Setting up Google 2FA using an app not SMS

Google appear to be intentionally hiding the option to use an authenticator app such as Google Authenticator, 1Password and LastPass to store and generate 2FA codes for your Google Account login.

You can use them, but it’s not clear how, and you have to temporarily submit a mobile number you have access to before you’ll find the option available to you.

  • Head to manage your account.
  • Choose to add 2FA
  • Select to do it via SMS
  • Submit your number
  • Enter the code they send you
  • On the next screen select to add an authenticator app
  • Follow the steps and submit the code you can now access
  • View the backup codes and store them somewhere safely
  • Finally you can remove your mobile number from the list of option

So to not use your mobile number and SMS (which is vulnerable to hijacking) you first have to submit your mobile number ¯\_(ツ)_/¯

Command Line creation of DNS ‘A’ Record in AWS Route53

If you need to add a new record to a Route53 hosted Zone it can be clunky to log in, browse to the right place and manually add your record each time.

If you’re already using some elements of aws or eb command line functionality then this might just be a small step for you which simplifies a currently manual process.

The aws route53 tools are far more powerful than I will cover here. You could add multiple records in a single request. You could updated existing records, or even toggle certain records.

Hopefully this article and the links are enough to get you on your way.

Now the guides generally tell you to create and use a .json file to pull in your config when running the command line, but where the command is simple and you might want to document it, or share it, it’s easier if the whole thing is a single line. If you want to use a .json file then check out the AWS docs for that.

My initial need was to add a single new subdomain to a domain which has many records. Rather than log in and add the record each time, now it’s part of a flow of other command line requests and means less context switching. Opening a browser for any reason can lead to distraction.

I am however not adding a standard ‘A’ record. I’m actually pointing to an Application Load Balancer so I’ll show you the differences for that below.

The first thing you’ll need to do is confirm you have aws command line tools set up and with permissions for the account you’ll be making changes for. Confirmed? Continue…

aws route53 list-hosted-zones

Find the relevent zone in the list and make a note of the final part of the Id from the last forward slash.

Now we’re going to CREATE in our examples but you can also DELETE or UPSERT (update if exists, insert otherwise).

You can also CREATE all sorts of other records, but we’ll stick to ‘A’ for now as it’s a pretty popular record to add.

Take the following and replace the hosted zone id with the code part taken from above after the forward slash. Replace the domain name with yours, replace the subdomain with the one you want to add.

aws route53 change-resource-record-sets --hosted-zone-id BD55*****RS2 --change-batch '{"Changes": [{"Action": "CREATE","ResourceRecordSet": {"Name": "example.com","Type":"A","ResourceRecords": [{"Value": "subdomain.example.com"}]}]}'

And then run it. You can optionally add a comment, TTL and other details. See the docs for that.

Hopefully if you got the zone id right and the details in the right place, you’ll now have a new record in your route53. You can check with:

aws route53 list-resource-record-sets --hosted-zone-id BD55*****RS2

Aliases

If you want to point to an Alias—for example to point to a load balancer—you’ll first need to confirm the details of the loadbalancer to point to.

Here we’re specifically looking for the ‘hosted zone id’ and the ‘DNS Name’.

aws elbv2 describe-load-balancers --region [The Region]

… switch out the region above first. You should then be shown a list of your load balancers. Match the one you need to point to by its code. I actually looked at my existing DNS records to find that using the list-resource-record-sets method above. Then copy the Hosted Zone ID and the DNS Name for it somewhere safe.

The code when an alias is involved contains little more information. In the following you’ll need to replace…

  • the hosted-zone-id with that of your domain
  • the HostedZoneId with that of your load balancer
  • the domain Name
  • the DNSName of your load balancer
  • the true / false value for EvaluateTargetHealth
aws route53 change-resource-record-sets --hosted-zone-id BD55*****RS2 --change-batch '{"Changes": [{"Action": "CREATE","ResourceRecordSet":{"Name": "subdomain.example.com","Type": "A","AliasTarget":{"HostedZoneId":"AC22*****UE7","DNSName": "dualstack.awseb-awseb-Lptg*****fDJ-203*****13.eu-west-1.elb.amazonaws.com","EvaluateTargetHealth": false}}}]}'

Run the above and you’ll be shown basic details about the new record. Again you can run the list-resource-record-sets line above to confirm it’s been created.


Hopefully that’s enough to get you started and you can move on to other options using the official AWS docs. You can also put batches of changes into a .json file if you’d like to CREATE multiple records at a time.

Creating a scheduled Lambda or Lambda Cron

This guide revolves around a basic twitter bot implementation which posts a single tweet to the same twitter account every 6 hours.

It allows any Node script (or other if you fancy doing the work to get PHP/Python etc running) to be triggered on any schedule, from every minute to once every year.

Several steps are involved in getting this all up and running:

  • Get our Twitter auth details
  • Write our bot code
  • Create the Lambda in AWS Console
  • Add Environmental variables to keep our security details safe
  • Test our Lambda function
  • Set up a Cloudwatch trigger to act as the scheduler
  • Confirm the schedule is running as expected

Get our Twitter auth details

Open developer.twitter.com and consider which account you’re going to post tweets to.

You may need to sign up and verify your account. Do all that, or just login.

Once you’re in create a new app. Click to create or view keys / access details and ensure you have an App Token, App Secret, User Secret and User Token. So four hashes in total. Two tokens and two secrets.

Also check that your user details have read and write access so we can post tweet updates.

Continue reading

Migrating away from Mapbox Studio Classic Styles

If you’re using Mapbox static or interactive maps you might still be using the old method for pulling in a style.

Recognise either of these?

L.mapbox.map('map-id', 'account.styleID')

https://api.tiles.mapbox.com/v4/mapbox.style/

Well there are newer ways to do things now, and in the near future these will stop working for you.

First step is to update the version of the javascript library you’re using (if you are) to at least v2.4.0. So any direct links to mapbox javascript files or you might have it referenced in your composer or npm package list.

Continue reading

Updating PHP on an AWS Lightsail WordPress Stack

In October 2024 I rewrote this guide. The updated version contains less information, but it simplified to 7 steps with limited downtime (unless your install is huge) and limited chance of failure.

Feel free to read the rest of this article if you like a broad knowledge of things before you start.


Updated 27th September 2020 to consider restart of all services where restarting just apache isn’t enough, and also to share choice when it comes to import first vs SSL first as you may lose permalinks. Thanks to Peter and Simon in the comments.

Updated 25th January 2021 to add an initial paragraph clarifying that you can’t ‘choose’ a PHP version on Lightsail and to further clarify that you must first check which version of PHP a new AWS Lightsail instance will be built with to confirm it will resolve the message being displayed in WordPress.

Updated 11th May 2021 to confirm that snapshots cannot be used to update the PHP version of a Lightsail Bitnami instance.

Updated 22nd September 2022 to add a link to a guide to check which PHP version you’ll get if you spin up a new Lightsail WordPress instance. Also added a note about WordPress supported PHP versions.

Updated 7th September 2023 to add a mention of the option to use Bitnami’s bncert tool to create an SSL certificate


NB: If you’re hoping for a way to click ‘update php’ or ‘use X version of PHP’ in Lightsail, it doesn’t (at time of writing) exist. This guidance will walk you though creating a new Lightsail instance with a newer version of PHP installed and moving everything over to it.

The AWS Lightsail service is great. Click a few buttons and you have a powerful VPS with WordPress up and running for only a few dollars a month. The Bitnami integration allows you to choose from a whole set of Stacks to include upon setup. The LAMP option allows a competent PHP developer to run almost anything on Lightsail.

But after a while running the Lightsail VPS the setup is going to get stale, and because Bitnami bundles everything up, it’s not recommended to go poking around with only a few parts of it.

That’s the challenge I was faced with. Logging into the WordPress admin console a message is displayed which is telling me WordPress would prefer a newer version of PHP please. My version was old and not receiving security updates.

I read a fair bit about my options, but after looking at the choices I decided the best thing was to do an export and import onto a new Lightsail instance.

Continue reading