if ufw enable and ssh not login problem, how to solve it?

Featured

December 21, 2019 in Tips and Tricks

if ufw enable and ssh not login problem, how to solve it?

try this.

Launch a new instance (recovery instance).
Stop the original instance (DO NOT TERMINATE)
Detach the volume (problem volume) from the original instance
Attached it to the recovery instance as /dev/sdf.
Login to the recovery instance via ssh/putty
Run sudo lsblk to display attached volumes and confirm the name of the problem volume. It usually begins with /dev/xvdf. Mine is /dev/xvdf1
Mount problem volume.

$ sudo mount /dev/xvdf1 /mnt
$ cd /mnt/etc/ufw

Open ufw configuration file

$ sudo vim ufw.conf

Press i to edit the file.
Change ENABLED=yes to ENABLED=no
Type Ctrl-C and type :wq to save the file.
Display content of ufw conf file using the command below and ensure that ENABLED=yes has been changed to ENABLED=no

$ sudo cat ufw.conf

Unmount volume

$ cd ~
$ sudo umount /mnt

Detach problem volume from recovery instance and re-attach it to the original instance as /dev/sda1.

Start the original instance and you should be able to log back in

December 20, 2019 in Tips and Tricks, Ubuntu

How to Setup Varnish HTTP Cache on an Ubuntu

Varnish Cache is a web application accelerator that can be used as a proxy to your Apache web server. The open-source software sits in front of your web server to serve web traffic very fast. If you are running multiple servers, Varnish Cache can also be used as a load balancer.

Varnish works by caching regularly requested web content on the system memory, and this ensures faster information retrieval if the same information is asked for several times.

$ sudo apt-get install varnish

By default, Apache listens on port 80 for HTTP traffic. We need to make some changes here. Instead of the default settings, Varnish will instead listen on port 80  and forward all traffic to Apache web server which we will configure to listen on port 8080. 

$ sudo nano /etc/apache2/ports.conf
Listen 8080
<IfModule ssl_module>
        Listen 443
</IfModule>
<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

Press CTRL + Xand hit Enter to save the file once you make the changes.
Next, edit the default Apache Virtual Host to listen to port 8080 too: 

$ sudo service apache2 restart

 Configure Varnish HTTP Cache to listen on port 80

Next we will configure Varnish to listen on port 80 and forward all requests to our Apache web server.

We can do this by editing Varnish configuration file /etc/default/varnish

$ sudo nano  /etc/default/varnish
DAEMON_OPTS="-a :80 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s malloc,256m"

Then, press CTRL + Xand hit Enter to save the file.

Next, check the file ‘/etc/varnish/default.vcl’ using a nano text editor. You should see the below content and this means Varnish will forward http traffic to port 8080:

$ sudo nano /etc/varnish/default.vcl

File contents:

# Default backend definition. Set this to point to your content server.
backend default {
.host = "127.0.0.1";
.port = "8080";
}

We also need to edit the port on the file /lib/systemd/system/varnish.service’ file. To do so, type the command below:

$ sudo nano /lib/systemd/system/varnish.service

Change the default port from 6081 to 80 as shown below 

[Unit]
Description=Varnish HTTP accelerator
Documentation=https://www.varnish-cache.org/docs/4.1/ man:varnishd
[Service]
Type=simple
LimitNOFILE=131072
LimitMEMLOCK=82000
ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f$
ExecReload=/usr/share/varnish/varnishreload
ProtectSystem=full
ProtectHome=true
PrivateTmp=true
PrivateDevices=true
[Install]
WantedBy=multi-user.target

Then, press CTRL + Xand hit Enter to save the file.

Restart Apache, Varnish, and the Systemd Daemon

$ sudo systemctl restart apache2
$ sudo systemctl daemon-reload
$ sudo systemctl restart varnish

If the setup was successful, Varnish will now be the default HTTP Listener on port 80.

Testing the Setup

You can now try visiting your server one more time on a web browser:

http://public_ip_adress
or
http://example.com

The server traffic should now be handled by Varnish HTTP Cache software and forwarded to Apache.

To make sure that Varnish is working, use the curl command for verification purposes:

$ curl -I server_ip_address

You should get an output similar to the below text. If you see the line ‘Via: 1.1 varnish (Varnish/5.2)’, then Varnish is working like expected. 

HTTP/1.1 200 OK
Date: Thu, 05 Jul 2018 20:56:11 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Fri, 29 Jun 2018 07:19:34 GMT
Vary: Accept-Encoding
Content-Type: text/html
X-Varnish: 7
Age: 0
Via: 1.1 varnish (Varnish/5.2)
ETag: W/"2aa6-56fc2ab77545d-gzip"
Accept-Ranges: bytes
Connection: keep-alive

December 11, 2019 in Php, Tips and Tricks, Ubuntu

How to check my phpmyadmin is secure on ubuntu server?

Useful Tips to Secure PhpMyAdmin Login Interface

  1. Change Default PhpMyAdmin Login URL
/etc/phpmyadmin/apache.conf

------------ On CentOS/RHEL and Fedora ------------ 
# vi /etc/httpd/conf.d/phpMyAdmin.conf

------------ On Debian and Ubuntu ------------ 
# /etc/phpmyadmin/apache.conf

Then add a new one as follows:
# Alias /phpmyadmin /usr/share/phpmyadmin
Alias /my /usr/share/phpmyadmin

------------ On Debian and Ubuntu ------------ 
# echo "Include /etc/phpmyadmin/apache.conf" >> /etc/apache2/apache2.conf
     ------------ On CentOS/RHEL and Fedora ------------ 
# systemctl restart nginx
# systemctl restart php-fpm

------------ On CentOS/RHEL and Fedora ------------ 
# systemctl restart httpd

------------ On Debian and Ubuntu ------------ 
# systemctl restart apache2

------------ On Debian and Ubuntu ------------ 
# systemctl restart nginx
# systemctl restart php5-fpm
  1. Enable HTTPS on PhpMyAdmin

  1. Password Protect on PhpMyAdmin
Add these lines to the Apache configuration file (/etc/apache2/sites-available/000-default.conf or /etc/httpd/conf/httpd.conf):

/etc/apache2/sites-available/000-default.conf – On Ubuntu
<Directory /usr/share/phpmyadmin>
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user
</Directory>
/etc/httpd/conf/httpd.conf – On CentOS
 
<Directory /usr/share/phpmyadmin>
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/httpd/.htpasswd
    Require valid-user
</Directory>
Then use htpasswd to generate a password file for an account that will be authorized to access the phpmyadmin login page. We will use /etc/apache2/.htpasswd and tecmint in this case:

---------- On Ubuntu/Debian Systems ---------- 
# htpasswd -c /etc/apache2/.htpasswd tecmint

---------- On CentOS/RHEL Systems ---------- 
# htpasswd -c /etc/httpd/.htpasswd tecmint
Enter password twice and then change the permissions and ownership of the file. This is to prevent anyone not in the www-data or apache group from being able to read .htpasswd:

# chmod 640 /etc/apache2/.htpasswd

---------- On Ubuntu/Debian Systems ---------- 
# chgrp www-data /etc/apache2/.htpasswd 

---------- On CentOS/RHEL Systems ---------- 
# chgrp apache /etc/httpd/.htpasswd 
Open your phpmyadmin url and you’ll see the authentication dialog before accessing the login page.
  1. Disable root Login to PhpMyAdmin
/etc/phpmyadmin/config.inc.php
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['AllowRoot'] = false;

------------- On CentOS/RHEL Systems -------------
# systemctl restart httpd.service

------------- On Debian/Ubuntu Systems -------------
# systemctl restart apache2.service
  1. Prevent remote usage of phpmyadmin

  1. Change password frequently

  1. Check configuration /etc/phpmyadmin

December 11, 2019 in Tips and Tricks

How to check my server is secure or not?

Security Checks for Server

Susceptible to man-in-the-middle attacks – 3
Insecure SSL/TLS versions available
HSTS header not prepared for preload list inclusion
Secure cookies not used

Domain at risk of being hijacked – 4
Domain registry deletion protection not enabled
Domain registry transfer protection not enabled
Domain registry update protection not enabled
Domain renewal prohibited by registrar
Vulnerable to cross-site attacks
HttpOnly cookies not used

Emails can be fraudulently sent – 2
Lenient SPF filtering
DMARC not enabled
DNS is susceptible to man-in-the-middle attacks
DNSSEC not enabled
DNSSEC records prevent third parties from forging the records that guarantee a domain’s identity. DNSSEC should be configured for this domain.
EXPECTED:
true
FOUND:
false

Not susceptible to man-in-the-middle attacks – 9
SSL available
SSL does not expire soon
SSL has not expired
Strong SSL algorithm
Hostname matches SSL certificate
All traffic routed via HTTPS
HTTP Strict Transport Security (HSTS) enforced
HSTS header contains max-age
HSTS header contains includeSubDomains

Domain not at risk of being hijacked – 11
Domain does not expire soon
Domain has not expired
Domain registrar transfer protection enabled
Domain registrar deletion protection enabled
Domain registrar update protection enabled
Domain not flagged as inactive
Domain not pending deletion
Domain not pending restoration
Domain free of registry DNS resolution hold
Domain free of registrar DNS resolution hold
Domain renewal not prohibited by registry

No malware detected – 3
Not a suspected phishing page
Not a suspected malware provider
Not suspected of unwanted software

Vulnerabilities are harder to uncover – 4
X-Powered-By header not exposed
ASP.NET version header not exposed
ASP.NET version header not exposing specific ASP.net version
Server information header not exposed
No vulnerable software detected
No vulnerable software versions detected

Email sending is authenticated – 3
SPF enabled
SPF syntax correct
SPF ptr mechanism not used

No unnecessary open ports found – 7
No mail ports open and listening
No app ports open and listening
No user auth ports open and listening
No file sharing ports open and listening
No voice ports open and listening
No administration ports open and listening
No database ports open and listening

December 11, 2019 in Tips and Tricks, Ubuntu

How To Set Up/Enable a Firewall with UFW on Ubuntu

UFW, or Uncomplicated Firewall, is an interface to iptables

Prerequisites

To follow this tutorial, you will need:

UFW is installed by default on Ubuntu. If it has been uninstalled for some reason, you can install it with sudo apt install ufw.

$ sudo nano /etc/default/ufw

Then make sure the value of IPV6 is yes. 

$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
$ sudo ufw allow ssh
$ sudo ufw allow 22
$ sudo ufw enable
$ sudo ufw allow 80
$ sudo ufw allow 443
$ sudo ufw allow 6000:6007/tcp
$ sudo ufw allow 6000:6007/udp
$ sudo ufw allow from 203.0.113.4
$ sudo ufw allow from 203.0.113.4 to any port 22
$ sudo ufw allow from 203.0.113.0/24
$ sudo ufw allow from 203.0.113.0/24 to any port 22
$ sudo ufw deny http
$ sudo ufw deny from 203.0.113.4
$ sudo ufw status numbered
$ sudo ufw delete 2
$ sudo ufw delete allow http
$ sudo ufw delete allow 80
$ sudo ufw status verbose
$ sudo ufw disable
$ sudo ufw reset

December 11, 2019 in Tips and Tricks

check enabled sites apache2

Command show exact result

$ a2query -s

Check site-enabled*.conf + httpd.conf files and show you if the syntax is correct and the list of virtual host 

$ apache2ctl -S

November 25, 2019 in Learning, Tips and Tricks

what is the use of microk8s

What is Kubernetes

Kubernetes clusters host containerised applications in a reliable and scalable way. Having DevOps in mind, Kubernetes makes maintenance tasks such as upgrades dead simple.

What is MicroK8s

MicroK8s is a CNCF certified upstream Kubernetes deployment that runs entirely on your workstation or edge device. Being a snap it runs all Kubernetes services natively (i.e. no virtual machines) while packing the entire set of libraries and binaries needed. Installation is limited by how fast you can download a couple of hundred megabytes and the removal of MicroK8s leaves nothing behind.

In this tutorial you’ll learn how to…

  • Get your Kubernetes cluster up and running
  • Enable core Kubernetes addons such as dns and dashboard
  • Control your cluster from the kubectl CLI client
  • Deploy your first container workload

You will only need …

  • A machine with Linux

Integrated commands

There are many commands that ship with MicroK8s. We’ve only seen the essential ones in this tutorial. Explore the others at your own convenience:

  • microk8s.status: Provides an overview of the MicroK8s state (running / not running) as well as the set of enabled addons
  • microk8s.enable: Enables an addon
  • microk8s.disable: Disables an addon
  • microk8s.kubectl: Interact with kubernetes
  • microk8s.config: Shows the kubernetes config file
  • microk8s.istioctl: Interact with the istio services; needs the istio addon to be enabled
  • microk8s.inspect: Performs a quick inspection of the MicroK8s intallation
  • microk8s.reset: Resets the infrastructure to a clean state
  • microk8s.stop: Stops all kubernetes services
  • microk8s.start: Starts MicroK8s after it is being stopped

Lightweight Kubernetes done right

The smallest, fastest, fully-conformant Kubernetes that tracks upstream releases and makes clustering trivial. MicroK8s is great for offline development, prototyping, and testing. Use it on a VM as a small, cheap, reliable k8s for CI/CD. The best kubernetes for appliances. Develop IoT apps for k8s and deploy them to MicroK8s on your Linux boxes.

Reliable, fast, small, upstream.

  • Fast install : Get a full Kubernetes system running in under 60 seconds.
  • Secure : Runs safely on your laptop with state of the art isolation.
  • Upstream : CNCF binaries delivered to your laptop, with updates and upgrades.
  • Complete : Includes a docker registry so you can make containers, push them, and deploy them all on your laptop.
  • Featureful : Cool things you probably want to try on a small, standard K8s are all built-in. Just enable them and go.
  • Updates : Get the daily build if you want it, or betas and milestones, or just stable point releases.
  • Upgrades : When a new major version comes out, upgrade with a single command (or automatically).
  • GPGPU Passthrough : Give MicroK8s a GPGPU and your docker containers can get all nice and CUDA.
  • Small : Use MicroK8s in your CI/CD pipelines and get on with your day without headaches.

November 25, 2019 in Learning, Tips and Tricks

What is DevOps?

DevOps is a set of practices that automates the processes between software development and IT teams, in order that they can build, test, and release software faster and more reliably. The concept of DevOps is founded on building a culture of collaboration between teams that historically functioned in relative siloes. The promised benefits include increased trust, faster software releases, ability to solve critical issues quickly, and better manage unplanned work.

At its essence, DevOps is a culture, a movement, a philosophy.

It’s a firm handshake between development and operations that emphasizes a shift in mindset, better collaboration, and tighter integration. It unites agile, continuous delivery, automation, and much more, to help development and operations teams be more efficient, innovate faster, and deliver higher value to businesses and customers.

History of DevOps

The DevOps movement started to coalesce some time between 2007 and 2008, when IT operations and software development communities got vocal about what they felt was a fatal level of dysfunction in the industry.

They railed against the traditional software development model, which called for those who write the code to be organizationally and functionally apart from those who deploy and support that code.

Developers and IT/Ops professionals had separate (and often competing) objectives, separate department leadership, separate key performance indicators by which they were judged, and often worked on separate floors or even separate buildings. The result was siloed teams concerned only with their own fiefdoms, long hours, botched releases, and unhappy customers.

Surely there’s a better way, they said. So the two communities got together and started talking – with people like Patrick Dubois, Gene Kim, and John Willis driving the conversation.

What began in online forums and local meet-ups is now a major theme in the software zeitgeist, which is probably what brought you here! You and your team are feeling the pain caused by siloed teams and broken lines of communication within your company.

You’re using agile methodologies for planning and development, but still struggling to get that code out the door without a bunch of drama. You’ve heard a few things about DevOps and the seemingly magical effect it can have on teams and think “I want some of that magic.”

The bad news is that DevOps isn’t magic, and transformations don’t happen overnight. The good news is that you don’t have to wait for upper management to roll out a large-scale initiative. By understanding the value of DevOps and making small, incremental changes, your team can embark on the DevOps journey right away. Let’s look at each of these benefits in detail.

What’s in it for you?

Collaboration and trust

Culture is the #1 success factor in DevOps. Building a culture of shared responsibility, transparency and faster feedback is the foundation of every high performing DevOps team.

Teams that work in siloes often don’t adhere to the ‘systems thinking’ of DevOps. ‘Systems thinking’ is being aware of how your actions not only affect your team, but all the other teams involved in the release process. Lack of visibility and shared goals means lack of dependency planning, misaligned priorities, finger pointing, and ‘not our problem’ mentality, resulting in slower velocity and substandard quality. DevOps is that change in mindset of looking at the development process holistically and breaking down the barrier between Dev and Ops.

Release faster and work smarter

Speed is everything. Teams that practice DevOps release more frequently, with higher quality and stability.

Lack of automated test and review cycles block the release to production and poor incident response time kills velocity and team confidence. Disparate tools and processes increase OPEX, lead to context switching, and slow down momentum. Through automation and standardized tools and processes, teams can increase productivity and release more frequently with fewer hiccups.

Accelerate time to resolution

The team with the fastest feedback loop is the team that thrives. Full transparency and seamless communication enable DevOps teams to minimize downtime and resolve issues faster than ever before.

If critical issues aren’t resolved quickly, customer satisfaction tanks. Key issues slip through the cracks in the absence of open communication, resulting in increased tension and frustration among teams. Open communication helps Dev and Ops teams swarm on issues, fix incidents, and unblock the release pipeline faster.

Better manage unplanned work

Unplanned work is a reality that every team faces–a reality that most often impacts team productivity. With established processes and clear prioritization, the Dev and Ops teams can better manage unplanned work while continuing to focus on planned work.

Transitioning and prioritizing unplanned work across different teams and systems is inefficient and distracts from work at hand. However, through raised visibility and proactive retrospection, teams can better anticipate and share unplanned work.

November 24, 2019 in Learning, Tips and Tricks

What are the disadvantages of AngularJS?

Advantages of AngularJS:

  1. Open source JavaScript framework, developed by Google
  2. MVC architecture
  3. Write less do more
  4. Modify DOM directly
  5. Two way data binding
  6. Quiet a number of ways to do same thins

Disadvantages of AngularJS:

  1. Limitation in watchers (not more than 2000)
  2. Not built for mobile devices
  3. Multiple ways to do the same thing, it is very hard for a developer to tell which is the best way.
  4. Two way binding checks all the variables twice for updating which makes the UI slow

If you are new to AngularJS, I would recommend to learn Angular 2 or above.

Angular 2 is a completely rewritten of Angular 1.X so you can learn it without knowing about AngularJS or Angular 1.x.

Following are the Advantages of AngularJS

  • allows us to create a single page application
  • follows MVC pattern
  • predefined form validations
  • supports animation
  • open source
  • cross-browser compliant
  • supports two-way data binding
  • its code is unit testable

Following are the Disadvantages of AngularJS

  • JavaScript Dependent: If end user disables JavaScript, AngularJS will not work.
  • Not Secured: It is JavaScript based framework so it is not safe to authenticate user through AngularJS only.

With AngularJS, you don’t have the ability to compose many NG-apps on the same page. This can cause name clashes.

Advantages Of AngularJS

Here are some of the compelling advantages of AngularJS:

Built by Google

AngularJS has been developed as well as maintained by dedicated Google engineers. This means that there is a huge community out there for you to learn from. Apart from that, there are engineers that can help you tackle any challenges you face on the way. It also means that clients get what they want.

Great MVC

As mentioned earlier, most frameworks require programmers to splitting the app into multiple MVC components. After that, the programmer has to write a code to put them together again. AngularJS, however, strings it together automatically. That saves you time, and reduces the app’s time-to-market.

Intuitive

AngularJS is more intuitive as it makes use of HTML as a declarative language. Moreover, it is less brittle for reorganizing.

Comprehensive

AngularJS is a comprehensive solution for rapid front-end development. It does not need any other plugins or frameworks. Moreover, there are a range of other features that include Restful actions, data building, dependency injection, enterprise-level testing, etc.

Unit Testing Ready

AngularJS is unit testing ready, and that is one of its most compelling advantages.

Apart from these, there are a range of other advantages that make AngularJS as popular as it is.

Disadvantages Of AngularJS

Along with advantages, you will always come across disadvantages of any platform. That’s the case with AngularJS too.

Here’s a compilation of some of the drawbacks of using AngularJS:

Confusion

There are multiple ways to do the same thing with AngularJS. Sometimes, it can be hard for novices to say which way is better for a task. Hence, it is imperative for programmers to develop an understanding of the various components and how they help.

Lagging UI

If there are more than 2000 watchers, it can get the UI to severely lag. This means that the possible complexity of Angular Forms is limited. This includes big data grids and lists.

November 24, 2019 in Learning, Tips and Tricks

Syncs directories and S3 prefixes. Recursively copies new and updated files from the source directory to the destination. Only creates folders in the destination if they contain one or more files.

Examples

The following sync command syncs objects under a specified prefix and bucket to files in a local directory by uploading the local files to s3. A local file will require uploading if the size of the local file is different than the size of the s3 object, the last modified time of the local file is newer than the last modified time of the s3 object, or the local file does not exist under the specified bucket and prefix. In this example, the user syncs the bucket mybucket to the local current directory. The local current directory contains the files test.txt and test2.txt. The bucket mybucket contains no objects:

aws s3 sync . s3://mybucket

Output:

upload: test.txt to s3://mybucket/test.txt
upload: test2.txt to s3://mybucket/test2.txt

The following sync command syncs objects under a specified prefix and bucket to objects under another specified prefix and bucket by copying s3 objects. A s3 object will require copying if the sizes of the two s3 objects differ, the last modified time of the source is newer than the last modified time of the destination, or the s3 object does not exist under the specified bucket and prefix destination. In this example, the user syncs the bucket mybucket to the bucket mybucket2. The bucket mybucket contains the objects test.txt and test2.txt. The bucket mybucket2 contains no objects:

aws s3 sync s3://mybucket s3://mybucket2

Output:

copy: s3://mybucket/test.txt to s3://mybucket2/test.txt
copy: s3://mybucket/test2.txt to s3://mybucket2/test2.txt

The following sync command syncs files in a local directory to objects under a specified prefix and bucket by downloading s3 objects. A s3 object will require downloading if the size of the s3 object differs from the size of the local file, the last modified time of the s3 object is newer than the last modified time of the local file, or the s3 object does not exist in the local directory. Take note that when objects are downloaded from s3, the last modified time of the local file is changed to the last modified time of the s3 object. In this example, the user syncs the current local directory to the bucket mybucket. The bucket mybucket contains the objects test.txt and test2.txt. The current local directory has no files:

aws s3 sync s3://mybucket .

Output:

download: s3://mybucket/test.txt to test.txt
download: s3://mybucket/test2.txt to test2.txt

The following sync command syncs objects under a specified prefix and bucket to files in a local directory by uploading the local files to s3. Because the –delete parameter flag is thrown, any files existing under the specified prefix and bucket but not existing in the local directory will be deleted. In this example, the user syncs the bucket mybucket to the local current directory. The local current directory contains the files test.txt and test2.txt. The bucket mybucket contains the object test3.txt:

aws s3 sync . s3://mybucket --delete

Output:

upload: test.txt to s3://mybucket/test.txt
upload: test2.txt to s3://mybucket/test2.txt
delete: s3://mybucket/test3.txt

The following sync command syncs objects under a specified prefix and bucket to files in a local directory by uploading the local files to s3. Because the –exclude parameter flag is thrown, all files matching the pattern existing both in s3 and locally will be excluded from the sync. In this example, the user syncs the bucket mybucket to the local current directory. The local current directory contains the files test.jpg and test2.txt. The bucket mybucket contains the object test.jpg of a different size than the local test.jpg:

aws s3 sync . s3://mybucket --exclude "*.jpg"

Output:

upload: test2.txt to s3://mybucket/test2.txt

The following sync command syncs files under a local directory to objects under a specified prefix and bucket by downloading s3 objects. This example uses the –exclude parameter flag to exclude a specified directory and s3 prefix from the sync command. In this example, the user syncs the local current directory to the bucket mybucket. The local current directory contains the files test.txt and another/test2.txt. The bucket mybucket contains the objects another/test5.txt and test1.txt:

aws s3 sync s3://mybucket/ . --exclude "*another/*"

Output:

download: s3://mybucket/test1.txt to test1.txt

The following sync command syncs files between two buckets in different regions:

aws s3 sync s3://my-us-west-2-bucket s3://my-us-east-1-bucket --source-region us-west-2 --region us-east-1