Using the AWS CLI to check user permissions

The total permissions of a single user are compiled from several places, so you have to use several commands to catch them all.

aws iam list-groups-for-user --user-name
aws iam list-attached-group-policies --group-name
aws iam list-group-policies --group-name
aws iam list-attached-user-policies --user-name
aws iam list-user-policies --user-name

Here's a quick powershell script that can automate this output:

How to manage a dynamic inventory using ansible on AWS

Building on the ansible tutorial from earlier, this tutorial shows you how to use your existing virtual environment to control your AWS ansible inventory. This saves you from having to upload playbooks and maintain ansible installations - basically you can run your playbooks from your work station using your workstation's ansible installation to send commands to your inventory over SSH.

IPSec Troubleshooting

Some handy commands to see what's going on with a strongswan-based ipsec connection

ip -s xfrm state
ip route list table 220
ipsec status

How to install and configure multiple versions of ansible and the AWS CLI on Mac OSX

If you work with the AWS CLI and it's cousins, you notice quickly that there are different versions and functionality depending on which version of python you use to install them. This is also the case with ansible, so I recommend setting up a virtual environment for each version of python, so you can always be working with the most functional packages and not have to create confusion in your root environment.

Oracle RAC installations with VMWare and change block tracking

Are you plagued by that need for five 9's and have an Oracle RAC VM? Can't spare the time to shut down that VM? You don't need the Bass-o-matic 76 just the following to allow you to alter Change Block Tracking with an online VM. (Though a Bass-o-matic is highly recommended).

Just fetch your friendly PowerCLI interface to VMWare and connect to your friendly neighborhood vCenter:


$vmtest = Get-vm $vm| get-view $vmConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec

Using multiple CLI accounts


  1. Edit the file ~/.aws/config
  2. create a profile for each set of credentials:
    [profile personal-account]
    aws_access_key_id = A***Q
    aws_secret_access_key = f***0
    region = us-west-2
    output = table
  3. Update your AWS CLI settings
    export AWS_DEFAULT_PROFILE=personal-account

EB CLI settings

eb init --profile business-account 

Terraform settings

  1. Edit the file ~/.aws/credentials
  2. create a profile for each set of credentials:
    aws_access_key_id = A***Q

Customize your Powershell prompt

This jaunty little powershell profile will give you a multicolor prompt, and will change the username red when your running in administrator context.

Use a custom avatar for multiple Identities in Google Chrome

This article assumes that you've uploaded a custom avatar to your Google chrome identity already.


Since I build an internal glossary at pretty much every organization I join, I figure it's about time to start writing down the most common definitions here that I reference globally:

Policy: A guideline or statement of position with respect to a given topic.

Allow Services through firewalld and SELinux


systemctl list-units --type service --all
systemctl status [service]
systemctl enable [service]


firewall-cmd --list-all
firewall-cmd --get-services
cat /usr/lib/firewalld/services/[service].xml
firewall-cmd --permanent --add-service=[service]
firewall-cmd --add-port=[port]/[tcp or udp]
firewall-cmd --reload


getsebool -a | grep [service]
setsebool -P [service]


Subscribe to RSS