$7 USB Cloudwatch Notifier

Cloudwatch rocks and we have a ton of alarms to let us know when something breaks (or is about to break!). The only downside is that you can start getting a lot of emails or text messages and if you try not to chronically check your email, you might miss something.

If only there was some way to know something was broken without having to check your mail… luckily there is! For $7 you’ll never have to wonder about the state of your cloudwatch alarms again.

Step 1: Buy this USB mail notifier ($7)

Step 2: Grab this zip file to control the device. It contains compiled version of usbnotifierosx_cli for controlling the device and a very simple PHP script for checking if you have any active cloudwatch alarms.

Step 3: Run the script via crontab every minute. Light is green? No alarms… Red? Alarm!

You can now get back to work and never worry about missing a cloudwatch alarm again.

Thanks to Eric Betts for creating usbnotifier_cli!


Signing your SES mail with DKIM using PHPMailer and Route 53

If you use Amazon’s Simple Email Service to send email you might have noticed your messages have an unfortunate via listing in gmail – email-bounces.amazonses.com. To fix this, you need to sign your mail with DKIM before you send it.

To deliver mail, I was using PHPMailer with a custom SES delivery method. To start signing messages, I followed these steps:

Generate a key

I started by using the form here. The nice thing about the form is that it generates the keys and gives you a zip file that contains the keys, instructions on what to set your DNS txt entry to plus some sample PHP code for use with PHPMailer.

Unfortunately the key is 1024 bits which didn’t work when I tried to add a txt entry in Route 53 using the AWS management console, I kept getting a TXTRDATATooLong error. There seems to be a 255 character limit for TXT entries. Switching to a 768 bit key solved the problem. Here’s the code to generate the key:

openssl genrsa -des3 -passout pass:<change-me> -out .htkeyprivate 768
openssl rsa -in .htkeyprivate -passin pass:<change-me> -pubout -out .htkeypublic

(change the <change-me> password)

Add an entry to Route53

Add the following TXT entry to your domain in Route 53:

Name: mailer._domainkey
Type: TXT - Text
Value: "v=DKIM1; k=rsa; g=*; s=email; h=sha1; t=s; p=<key from .htkeypublic>;"

Sign and send a test email to yourself

You’re now ready to send yourself a test email to see if it has worked. Make sure you cc check-auth@verifier.port25.com in your message – port25.com runs a handy verifier that will reply to you with details about what worked (or didn’t work) in your message.

// blah blah blah, normal PHPMailer setup
$mail->DKIM_domain = 'yourdomain.com';
$mail->DKIM_private = 'path/to/dkim.key.private';
$mail->DKIM_selector = 'mailer';
$mail->DKIM_passphrase = '<change-me>';
// and then you send the email...

Hopefully everything worked and your via text in gmail no longer includes email-bounces!

Running an EC2 server? Go install NTP right now…

Seriously, go do it right now – I’ll wait for you to get back.

apt-get install -y ntp

Good job! I’m not sure why I hadn’t come across this yet, but several of my instances had fairly significant clock drifts – significant enough that SES was generating time signature errors. Installing ntp will now be a standard part of a new instance’s setup.