I’m learning Terraform at the moment and thought this could be a good hand-on side project for me. The provided terraform code will spin up a github repo, a codebuild project and a s3 bucket to host a static blog (blue box in the flow chart above). I figure people might not want to use cloudfront or route 53 as they are not free tier service, so I left them out.

To spin this up, we will need the below prerequisites:

• Github personal access token
• AWS CLI
• Terraform
• Hexo

Once all the prerequisites are setup, follow the steps below.

1. Open cmd/powershell and run the following commands to clone terraform and build spec file:

1

git clone https://github.com/tduong10101/serverless-blog-terra.git

2. Update serverless-blog-terra/variable.tfvars with your github token and site name that you would like set up
3. Run the following commands

1
2
3

cd serverless-blog-terra
terraform init
terraform apply -var-file variable.tfvars

4. Review the resouces and put in “yes” to approve terraform to spin them up.
5. Grab the outputs and save them somewhere, we’ll use them for later steps.
6. Navigate to the parent folder of serverless-blog-terra

1

cd ..

8. Create a new folder, give it the same name as git repo (doesn’t matter if the is not the same, it’s just easier to manage), cd to new folder and run hexo init command

   1 2 3

   mkdir <new folder> cd .\<new folder> hexo init

9. Copy buildspec.yml file from serverless-blog-terra folder to this new folder

10. Update the buildspec.yml with s3:// link from step 5

11. Init Git and setup git remote with the below commands. Insert your git repo url from step 5.

1
2
3
4
5

git init
git add *
git commit -m "init"
git remote add origin "<your-git-url-from-step-5>"
git push -u origin master

11. Wait for codebuild to complete update S3 bucket. Logon to AWS console to confirm.

12. Open the website_endpoint url on step 5 and enjoy your serverless blog.

Visit Hexo for instructions on how to create posts, change theme, add plugins etc

Remove the blog:

13. If you don’t like the new blog and want to clean up aws/git resources. Run the below command:

1

terraform destroy -var-file variable.tfvars

14. Once terraform finish cleaning up the resources. The rest of the folders can be removed from local computer.

Encrypte and Decrypt credential:

1
2
3
4
5
6
7
8
9
10
11
12
13
14

#Create encrypt key
$EncryptKey = New-Object Byte[] 16
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($EncryptKey)
$EncryptKey| Out-File C:\key.txt
#Encrypt credential
$UserCred = Get-Credential
$UserCred.Password | ConvertFrom-SecureString -Key $EncryptedKey | Out-File C:\encrypted.txt

#Decrypt credential
$User = 'TestUser'
$SecureKey = Get-Content C:\Key.txt | ConvertTo-SecureString
$SecurePassword = Get-Content C:\encrypted.txt | ConvertTo-SecureString -SecureKey $SecureKey
$UserCred = New-Object System.Management.Automation.PSCredential ($User, $SecurePassword)
Get-WmiObject -Class win32_OperatingSystem -ComputerName RemoteServerA -Credential $UserCred

Encrypt and Decrypt password:

1
2
3
4
5
6
7
8

$Password = "Password123"
$PasswordBytes = [System.Text.Encoding]::Unicode.GetBytes($Password)
$SecurePassword = [Security.Cryptography.ProtectedData]::Protect($PasswordBytes, $null, [Security.Cryptography.DataProtectionScope]::LocalMachine)
$SecurePasswordStr = [System.Convert]::ToBase64String($SecurePassword)

$SecureStr = [System.Convert]::FromBase64String($SecurePasswordStr)
$StringBytes = [Security.Cryptography.ProtectedData]::Unprotect($SecureStr, $null, [Security.Cryptography.DataProtectionScope]::LocalMachine)
$PasswordStr = [System.Text.Encoding]::Unicode.GetString($StringBytes)

I got this old code editor project sitting in github without much description - repo link. So I thought why not try to host it on S3 so I could showcase it in the repo.

Also it’s a good pratice to brush up my knowledge on some of the AWS services (S3, CloudFront, Route53). After almost an hour, I got the site up so it’s not too bad. Below are the steps that I took.

1. Create a S3 bucket and upload my code to this new bucket - ceditor.tdinvoke.net.

2. Enable “Static website hosting” on the bucket

   

3. Create a web CloudFront without following settings (the rest are set with default)

   1. Origin Domain Name: endpoint url in S3 ceditor.tdinvoke.net ‘Static Website Hosting’
   2. Alternate Domain Names (CNAMEs): codeplayer.tdinvoke.net
   3. Viewer Protocol Policy: Redirect HTTP to HTTPS
   4. SSL Certificate: Custom SSL Certificate - reference my existing SSL certificate

4. Create new A record in Route 53 and point it to the new CloudFront Distributions

Aaand here is the site: https://codeplayer.tdinvoke.net/

Next I need to go back to the repo and write up a readme.md for it.

Quick powershell script to generate and save AWS IAM credentials report to csv format on a local location.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

Import-Module AWSPowerShell
$reportLocation = "C:\report"
if (!(test-path($reportLocation))){
    New-Item -ItemType Directory -Path $reportLocation
}
$date = get-date -Format dd-MM-yy-hh-mm-ss
$reportName = "aws-credentials-report-$date.csv"
$reportPath = Join-Path -Path $reportLocation -ChildPath $reportName
# request iam credential report to be generated
do {
    $result = Request-IAMCredentialReport
    Start-Sleep -Seconds 10
} while ($result.State.Value -notmatch "COMPLETE")
# get iam report
$report = Get-IAMCredentialReport -AsTextArray
# convert to powershell object
$report = $report|ConvertFrom-Csv
# export to set location
$report | Export-Csv -Path $reportPath -NoTypeInformation

Just recently got this site on google search, totally forgot about it when I created the site.
The process is quite easy. Follow the instructions on this link should cover the task.
Might take from 10 minutes to 5 hours for the TXT record to populate, so be patient!

If Microsoft SQL mp is not available on your SCOM or the SCOM DB SQL Server is not discovered.
On SCOM management server regedit, navigate to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Setup\DatabaseServerName

Command to set windows server httpwin proxy setting.

1

netsh winhttp set proxy proxy-server="http=<proxy>:<port>;https=<proxy>:<port>" bypass-list="<local>;<url>"

Powershell script to grab winhttp value

1
2

$ProxyConfig = netsh winhttp show proxy
$Proxy = (((($ProxyConfig | Out-String) -split("`n") |?{$_ -like "*Proxy Server*"}) -split("  ") -split(";")) | ?{$_ -like "http=*"}).Replace("=","://").Trim()