chmod -R 777 /efs is not safer
chmod -R ugo+rwx /efs is safer - Does not override SETUID AND SETGID BITS - Just Appends permissions
https://unix.stackexchange.com/questions/296675/is-chmod-r-ugorwx-safer-than-chmod-r-777
sudo tee -a
Append text when using sudo
echo '104.20.186.5 www.cyberciti.biz' | sudo tee -a /etc/hosts
Persist iptables redhat 7 ?
https://www.thegeekdiary.com/centos-rhel-how-to-make-iptable-rules-persist-across-reboots/
[IMPORTANT]
https://serverfault.com/questions/708728/iptables-not-starting-upon-reboot
https://www.tecmint.com/linux-firewall-iptables-interview-questions-and-answers/ [IMP]
https://linuxconfig.org/how-to-change-a-runlevel-on-rhel-7-linux-system
Typically the location of iptables configuration lies at ‘/etc/sysconfig/iptables‘ whereas firewalld configuration lies at ‘/etc/firewalld/‘, which is a set of XML files.
EDIT
/etc/firewalld/zones/public.xml
sudo systemctl status firewalld
sudo /sbin/service iptables status
sudo /sbin/service iptables save
sudo less /etc/sysconfig/iptables
sudo iptables -S
sudo iptables -A IN_public_allow -p tcp -m tcp --dport 27017 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 8080 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
<service name="ssh"/>
<service name="dhcpv6-client"/>
<port protocol="tcp" port="8080"/>
https://docs.aws.amazon.com/efs/latest/ug/installing-amazon-efs-utils.html#installing-other-distro
sudo yum list installed |grep amazon-efs-utils
https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#the-shared-credentials-file
%UserProfile%/.aws [Windows]
~/.aws [Linux]
All these defaults can be changed too
aws configure [Command to add Secret Key/Access Key using command Line itself]
role_arn and either a source_profile or a credential_source.
They both contain Access_Key and Secret_Key
The shared credentials file has a default location of ~/.aws/credentials.
You can change the location of the shared credentials file by setting the AWS_SHARED_CREDENTIALS_FILE environment variable.
The AWS CLI config file, which defaults to ~/.aws/config has the following format:
[default]
aws_access_key_id=foo
aws_secret_access_key=bar
region=us-west-2
Profiles that aren't the default profile are specified by creating a section titled "profile profilename":
[profile testing]
aws_access_key_id=foo
aws_secret_access_key=bar
region=us-west-2
aws_access_key_id, aws_secret_access_key, aws_session_token. These are the only supported values in the shared credential file. Also note that the section names are different than the AWS CLI config file (~/.aws/config). In the AWS CLI config file, you create a new profile by creating a section of [profile profile-name], for example:
[profile development]
aws_access_key_id=foo
aws_secret_access_key=bar
In the shared credentials file, profiles are not prefixed with profile, for example:
[development]
aws_access_key_id=foo
aws_secret_access_key=bar
Credentials specified in the shared credentials file have precedence over credentials in the AWS CLI config file
Shared Credentials File > Config File
Precedence
The above configuration values have the following precedence:
Credentials can be specified in several ways:
echo 'fs-face524e.efs.us-east-1.amazonaws.com:/ /efs nfs4 rw,intr,hard,_netdev,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport 0 0' >> /etc/fstab
sudo mount -a
sudo reboot now
#fs-face524e.efs.us-east-1.amazonaws.com:/ /efs nfs4 rw,intr,hard,_netdev,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport 0 0
#echo 'fs-face524e.efs.us-east-1.amazonaws.com:/ /efs nfs4 rw,intr,hard,_netdev,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport 0 0' | sudo tee -a /etc/fstab
#sudo vi /etc/fstab
chmod -R 777 /efs is not safer
chmod -R ugo+rwx /efs is safer - Does not override SETUID AND SETGID BITS - Just Appends permissions
https://unix.stackexchange.com/questions/296675/is-chmod-r-ugorwx-safer-than-chmod-r-777
https://www.thegeekdiary.com/understanding-the-configuration-file-for-mounting-file-systems-etc-fstab/
https://askubuntu.com/questions/9939/what-do-the-last-two-fields-in-fstab-mean
The EFS mount helper is part of the amazon-efs-utils package.
The amazon-efs-utils package is an open-source collection of Amazon EFS tools.
For more information, see Manually installing the Amazon EFS client.
https://docs.aws.amazon.com/efs/latest/ug/installing-amazon-efs-utils.html#installing-other-distro
Before the Amazon EFS mount helper was available,
we recommended mounting your Amazon EFS file systems using the standard Linux NFS client.
https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-old.html#mounting-fs-install-nfsclient
https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-dns-name.html
https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-ip-addr.html
https://docs.aws.amazon.com/efs/latest/ug/efs-mount-helper.html#mount-fs-auto-mount-onreboot
To view and copy the exact commands to mount your EFS file system using the mount target IP address
Open the Amazon Elastic File System console at https://console.aws.amazon.com/efs/.
In the Amazon EFS console, choose the file system that you want to mount to display its details page.
To display the mount commands to use for this file system, choose Attach in the upper right.
The Attach screen displays the exact commands to use for mounting the file system.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
https://kichik.com/2020/09/08/how-does-ec2-instance-profile-work/
https://computingforgeeks.com/mount-aws-efs-file-system-on-ec2/
https://docs.aws.amazon.com/efs/latest/ug/efs-mount-helper.html#mounting-access-points
sudo mkdir /efs
sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport fs-face524e.efs.us-east-1.amazonaws.com:/ efs
fs-face524e.efs.us-east-1.amazonaws.com:/ efs nfs4 defaults,_netdev 0 0
umount -f efs
sudo mount -a
Mounting on Amazon EC2 with a DNS name
Mounting with an IP address [https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-dns-name.html]
Mounting your Amazon EFS file system automatically[https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-ip-addr.html]
[https://docs.aws.amazon.com/efs/latest/ug/efs-mount-helper.html#mount-fs-auto-mount-onreboot]
NFS client
nfs-utils for RHEL, CentOS, Amazon Linux, and Fedora distributions
nfs-common for Debian and Ubuntu distributions
Network File Sharing (NFS) is a protocol that allows you to share directories and files with other Linux clients over a network
https://devopscube.com/mount-ebs-volume-ec2-instance/
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-using-volumes.html
[ec2-user@ip-10-79-196-74 ~]$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
nvme0n1 259:0 0 150G 0 disk
├─nvme0n1p1 259:1 0 1M 0 part
└─nvme0n1p2 259:2 0 150G 0 part /
[ec2-user@ip-10-79-196-74 ~]$ lsblk -f
NAME FSTYPE LABEL UUID MOUNTPOINT
nvme0n1
├─nvme0n1p1
└─nvme0n1p2 xfs 77f1de26-38e6-4e1d-8a1e-baa1610669e6 /
[ec2-user@ip-10-79-196-74 ~]$ cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Mon Oct 28 17:51:10 2019
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=77f1de26-38e6-4e1d-8a1e-baa1610669e6 / xfs defaults 0 0
[ec2-user@ip-10-79-196-74 ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 16G 0 16G 0% /dev
tmpfs 16G 0 16G 0% /dev/shm
tmpfs 16G 25M 16G 1% /run
tmpfs 16G 0 16G 0% /sys/fs/cgroup
/dev/nvme0n1p2 150G 6.5G 144G 5% /
tmpfs 3.1G 0 3.1G 0% /run/user/1000
[ec2-user@ip-10-79-196-74 ~]$
Click attach. This opens a page with mount instructions for the EFS.
https://computingforgeeks.com/mount-aws-efs-file-system-on-ec2/
