Howto register AWS SAML metadata in SimpleSAMLphp

  1. There is the page Configuring a Relying Party and Adding Claims. It explains how to get AWS metadata https://signin.aws.amazon.com/static/saml-metadata.xml
  2. Go to you SimpleSAMLphp Federation tab
  3. Click on XML to simpleSAMLphp metadata converter link
    XMLtoMetadata
  4. Copy content of https://signin.aws.amazon.com/static/saml-metadata.xml
  5. Paste it into Metadata parser window. Click Parse button.
  6. Copy Converted metadata content
  7. Paste into Noteapd
  8. Add Auth Procc Filter (mentioned at https://groups.google.com/forum/#!topic/simplesamlphp/AgHEy-5vHdA)

    ‘authproc’ => array(
    10 => array(
    ‘class’ => ‘core:AttributeAdd’,
    https://aws.amazon.com/SAML/Attributes/Role‘ => array(‘arn:aws:iam::<account_number_without_spaces>:role/<role_name>,arn:aws:iam::<account_number_without_spaces>:saml-provider/<’saml_provider_name)
    ),
    20 => array(
    ‘class’ => ‘core:AttributeAdd’,
    https://aws.amazon.com/SAML/Attributes/RoleSessionName‘ => array(‘uid’)
    ),
    ),

  9. Open /var/simplesamlphp/metadata/saml20-sp-remote.php file
  10. Replace its content by content from Notepad

Howto install AWS CodeDeploy on EC2 Windows instance by using CloudInit

  1. Create user-data.txt file
    ————–

    <powershell>
    New-Item -ItemType Directory -Force -Path c:\temp
    Read-S3Object -BucketName aws-codedeploy-us-east-1/latest -Key codedeploy-agent.msi -File c:\temp\codedeploy-agent.msi
    start c:\temp\codedeploy-agent.msi '/qn /l*v c:\temp\host-agent-install-log.txt'
    </powershell>
    

    ————–

  2. Go to AWS EC2 console and select Windows image (e.g. Windows_Server-2012-R2_RTM-English-64Bit-Base-2014.10.15 (ami-ba13abd2))
  3. Click Launch/Spot Request
  4. Provide user data as user-data.txt file
  5. Now you will get Windows instance with AWS CodeDeploy installed. Enjoy!

Howto rename Lotus Notes field by using PowerShell

You need to have Lotus Notes client installed on your machine. Then you need to run PowerShell (x86).

$lns = New-Object -ComObject Lotus.NotesSession
$lns.Initialize()
$db= $lns.GetDatabase('','YOUR_DB_NAME')

$doc = $db.GetDocumentByUNID('1E733555DDB27DA785257D7E005E64B0')
$doc.RemoveItem('TARGET_FIELD_NAME')
$doc.CopyItem($doc.GetFirstItem('SOURCE_FIELD_NAME'),'TARGET_FIELD_NAME')
$doc.RemoveItem('SOURCE_FIELD_NAME')
$doc.Save($false, $true)

Howto disable hotlinking for your AWS S3 resources

It is good idea to serve static content (e.g. images, video, …., not a JavaScript files) on AWS S3 instead of from your AWS EC2 server. In this case you reduce the workload on your web application.

The problem is that AWS S3 resources are not available for public by default.

The simple stupid solution is to make them all publicly available.

But what if we are talking about protected Web application where clients should enter credentials first to access the application. And one of the requirement is that all data should be not easily available! E.g. shouldn’t be referenced by other sites (hotlinking) or crawled by the search engines.

AWS S3 for everyone doesn’t work here.

Fortunately you can create the AWS S3 bucket policy which will allows to access the resources only for the particular referrers:

{
 "Version": "2008-10-17",
   "Id": "Vlasenko Access",
   "Statement": [
   {
     "Sid": "AllowPublicRead",
     "Effect": "Allow",
     "Principal": {
       "AWS": "*"
     },
     "Action": "s3:GetObject",
     "Resource": "arn:aws:s3:::TestPolicy/*",
     "Condition": {
       "StringLike": {
         "aws:Referer": [
           "https://vlasenko.org/*",
           "http://vlasenko.guru/*",
           "http://vlasenko.ninja/*"
         ]
       }
     }
   }
 ]
}


The image above available only trough this blog post. Try to copy the URL and paste it into a new tab in your browser. Don’t use Open link in new Tab!

Amazon RDS Now Supports T2 Instances

That is good news.

T2 instances CPU credits is really great feature introduced 2 months ago for EC2. Amazon RDS Now Supports T2 Instances

At the same time the price for T2 RDS instances is twice less then for the previous generation.

T2.micro EC2 + T2.micro RDS are good if you are thinking about web app which will have the “scheduled” workload. E.g. the main customers are from the particular region.

While the instance is IDLE it accumulate CPU credits. And you servers will be able to burst above the baseline as needed. You can track your CPU Credits trough AWS Console. It is really fun to track them

On the image below one of my EC2 instance has 150 CPU Credits. This means that it will be able to rocket up to the “cloud”  if needed. But still you pay for micro instance. CPU Credits really brilliant idea from Amazon!


CPUCredits