How it works - www.aws-glossary.info

I recently posted an entry announcing www.aws-glossary.info. In this post I want to cover how it actually works.

Basic Architecture

The logical diagram below details the basic structure of the application. The core components are;

ComponentPurpose
GithubStatic content stored in github
CodePipelineOn commit to the master branch of the github repo - UI components deployed to S3
S3Static content for the application is stored in an S3 bucket configured for website hosting
CloudFrontEdge location storage, but more importantly, facilitates SSL
Route53Hosted zone for the aws-glossary.info domain - points to the CloudFront distribution
LambdaPython lambda function to get the latest documentation data and store in a neat JSON file
CloudWatch EventsUsed to trigger the lambda function

Basic Architecture Diagram

User Interface

The user interface is using KnockoutJS to bind all the components together to dynamically filter the data downloaded in the service JSON file. KnockoutJS allows you to tag components as observable; for example, as you update the search text box, the collection behind the table is filtered appropriately.

Finally, for ease (and because I’m no good a UI design), I’ve used Bootstrap 4.0 to make the look and feel slick but easy for me.

Resources:


Dynamic AWS Glossary

Yesterday I created a scraper for the AWS documentation landing page to give an aws glossary of all of the services that have available documentation.

Originally I posted it as a page in this site, I’ve now moved it to https://www.aws-glossary.info


Delving in the depths of my github

This morning I was trying to solve an issue where http://owenrumney.co.uk has an SSL error when trying to access my blog but https://www.owenrumney.co.uk is fine! (its still not resolved).

As I was poking around in my github account I looked at what I had done over the years… taking me back to 2012 when I originally opened my account.

The first project was an implementation of the LightsOut game written in NodeJS. Since I’ve never had a contract where I’ve been doing Node I can only assume i was writing this to learn Express/NodeJS etc.

The game is simple, click on the lights till they all go out, but when you click a cell, the state of the horizontal and vertical adjacent cells toggle their state.

LightsOut Game

Even a cursory look at the code has highlighted that it isn’t great, but my thoughts are more about how great it is to have Github and source control systems as a whole. Over the years, my laptops have been changed, flattened, stolen and lost, yet all I needed was a git clone git@github.com:owenrumney/Lightsout.git and I was able to run (confession, I also had to install node) my inagural GitHub contribution.

‘Int Git Brilliant!!!

(Another confession - it seems you just need to click the middle cell of the lights on start to win the game in a single click - so more work needed ;) )


Using Amazon SES with HP Scan-to-Email Printer

Overview

We have just replaced our aging Canon MX885 Multi Function printer with a new colour Laser printer, an HP M281fdw multi function. One of the scanning options is to “Scan to Email”. This is something I’ve found really useful in my current clients office.

What’s the issue then?

The issue I found setting up this functionality is that I need to configure the printer to relay through an SMTP server to send the messages to me. This is a pain and I didn’t want to have to stand up a simple SMTP server here just so I could use this feature.

My next thought was to try and use smtp.gmail.com. Even with the usual port and authenticating using my emails creds this still didn’t work properly so I figured why not make use of Amazon’s Simple Email Service. It’s simple, reliable and you can relay through it.

Setting it up

The following steps should get you working - the key sticking points are making sure that you’ve verified that you can send to the email address you’re configuring.

Verifying the Email Address

First things first is to log into the AWS Console and navigate to Simple Email Service.

Under Identity Management select Email Addresses then click the Verify a New Email Address button.

This will being up the dialog where you can specify the email you want to approve.

Verify an Email Address dialog

Once you’ve submitted this, you’ll get an email to the specified address which you need to validate by clicking the link in the email. You should then see the email verified as below;

Verified Email Address

Creating the SMTP credentials

The next thing you need to do is create some credentials with which to relay through the SMTP server with. Clicking on SMTP Settings under the Email Sending section will show you the details - as below;

SMTP Settings

Click on the Create My SMTP Credentials button and either accept the IAM user name or change to something more appropriate

SES IAM User

Clicking Create will generate the new credentials for the IAM user which you can download and make a note of.

IAM User Credentials

Configuring the Printer

Finally, we can update the configuration in the printer. In my case, the screen looks something like this.

MFP Email Config Screen

Last step is to do a test scan and make sure it gets routed through your email.


Creating a Kerberos Keytab file with ktutil

NOTE: Creating a keytab file is easy enough but I have to refresh myself each time so I thought I would document it in a blog post.

Assumptions

I’m assuming for anyone who is doing this that you have your /etc/krb5.conf in order and that isn’t going to get in your way.

One thing you’re going to want to know is what your permitted and default enctypes and the realm are from this file. In my case I’m going to use aes128-cts-hmac-sha1-96 and my realm is DPE.INTERNAL.

Creating the keytab file

To create the keytab file you’re going to need ktutil (and a number of other kxxxxxx commands)

RHEL/Centos

sudo yum install krb5-workstation

Ubuntu

sudo apt-get install krb5-user

Now you have the required programs installed, you can create your keytab file using ktutil.

ktutil

This will present you with a prompt for you to add the entries in the keytab file

add_entry -password -p user@DPE.INTERNAL -k 1 -e aes256-cts-hmac-sha1-96
Password for user@DPE.INTERNAL: <enter password here>

write_kt user.keytab
quit

Breaking this down, we are saying that we want to add an entry to the keytab using a password for authentication.

The -p is the principal that we will be logging in as using the end file.

The -k refers to the Key Version Number which in some situations isn’t really needed and is ignored (in Windows environment for example). You can get the current Key version number (kvno) by using the kvno command

kvno user@DPE.INTERNAL
user@DPE.INTERNAL: kvno = 1

The -e refers to the enctype mentioned earlier. This needs to be one of those that are permitted in your krb5.conf file so you’re using an accepted and appropriate encryption.

Testing the Key

We can now test the keytab for successfully login

kinit -kt user.keytab user@DPE.INTERNAL

This should exit normally, then we can check we’ve got a ticket using klist

klist

Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: user@DPE.INTERNAL

Valid Starting           Expires                Service principal
01/23/2019 14:27:28      01/24/2019 00:27:28    user@DPE.INTERNAL

To clear out the ticket, you can use kdestroy. This will remove all current authentications.