What to know about SPF and TXT Records in AWS

When a server sends an e-mails from a domain techdirectarchive.de or techdirectarchive.com, the Internet Protocol (IP) needs an SPF record to get identified as a trusted sender.

Step-by-step guide for adding an SPF record
– Sign in to the AWS Management Console.
– Navigate to Route 53 dashboard at https://console.aws.amazon.com/route53/
– In the left navigation panel, under Dashboard,

– Click Hosted Zones. e.g. techdirectarchive.com
– Click on the domain name hosted zone that you want to update.
– On the DNS hosted zone page,
– create a new SPF record by completing the following actions
– Click Create Record Set button from the dashboard top menu.
– Leave the Name field empty.

From the Type dropdown list
– Select SPF – Sender Policy Framework.
In the Time To Leave (TTL) in seconds field,
– Enter a value of 3600 (1 hour) for Time to Live.

In the Value text box,
– Enter the SPF value required, e.g. “v=spf1 include:_spf.google.com-all”.

Note: If you do not use Google mail servers, replace include:_spf.google.com with the authorised mail server hostame/IP address e.g. “v=spf1 ip4:IPAddress/32-all”.

From the Routing Policy dropdown list,
– Select Simple as the routing method for the SPF DNS record.
– Click Create to add the new SPF record to the DNS hosted zone.

If you have multiple DNS hosted zone without SPF record sets (see the Audit section to determine which domains require SPF records). https://www.cloudconformity.com/conformity-rules/Route53/sender-policy-framework-record-present.html

Note: Adding a SPF record also requires a TXT record

Step for adding an TXT record
– Sign in to the AWS Management Console.
– Navigate to Route 53 dashboard at https://console.aws.amazon.com/route53/
– In the left navigation panel,
– Under Dashboard,
– Click Hosted Zones.
– Click on the hosted zone that you want to update (e. g. techdirectarchive.com).
– On the DNS hosted zone page,
– Create a new TXT record by completing the following actions
– Click Create Record Set button from the dashboard top menu.
– Leave the Name field empty.
– From the Type dropdown list
– Select TXT – text.

In the TTL (Seconds) field,
– Enter a value of 3600 (1 hour) for Time to Live.
In the Value text box, enter the TXT value required, e.g. “v=spf1 mx ip4:IPAddress/32 a:spf.protecxxx.outlook.com a:spf.crsend.com -all”.
– From the Routing Policy dropdown list,
– Select Simple as the routing method for the TXT DNS record.
– Click Create to add the new TXT record to the DNS hosted zone.

Quick Steps in Setting Up AWS VPC

Logon to AWS Console.
Select the Region where you want to host your VPC.
See all regions here 

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html 

Navigate to Services (Or Search for VPC)
– Then to Networking &Content Delivery
– To VPC 
In your VPC Window, 
– Click on create VPC
– Select your desired VPC name
– Enter the CIDR Block pick your Subnet range ( for any of the IP Classes A,B,C)
Note: Tenancy is Default

Navigate to the Subnet area
– Create a new Subnet
– Choose your created VPC
-Select the same same Subnet used when setting up the VPC.

Navigate Internet Gateway (IGW)
– Create a New One 
– Enter an IGW Name 
– Now attach it your VPC

Navigate to the routing table
– Click on Routes
– Create a new route for the Internet Connection (0.0.0.0/0) and add it your VPC.

If VPN is being used, Navigate to VPN session
– Create one 
– add the Public IP from the customer Site and configure the needed routing Options.

Error – VM export could not connect to a AWS Region

Ran into this issue and I took a closer look and found I was exporting to a wrong AWS region.

Solution
On the AWS CLI, simple configure the right region and this will work 😉 

Error When importing an OVA file to AWS “client error: saved empty is empty”

This is one of the problems i ran into while importing an Ova File to AWS.

Solution

1. Use AWS license type AWS instead of BYOD
https://stackoverflow.com/questions/44719096/aws-ec2-import-image-windows-server-license-type

Yeah, if you import an image with “–license-type AWS”, AWS will activate windows by using their KMS every time server boots up. This is completed by ec2config service or ec2launch(2016). See check logs to find how Ec2WindowsActivate plugin works. To change this behaviour, please modify config.xml of ec2config.

If you import an image with “–license-type BYOL”, AWS ec2config or ec2launch will ignore windows activation which makes you need to have your own licenses.

Note: Also, you can imagine AWS hourly rate gonna be higher than BYOL because AWS is paying licenses.

2. The grub system may not be supported 

https://asyoulook.com/computers%20&%20internet/amazon-web-services-clienterror-saved-entry-is-empty-when-using-aws-import-image-command/580229 
http://www.vioja.com/clienterror-the-saved-entry-is-empty-when-using-the-aws-import-image-command/ 

3. The OS version is not supported.

Viewing Scheduled Events on AW using AWS Web Console

Here are the steps for checking for scheduled events from the Web Console

  • Open Amazon EC2 console https://console.aws.amazon.com/ec2/.
  • In the navigation pane,
  • Choose Events.
  • Select Instance resources from the filter list, and then select your instance.

In the bottom pane, locate Event type. The value is either system-reboot or instance-reboot

Viewing Scheduled Events on AW using the Command Line (CLI)

AWS schedules events for your instances randomly due to hardware upgrade etc. Here are some of the scheduled events;

  • reboot,
  • System Maintenance
  • stop/start, or
  • retirement.

Here is the command to view details of a scheduled event for an instance.

aws ec2 describe-instance-status--instance-id i-xxxxxxxxxxxxx

where i-xxxxxxxxxxxxx is the instance instance (server) id 

These events do not occur frequently. If one of your instances will be affected by a scheduled event, AWS will send out an email to the email address associated with your AWS account before carrying out this maintenance.

Note: Often times, depending on the event, you might be able to take action to control the timing of the event such as Stopping and starting the Instance again, thereby launching in on a new hardware.

Enabling Enhanced Networking Adapter (ENA) on Windows

Most times when you increase or change the instance type of a server on AWS, the Network adapter changes and this can cause system related issues

Here are steps for installing the ENA Driver:

  • Copy this to the browser of the Instance where you wish to install the Network Adapter into. This will automatically download the zip file containing the ENA network adapter
  • Open the command prompt (CLI) and navigate to the folder containing the path and run the command below.
 pnputil -i -aena.inf

The output will be as follow below

Output success would be
Microsoft PnP Utility
                                
Processing inf :            ena.inf 
Succesfully installed the driver on a device on the system.
Driver package added successfully.
Published name :            oem9.inf
                            
Total attempted:                 1                            
Number successfully imported:    1
  • Next stop the instance (server) by shutting it down
  • Enable ENA support on the instance.
    • Run this command below
      Note: (This step has to be done from your local computer) and NOT on on the instance itself).
    • Open the command prompt (CLI) on you local machine (work station) and type in aws configure
    • Now follow the prompt (instruction) by entering your keys and region where the instance is located.

      Modifying the instance Attribute (AWS-CLI)
aws ec2 modify-instance-attribute --instance-id Replacethiswith theinstance_id --ena-support

The next step would be to describe the instance in order to ensure, the ENA (Enhanced Networking Adapter) is installed.

aws ec2 describe-instances --instance-ids Replacethiswith theinstance_id --query "Reservations[].Instances[].EnaSupport"