crazyguitar

AWS VPC with NAT Gateway

Sometimes, we need a static IP for accessing a private service since it has several firewall rules to avoide malcious attacks. In this case, we can create a NAT gateway on AWS and assign a static IP for this gateway. Therefore, we can use this public IP address to access our private service. This note tries to demonstrate how to create a NAT gateway on AWS VPC.

Architecture

Environment

crazyguitar

AWS assume role

Based on AWS document, we can use a role on AWS to delegate access AWS resources. For example, we can create a role throw IAM console then grant a permission to access S3 bucket without creating a IAM user. Following steps show how to assume a role to access S3 bucket.

Upload file via temporary credential

Step 1: Create a role to delegate access AWS S3

crazyguitar

#!/bin/bash -e
#
# Copyright 2014 Tony Burns
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#

crazyguitar

# You don't need Fog in Ruby or some other library to upload to S3 -- shell works perfectly fine
# This is how I upload my new Sol Trader builds (http://soltrader.net)
# Based on a modified script from here: http://tmont.com/blargh/2014/1/uploading-to-s3-in-bash

S3KEY="my aws key"
S3SECRET="my aws secret" # pass these in

function putS3
{
  path=$1

crazyguitar

#!/bin/bash
# Inspired by http://dl.getipaddr.net/ and http://curl.haxx.se/mail/archive-2014-10/0006.html
file=path/to/file
bucket=your-bucket
contentType="application/octet-stream"
dateValue=`date -R`
resource="/${bucket}/${file}"
s3Key=`curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/ec2-app-role | grep 'AccessKeyId' | sed 's/.* "\([^"]*\).*/\1/'`
s3Secret=`curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/ec2-app-role | grep 'SecretAccessKey' | sed 's/.* "\([^"]*\).*/\1/'`
token=`curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/ec2-app-role | grep 'Token' | sed 's/.* "\([^"]*\).*/\1/'`

crazyguitar

# You don't need Fog in Ruby or some other library to upload to S3 -- shell works perfectly fine
# This is how I upload my new Sol Trader builds (http://soltrader.net)
# Based on a modified script from here: http://tmont.com/blargh/2014/1/uploading-to-s3-in-bash

# ====================================================================================
# Aug 25, 2016 sh1n0b1
# Modified this script to support AWS session token
# More work will be done on this.
#
# S3KEY="ASIAJLFN####################"

crazyguitar

The Ultimate Unit Testing Cheat-sheet

For Mocha, Chai and Sinon

using mocha/chai/sinon for node.js unit-tests? check out my utility: mocha-stirrer to easily reuse test components and mock require dependencies

---

• Sinon Chai
• Chai
• Sinon
• Mocha

crazyguitar

package main

import (
	"fmt"
	"github.com/gorilla/mux"
	"github.com/gorilla/securecookie"
	"net/http"
)

// cookie handling

crazyguitar

AWS Lambda (Go)

directory layout

.
├── event.json
├── main.go
└── template.yml

crazyguitar

Dynamodb (Go)

package main

import (
	"encoding/json"
	"log"
	"net/http"
	"os"