AWS – Copy S3 buckets from one account to another:

Steps to perform S3 buckets from one account to another is mentioned below:

1.    Attach a bucket policy to the source bucket in Account A.

2.    Attach an AWS Identity and Access Management (IAM) policy to a user or role in Account B.

3.    Use the IAM user or role in Account B to perform the cross-account copy.

 

Attach a bucket policy to the source bucket in Account A:

1.    Get the Amazon Resource Name (ARN) of the IAM identity (user or role) in Account B (destination account).

2.    From Account A, attach a bucket policy to the source bucket that allows the IAM identity in Account B to get objects, similar to the following:

Important: For the value of Principal, replace arn:aws:iam::11111111111:user/Jane with the ARN of the IAM identity in Account B.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DelegateS3Access",
            "Effect": "Allow",
            "Principal": {"AWS": "arn:aws:iam::111111111111:user/Jane"},
            "Action": ["s3:ListBucket","s3:GetObject"],
            "Resource": [
                "arn:aws:s3:::awsexamplesourcebucket/*",
                "arn:aws:s3:::awsexamplesourcebucket"
            ]
        }
    ]
}

Attach an IAM policy to a user or role in Account B

1.    From Account B, create an IAM customer managed policy that allows an IAM user or role to copy objects from the source bucket in Account A to the destination bucket in Account B. The policy can be similar to the following example:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::awssourcebucket",
                "arn:aws:s3:::awssourcebucket/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::awsdestinationbucket",
                "arn:aws:s3:::awsdestinationbucket/*"
            ]
        }
    ]
}

2.    Attach the customer managed policy to the IAM user or role that you want to use to copy objects between accounts.

Use the IAM user or role in Account B to perform the cross-account copy:

After you set up the bucket policy and IAM policy, the IAM user or role in Account B can perform the copy from Account A to Account B. Then, Account B owns the copied objects.

To synchronize all content from a source bucket in Account A to a destination bucket in Account B, the IAM user or role in Account B can run the sync command using the AWS Command Line Interface (AWS CLI):

aws s3 sync s3://awssourcebucket s3://awsdestinationbucket

Disable non-working F5 Viprion blade

You can perform F5 viprion blade disable activity in two ways.

Disabling through CLI:

  1. Log in to the command line
  2. Set the VIPRION blade to Disabled by using the following command syntax:tmsh modify sys cluster default members { <slot number> { disabled } }

    For example:

    tmsh modify sys cluster default members { 2 { disabled } }

 

3. Set the VIPRION interfaces to Disabled by using the following command syntax:

            tmsh modify net interface <slot number>/<interface> disabled

For example:

            For single interface

             tmsh modify net interface 2/1.1 disabled

            For multiple interfaces

            tmsh modify net interface 2/1.1 2/1.2 disabled

Webui Method:

  1. Log in to the Configuration utility by connecting to the floating management IP address of the cluster.
  2. Navigate to System Clusters Properties.
  3. Select the box next to the desired slot.
  4. Click Disable/Yield.

 

Checkpoint Services

Checkpoint  important services are mentioned below.

  1. FWM
  2. FWD
  3. CPD
  4. CPCA

1.FWM  Tasks:

  • Serving the GUI clients
  • Database Tasks (Rules, objects, users etc..)
  • Collecting status from different firewalls
  • Policy compilation

2. FWD  tasks:

  •     Receiving the logs on port 257

3. CPD (Checkpoint Daemon) Tasks:

  • SIC
  • Loading policy
  • Status collections (AMON)

4. CPCA (Checkpoint certification Authority)

  • SIC certificate pulling
  • Certificate enrollment
  • CRL fetch
  • Admin WebUI

 

 

F5-Viprion-Commands

To obtain the Cluster members information, type the following command:

      tmsh show sys cluster
Example:
[root@vhost:/S1-green-P:Active:Standalone] config # tmsh show sys cluster

—————————————–
Sys::Cluster: default
—————————————–
Address                 192.168.1.3/24
Availability            available
State                   enabled
Reason                  Cluster Enabled
Primary Slot ID         1
Primary Selection Time  07/23/17 22:01:49

—————————————————————————-
| Sys::Cluster Members
| ID  Address      Availability  State    Licensed  HA      Clusterd  Reason
—————————————————————————-
| 1   192.168.1.4  available     enabled  true      active  running   Run
| 2   192.168.1.5  available     enabled  true      active  running   Run
| 3   192.168.1.6  available     enabled  true      active  running   Run
| 4   192.168.1.8  available     enabled  true      active  running   Run

 

To obtain the configured vCMP guest information, type the following command:
tmsh show vcmp guest

        Example:
[root@vhost:/S1-green-P:Active:Standalone] config # tmsh show vcmp guest

———————————————————————————–
Sys::Vcmp::Guest
Name      Slot ID Status  Requested   Request  Retries  Uptime  Comment
State  Complete
———————————————————————————–
test1          3  running   deployed      true        0  07/23/17 22:18:16
test2          4  running   deployed      true        0  07/23/17 22:19:41
test3        1  running   deployed      true        0  07/24/17 19:24:16
test4        2  running   deployed      true        0  07/24/17 19:29:25
vguest1        3  running   deployed      true        0  07/24/17 19:28:49
vguest2        4  running   deployed      true        0  07/24/17 19:28:49  

 

To access the vGuest console you  may run the following command. 

        vconsole <guest name> <slot#> 
Example:
[root@vhost:/S1-green-P:Active:Standalone] config # vconsole guest 1
Trying 127.3.0.1…
Connected to 127.3.0.1.
Escape character is ‘^]’.

BIG-IP 12.0.0 Build 0.0.606
Kernel 2.6.32-431.56.1.el6.f5.x86_64 on an x86_64
guest1.f5.com login:
[root@guest1:/S1-green-P:Active:Standalone] config #

SSH into a specific slot:
ssh <slot number>

Example:
[root@guest1:/S1-green-P:Active:Standalone] config # ssh slot2

Forcing a Primary blade to Secondary

  1. Locate the primary slot# by running
    tmsh show sys cluster
  2. Disable the primary slot with the following command:
    tmsh modify sys cluster default members { 2 { disabled } }
    From the above command, the primary slot# is “2”

Shutting Down and Restarting a single VIPRION Blade

Restarting, powering off, and powering off VIPRION Blades can be done via the following commands:

  1. Reboot a single blade:
    bladectl -b <blade#> -r
    Example: bladectl -b 2 -r
  2. Power Down a single blade
    bladectl -b <blade#> -p 0
    Example bladectl -b 2 -p 0
  3. Power On a single blade
    bladectl -b <blade#> -p 1
    Example: bladectl -b 2 -p 1