innyso

AWS provided a managed policy called arn:aws:iam::aws:policy/IAMReadOnlyAccess which give readonly access to user for all aws resources. This is very useful in most cases, having said that sometimes extra denied rules are required for user who do not need to access/download data. Depending on the situation, we might want to loosen some of the denied rule, for example we might allow all user to Log:GetLogEvents to view logs in cloudwatch if we do not need to segregate logs access.

{
      "Version": "2012-10-17",
      "Statement": [
          {
              "Sid": "DenyData",
              "Effect": "Deny",
              "Action": [

innyso

generate gpg key

gpg --full-generate-key

To export your gpg public key

gpg --armor --export <[email protected] | fingerprint>

innyso

It had been a habit of mine where I always do git pull/push origin [branchname] for years because I push to master by accident once years. This week, I decided its time to up my git game and did some research on how to make the current checkout branch as the default upstream to push or pull.

To push to current branch

This one is simple, just set global config push.default to current

git config --global push.default current 

# after that I can simply push to my current checkout branch without type origin branchname
git push

innyso

A community collection of git ignore

innyso

S3 Encryption

There are two ways where S3 can encrypt data at rest

Client-Side Encryption

Data are send and store as encrypted. During retrieval, encrypted data are retrieved and descrypt at the client side. This can be achieve with the use of AWS SDK and KMS or self managed secret

Server-Side Encryption

Data are send unencrypted to AWS via TLS, AWS ia responsible for encrypting and storing on disk. During retrieval, AWS retrieves encrypted data from disks decrypt it and send raw data back via TLS.

innyso

Recently I need to do some updating for an nginx configuration, beside the fact that I am a bit rusty with my nginx config skills, I also encounter something like this

location @something {
  # ...
}

Not knowing what this mean, did some quick search and found that this is called a named location and it seems like a good alternative to if-then-else in certain scenario.

innyso

Linux foreground background process

Foreground Process

A command or process you run directly and wait for it to complete

Background Process

The shell does not need to wait for the process to end. You can run as many of background process as you want within your system memory limit.

innyso

How does Ultisnips know which snippet file(s) to load?

In the snippet definition directories, it look for the following patterns:

foo. snippets
foo_*.snippets
foo/*

where foo is the filetype

innyso

Default value in bash

# Set COFFEE to latte if there is no input 
COFFEE=${1:-latte} 

# Set SIZE to small when ORDER is not set or null
SIZE=${ORDER:-small}

# Set TOPPING and EXTRA to chocolate when EXTRA is not set or null

innyso

Moving and renaming a resource out of terraform state file

One of my rule of thumb is never touch terraform state file if I want to live a happy life but recently I found myself having to separate a state file into 2. At first I was very irritated because I should've done this in the beginning but what happened, happened so lets deal with it.

With some quick online searching, to my surprised there are some terraform built-in command that can make my life easier.

Let says all the current terraform code are in foo/ and I would like to move module.bar out of foo/ to bar/ and also rename the module to module.balloon

Let's get an understand what we currently have