AWS IAM notes

IAM stands for Identity and Access Management. It is used to control access to AWS resources.

  • Not region specific unlike most AWS resources.
  • Users are people who will access your AWS resources.
  • Root account is the email ID with which your account was created.
  • It is advisable not to use the root account.
  • It is recommended to enable MFA for the root account.
  • Group is a way to combine users so we can apply policy to a group of users.
  • Roles is a way for resource to access another resource. Example would be permission for EC2 to access S3
  • Policy Documents are written in JSON and it is a key value pairs.
  • Policies can be attached to users, groups and resources.
  • Users have no permission by default. They will able to login but will not be able to do anything.
  • Users are assigned Secret Key ID and Secret Access Key. This is for communicating with AWS via API, CLI and SDK.
  • Users cannot login to the console using Secret Key ID and Secret Access Key.

I configured nproc limit for a user in limits.conf, it isn’t working

This post applies to RHEL 6 and RHEL 7. I changed the nproc limit for a user to 16383 in /etc/security/limits.conf.

cat >>  /etc/security/limits.conf
username         soft    nproc           16383

When I checked it with ulimits -n, it isn’t working.

su - username 
ulimits -a

This is because, to prevent a fork bomb, the default limits for all users except root is set to 1024 in RHEL 6. The setting is in /etc/security/limits.d/90-nproc.conf which overrides /etc/security/limits.conf. Continue reading

How to get rid of “ would have to be root to see it all” when running netstat as normal user

Run netstat as a normal user, you will see this warning below.

    $ netstat -tupln | grep ':22'
    (Not all processes could be identified, non-owned process info
     will not be shown, you would have to be root to see it all.)
    tcp        0      0    *                   LISTEN      -
    tcp        0      0        *                   LISTEN      -
    tcp        0      0    *                   LISTEN      -
    tcp        0      0 :::22                       :::*                        LISTEN      -

To get rid of this, redirect the error to /dev/null. Continue reading

VMkernel ate my memory

A customer complained that with almost nothing running, 20G of RAM was used and unaccounted for in a Linux VM on VMware ESXi. My first reaction was it must be cache and buffers. I wanted to send the customer straight to Linux ate my ram.

The customer was spot on. Look at free output

# free -m
             total       used       free     shared    buffers     cached
Mem:         32233      22257       9975          0        340        412
-/+ buffers/cache:      21504      10728
Swap:         2047         99       1948

Continue reading