto3) to stop the specified RDS instance(s).

Step 1
- IAM Role for Lambda: An IAM role that grants the Lambda function permissions to stop RDS instances.
Step 2
- Lambda Function: A Python-based Lambda function that uses the AWS SDK (boto3) to stop the specified RDS instance(s).
Step 3
- EventBridge Rule (CloudWatch Event Rule): A scheduled EventBridge rule that triggers the Lambda function every 7 days using a cron expression.
Step 4
- To deploy:
  - Save the Terraform code in .tf files and the Python code as lambda_function.py.
  - Zip the Python file into lambda_function.zip.
  - Initialize Terraform: terraform init
  - Plan the deployment: terraform plan
    - Apply the changes: terraform apply
Main.tf

# Define an IAM role for the Lambda function
resource "aws_iam_role" "rds_stop_lambda_role" {
  name = "rds-stop-lambda-role"

  assume_role_policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Action = "sts:AssumeRole",
        Effect = "Allow",
        Principal = {
          Service = "lambda.amazonaws.com"
        }
      }
    ]
  })
}

# Attach a policy to the role allowing RDS stop actions and CloudWatch Logs
resource "aws_iam_role_policy" "rds_stop_lambda_policy" {
  name = "rds-stop-lambda-policy"
  role = aws_iam_role.rds_stop_lambda_role.id

  policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Effect = "Allow",
        Action = [
          "rds:StopDBInstance",
          "rds:DescribeDBInstances"
        ],
        Resource = "*" # Restrict this to specific RDS instances if needed
      },
      {
        Effect = "Allow",
        Action = [
          "logs:CreateLogGroup",
          "logs:CreateLogStream",
          "logs:PutLogEvents"
        ],
        Resource = "arn:aws:logs:*:*:*"
      }
    ]
  })
}

# Create the Lambda function
resource "aws_lambda_function" "rds_stop_lambda" {
  function_name = "rds-stop-every-7-days"
  handler       = "lambda_function.lambda_handler"
  runtime       = "python3.9"
  role          = aws_iam_role.rds_stop_lambda_role.arn
  timeout       = 60

  # Replace with the path to your zipped Lambda code
  filename         = "lambda_function.zip"
  source_code_hash = filebase64sha256("lambda_function.zip")

  environment {
    variables = {
      RDS_INSTANCE_IDENTIFIER = "my-rds-instance" # Replace with your RDS instance identifier
      REGION                  = "us-east-1"       # Replace with your AWS region
    }
  }
}

# Create an EventBridge (CloudWatch Event) rule to trigger the Lambda
resource "aws_cloudwatch_event_rule" "rds_stop_schedule" {
  name                = "rds-stop-every-7-days-schedule"
  schedule_expression = "cron(0 0 ? * SUN *)" # Every Sunday at 00:00 UTC
}

# Add the Lambda function as a target for the EventBridge rule
resource "aws_cloudwatch_event_target" "rds_stop_target" {
  rule      = aws_cloudwatch_event_rule.rds_stop_schedule.name
  target_id = "rds-stop-lambda-target"
  arn       = aws_lambda_function.rds_stop_lambda.arn
}

# Grant EventBridge permission to invoke the Lambda function
resource "aws_lambda_permission" "allow_cloudwatch_to_call_lambda" {
  statement_id  = "AllowExecutionFromCloudWatch"
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.rds_stop_lambda.function_name
  principal     = "events.amazonaws.com"
  source_arn    = aws_cloudwatch_event_rule.rds_stop_schedule.arn
}

lambda_function.py (Python code for the Lambda function):

import boto3
import os

def lambda_handler(event, context):
    rds_instance_identifier = os.environ.get('RDS_INSTANCE_IDENTIFIER')
    region = os.environ.get('REGION')

    if not rds_instance_identifier or not region:
        print("Error: RDS_INSTANCE_IDENTIFIER or REGION environment variables are not set.")
        return {
            'statusCode': 400,
            'body': 'Missing environment variables.'
        }

    rds_client = boto3.client('rds', region_name=region)

    try:
        response = rds_client.stop_db_instance(
            DBInstanceIdentifier=rds_instance_identifier
        )
        print(f"Successfully initiated stop for RDS instance: {rds_instance_identifier}")
        return {
            'statusCode': 200,
            'body': f"Stopping RDS instance: {rds_instance_identifier}"
        }
    except Exception as e:
        print(f"Error stopping RDS instance {rds_instance_identifier}: {e}")
        return {
            'statusCode': 500,
            'body': f"Error stopping RDS instance: {e}"
        }

Zipping the Lambda Code:

zip lambda_function.zip lambda_function.py

TF + EKS = Deployed Yo!

January 9, 2025January 9, 2025 by EarpMoonWater, posted in aws, terraform

Goal:

Look man, I just wanna set up a tin EKS cluster w/a couple nodes using Terraform.

Lessons Learned:

Configure AWS CLI
Deploy EKS Cluster
Deploy NGINX Pods
Destroy!!!

Configure AWS CLI:

Use Access & Secret Access Key:

Change Directory:

Review TF Configuration Files:

Deploy EKS Cluster:

Terraform init, plan, & apply:

Kubectl to chat w/yo EKS cluster:

Check to see your cluster is up & moving:

Deploy NGINX Pods:

Deploy to EKS Cluster:

Check again if your cluster is up… & MOVINGG!:

Destroy!!

Kubernetes Clusters w/EKS is Kewl as (S)hell!

January 8, 2025 by EarpMoonWater, posted in aws

Goal:

Shells are da bomb right? Just like in Mario Kart! Cloud Shell can be dope too in creating a Kubernetes cluster using EKS, lets party Mario.

Lessons Learned:

Create an EKS cluster in a Region
Deploy a Application to Mimic the Application
Use DNS name of Load Balancer to Test the Cluster

AWS Stuff:

Create user w/admin access for CLI, & download access keys:

Create EC2:

Create an EKS cluster in a Region:

Download AWS CLI v2, kubectl, ekcctl, & move directory files:

Create the cluster, connect, & verify running eksctl:

Deploy a Application to Mimic the Application

Run thru some kubectl applys to yaml files & test to see those pods running:

Use DNS name of Load Balancer to Test the Cluster:

Now curl the load balancer DNS name…walllll-ahhhhh

Deploy Nodes w/Terraform in Kubernetes

January 8, 2025 by EarpMoonWater, posted in aws, terraform

Goal:

Kubernetes is up & running!? Sick! Buuuuuuuuuuuuuuuuuuut, I wanna make some changes – so Imma use Terraform. W/out further a-due… lets get these nodes deployed!

Lessons Learned:

Initially set up a cluster using kubectl
Deployed NGINX nodes using Terraform
As an admin I deployed a NodePort to Kubernetes clstuer w/NGINX Nodes
Used Terraform to deploy NodePort & scale NGINX nodes
….DESTROY video boy (…..what is Benchwarmers..)

Initially set up a cluster using kubectl:

Set up the goodies:

Check to see cluster is created & get SSL info for server IP address:

Edit Variables file:

Deployed NGINX nodes using Terraform:

Terraform init & apply:

As an admin I deployed a NodePort to Kubernetes clstuer w/NGINX Nodes:

Get the TF config file:

Used Terraform to deploy NodePort & scale NGINX nodes:

Vim lab_kubernetes_service.tf:

vim lab_kubernetes_resources.tf:

….DESTROY video boy (…..what is Benchwarmers..):

Terraform Destroy
kind delete cluster –name lab-terraform-kubernetes

Deep Pass of Secret’s to Kubernetes Container

January 7, 2025January 7, 2025 by EarpMoonWater, posted in aws, docker

Goal:

Kubernetes is dope for data bro! Watch how we send configuration data from containers to applications that were stored in secrets & ConfigMaps.

Lessons Learned:

Created password file & store it in ….. secrets..
Create the Nginx Pod

Created password file & store it in ….. secrets:

Generate a file for the secret password file & data:

Create the Nginx Pod:

Vi pod.yml:

Kubectl exec — curl -u user: <PASSWORD> <IP_ADDRESS>:

Be Like 2 Kubernetes in a Pod

January 7, 2025 by EarpMoonWater, posted in aws

Goal:

Alright alright alright…. lets create a lil baby pod & eventually create an entire Kubernetes application!!

Lessons Learned:

Create YAML file w/the pod details for the nginx pod
Create the pod…just do it!

Create YAML file w/the pod details for the nginx pod:

SSH!!

Vi Nginx.yaml:

Create the pod…just do it!

Kubectl create -f ~/nginx.yml:

Create the pod bro

kubectl get pods -n web:

Double check the pod is created dude

kubectl describe pod nginx -n web:

Looooook at daaa deeeeetaillllllllzzzuhhh

Falco to Detect Threats on Containers in Kubernetes!

December 13, 2024 by EarpMoonWater, posted in aws, docker

Goal:

Falco Lombardi is… ahem.. Falco is able to detect any shady stuff going on in your Kubernetes environment in no time.

Lessons Learned:

Create a Falco Rules File to Scan the Container
Run Falco to Obtain a Report of ALL the Activity

Create a Falco Rules File to Scan the Container

SSH:

Vi nginx-rules.yml:

Create rule to scan container, basically this scripts rule will:
- Rule:
  - Detects if a new container is created
- Desc:
  - Says just that…
- Condition:
  - Looking for new process w/an event type to detect if changes occur w/in the container nginx
- Output:
  - How the event is posted once complete

Run Falco to Obtain a Report of ALL the Activity:

Sudo falco -r nginx-rules.yml -M – 45

Run Falco for up to a minute & see if anything is detected
- -r = rule
- -M = time

Sudo falco -r nginx-rules.yml -M – 45 > falco-report.log:

Prometheus 2 the movie, Featuring Kubernetes & Grafana

November 27, 2024 by EarpMoonWater, posted in aws

Goal:

Imma monitor a CI/CD pipeline w/3 tools, wanna see if we use Prometheus to synthesize the data & Grafana to display the data? Our goal is get some insight on performance dawg!

Lessons Learned: