Amazon Web Services (AWS) — Elastic Compute Cloud (EC2)

Learning how to program the EC2 system via the PHP API. I needed to know about RunInstances and AssociateAddress.

You can send Amazon a Request to Remove Email Sending Limitations which by default limit the amount of email traffic instances can process.

Also read about Amazon EC2 Instance IP Addressing and Elastic IP Addresses (EIP).

Although I settled on using the PHP SDK I read the doco for the Java SDK EC2 client: Class AmazonEC2Client. The corresponding PHP API is here. Also How to get list of EC2 instances with Amazon PHP SDK 2 from StackOverflow was useful. All AWS SDKs are here and there are command-line tools. There is AWS SDK for PHP Documentation. This article Provision an Amazon EC2 Instance with PHP was a handy starting place. I also saw the Amazon Elastic Compute Cloud API Reference. I also read AWS SDK for PHP: Run an Amazon EC2 Instance.

I started a project at ProgClub called make-love, which is my server re-instantiation script. It shows how to use the AWS PHP SDK and the r53.php code for programming AWS Route53 DNS services. Documentation on the Route53 client can be found at Ordering Disorder. More on r53.php at SourceForge. I added a new function listAllResourceRecordSets to the Route32 class and commented out some SSL validation code because validation was failing and it’s no big deal to ignore it.

When does cron.daily etc run?

I wanted to know what time of day my cron.daily, cron.weekly, etc. cron jobs where scheduled to run. The answer is in /etc/crontab:

# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#

Resolved firefox ssl_error_expired_cert_alert

I was getting the error ‘ssl_error_expired_cert_alert’ in Firefox. I checked my client certificate and it hadn’t expired. I checked my CA certificate and it hadn’t expired. It turned out that the problem was that my ca.crl Certificate Revocation List had expired. I fixed that by running jj5-bin empathy-ca-update-crl which says:

echo Updating CRL...
openssl ca -gencrl -config ca.cnf -cert cacert.crt -out ca.crl.pem -crldays 365
if [ "$?" -ne "0" ]; then
  echo Error updating CRL.
  exit 1
fi

echo Exporting CRL to DER format...
openssl crl -in ca.crl.pem -outform DER -out ca.crl.der
if [ "$?" -ne "0" ]; then
  echo Error exporting CRL in DER format.
  exit 1
fi

echo Viewing CRL...
openssl crl -in ca.crl.pem -noout -text
if [ "$?" -ne "0" ]; then
  echo Error viewing CRL.
  exit 1
fi

Password Best Practice

I read Password Primer today:

  1. Use at least 8-10 characters.
  2. Interchange upper and lower case letters with numbers and symbols.
  3. Consider a “Passphrase” like “Every good band deserves fans”: “!eGbAdfns2”
  4. Change your password every 6 to 8 months and immediately if you believe it’s been compromised.
  5. NEVER share your password with anyone you don’t trust – some would say never share your password PERIOD.
  6. Don’t write your password(s) on sticky notes and then post them to your monitor!
  7. Avoid using the same passwords for all of your accounts.
  8. Never send your password to someone in an e-mail.
  9. Don’t use the “Remember Password” option in browsers or websites
  10. NEVER make your login and your password the same thing.