Setting: You want to allow user to upload data to S3 bucket using amazon cli, but do not want this specific user to see what other buckets are there in you aws account.
Solution: This can be done by setting up a policy below.
If you also want to user to list all other buckets as well. Add the following additional statement to the statement section
Note: Replace “bucket-name” with the name of your bucket. Also, note the Sid should be your Sid. I use the “policy generator” to help generate the policy by modifying the setting from the reference below.
Listing the content of bucket-name
aws s3 ls s3://bucket-name --region ap-northeast-2 --profile s3-bucket-username
Uploading the directory
myfile_folder to the bucket
aws s3 cp myfile_folder s3://bucket-name --region ap-northeast-2 --profile s3-bucket-username
You can also try
aws s3 sync myfile_folder s3://bucket-name --region ap-northeast-2 --profile s3-bucket-username
You may have a problem trying to forward X11 from your Linux server through a terminal in Windows. I use Bitvise as the ssh client as it also provides the interface for sftp to download/upload the files. Not that using command line scp or sftp is not efficient, but in Windows you may have to install those tools separately.
Since I was trying to avoid installing Cygwin initially, Cygwin terminal wasn’t what I initially consider. Therefore, I went ahead and install Bitvise ssh client (instead of putty), which actually turns out to be quite good. The only problem (at least now) is when trying to forward GUI from the server with X11 forwarding, it failed miserably.
- I’ve tried setting up bitvise in the X11 forward.
- Installed X11-server from Cygwin (finally T_T).
- But X11 forwarding still did not work. I got the error message below.
Failed to open channel for X11 forwarding from [::1]:47396 to 127.0.0.1:6000. Error connecting to X11 server: FlowSocketConnector: Failed to connect to target address. Windows error 10061: No connection could be made because the target machine actively refused it.
I kind of have an idea that this is something to do with Windows Firewall, which does not allow a specific port to listen to an incoming connection. But I haven’t quite figured out what to do. It is actually described on the bitvise page, but I guess I haven’t quite read the whole thing.
In short, after install cygwin X11 server, make sure to run the command below to fix the firewall permission.
C:\cygwin64\bin\XWin -listen tcp -multiwindow
You have started up a virtual machine in VirtualBox. In this case, I ran Ubuntu 16.10. You then realized that the IP address of your VM is not accessible from your local network. Although you can connect from the Host to your Guest VM (Ubuntu).
Therefore, you would like to change the type of network from “NAT” to “Bridge”. You did this through the GUI menu (Machine > Setting > Network > Adapter 1 –> Change to “Bridged Adapter”
OK, now what. You IP addresses is still the same.
You can check your current IP and network device with
Continue reading “Get a new IP address for a running VirtualBox Ubuntu Machine”
Life is not that simple. Even after I figured out how to create a docker machine to limit the disk usage, cpu, and memory through docker-machine running on Ubuntu host. However, there seems to be a problem that prevent the host to connect directly to the guest docker-machine.
bhoom@mg0:~$ docker-machine create -d virtualbox --virtualbox-disk-size "100000" --virtualbox-memory "32000" --virtualbox-cpu-count "16" fireDock0
Running pre-create checks...
(fireDock0) Copying /home/bhoom/.docker/machine/cache/boot2docker.iso to /home/bhoom/.docker/machine/machines/fireDock0/boot2docker.iso...
(fireDock0) Creating VirtualBox VM...
(fireDock0) Creating SSH key...
(fireDock0) Starting the VM...
(fireDock0) Check network to re-create if needed...
(fireDock0) Waiting for an IP...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with boot2docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
This machine has been allocated an IP address, but Docker Machine could not
reach it successfully.
SSH for the machine should still work, but connecting to exposed ports, such as
the Docker daemon port (usually <ip>:2376), may not work properly.
You may need to add the route manually, or use another related workaround.
This could be due to a VPN, proxy, or host file configuration issue.
You also might want to clear any VirtualBox host only interfaces you are not using.
Checking connection to Docker...
Error creating machine: Error checking the host: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.100:2376": dial tcp 192.168.99.100:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which will stop running containers.
If this is your case, and you have proxy server setup for your general internet connection, try
if you are lucky, you should be able to connect to your docker-machine (locally). Otherwise, life is not that simple.
May be you are working on a sensitive data, or just want to secure your personal data on your personal computers. Mac offers the whole hard disk encryption when you install the system, as well as, encryption of your backup through “Time Machine”. However, there are times that you might want to add an extra security to your file. May be you save some of the files to Dropbox or Google Drive, and the file might contain your personal health information that you would not want just anyone to be able to simply read it.
There’s a simple tool in OsX that can help you do this.
zip -e [output.zip] [file-to-be-encrypt]
zip utility will ask you to create a password. The stronger the password. The harder it will be to crack it. However, make sure you will remember the password, too. For this reason, I recommend you to use a password manager, e.g. LastPass is one of an excellent and easy to use tool with several browser integration for both mobile device and personal computer.
Just for the peace of mind. The encryption algorithm in zip might not be very strong. But at least, you save some disk space, and there’s one more extra-security of a password protection that you have to go through before accessing the content of the file.
Getting the Linux Image
You’ll get an iso file from your preferred repository. Following the link to the Ubuntu mirror at KMUTT in Thailand.
– Ubuntu 14.04.4 LTS (Trusty Tahr)
– Ubuntu 16.04 LTS Xenial Xerus
Convert iso to img
hdiutil convert -format UDRW -o ubuntu-16.04-server-amd64.img ubuntu-16.04-server-amd64.iso
man hdiutil for detail about the command
Create a bootable USB drive
- plug the USB drive into your computer and find out which mount point it is mounted to.
This will show the list of all drives mounted to your system right now. The description of which drive is a UBS drive should be quite clear.
– Unmount the disk before we proceed to write a bootable image on it.
# unmount it
diskutil unmount /dev/disk2
- copy the disk image to your usb drive.
sudo dd if=ubuntu-16.04-server-amd64.img.dmg of=/dev/rdisk2 bs=1m
/dev/rdisk2 instead of
/dev/disk2, you are writing the raw data to the USB drive which will be several folds faster than writing through the buffered
Eject the USB drive
- After writing the image, a diaglog box will alert you that the disk is not readable. Simple eject the disk.
- Alternatively, at the command
diskutil eject /dev/disk2