IAM stands for Identity and Access Management. It is used to control access to AWS resources.
- Not region specific unlike most AWS resources.
- Users are people who will access your AWS resources.
- Root account is the email ID with which your account was created.
- It is advisable not to use the root account.
- It is recommended to enable MFA for the root account.
- Group is a way to combine users so we can apply policy to a group of users.
- Roles is a way for resource to access another resource. Example would be permission for EC2 to access S3
- Policy Documents are written in JSON and it is a key value pairs.
- Policies can be attached to users, groups and resources.
- Users have no permission by default. They will able to login but will not be able to do anything.
- Users are assigned Secret Key ID and Secret Access Key. This is for communicating with AWS via API, CLI and SDK.
- Users cannot login to the console using Secret Key ID and Secret Access Key.
This post applies to RHEL 6 and RHEL 7. I changed the nproc limit for a user to 16383 in /etc/security/limits.conf.
cat >> /etc/security/limits.conf
username soft nproc 16383
When I checked it with ulimits -n, it isn’t working.
su - username
This is because, to prevent a fork bomb, the default limits for all users except root is set to 1024 in RHEL 6. The setting is in /etc/security/limits.d/90-nproc.conf which overrides /etc/security/limits.conf. Continue reading
Run netstat as a normal user, you will see this warning below.
$ netstat -tupln | grep ':22'
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN -
tcp 0 0 :::22 :::* LISTEN -
To get rid of this, redirect the error to /dev/null. Continue reading
A customer complained that with almost nothing running, 20G of RAM was used and unaccounted for in a Linux VM on VMware ESXi. My first reaction was it must be cache and buffers. I wanted to send the customer straight to Linux ate my ram.
The customer was spot on. Look at free output
# free -m
total used free shared buffers cached
Mem: 32233 22257 9975 0 340 412
-/+ buffers/cache: 21504 10728
Swap: 2047 99 1948