Category Archives: HOWTO’s

AWS: Lambda – copy EC2 tags to its EBS, part 2 – create a Lambda function

13 October 2021
 

 let’s proceed in our journey of the AWS Lambda function, which will copy an EC2’s AWS Tags to all EBS volumes, attached to it. In the first part, AWS: Lambda — copy EC2 tags to its EBS, part 1 – Python and boto3, we wrote a Python script that can get all EC2 instances in… Read More »

AWS: Lambda – copy EC2 tags to its EBS, part 1 – Python and boto3

13 October 2021
 

 We have an AWS Elastic Kubernetes Service cluster, which has a few WorkerNode Groups that were created as AWS AutoScaling Groups by using the eksctl, see the AWS Elastic Kubernetes Service: a cluster creation automation, part 2 – Ansible, eksctl for more details. The WorkerNode Group configuration for the eksctl keeps a set of Tags,… Read More »

Kubernetes: Helm – “x509: certificate signed by unknown authority”, and ServiceAccount for Pod

29 September 2021
 

 We have Github runners in our AWS Elastic Kubernetes service cluster, that are used to build Docker images and deploy them with Helm or ArgoCD. On the first helm install run in a Github runner’s Pod, we are getting the “x509: certificate signed by unknown authority” error: Or, if not set an API URL, then we… Read More »

AWS: disable TLS 1.0 and TLS 1.1 for Application LoadBalancer

27 September 2021
 

 If check any of a freshly created AWS Application LoadBalancer with a certificate from the AWS Certificate Manager, and with an HTTPS Listener’s default settings you’ll see the B grade: The main point of the SSL Labs is the support of the deprecated encryption versions – TLS 1.0 and 1.1. AWS LoadBalancer SecurityPolicy and TLS… Read More »

AWS: Cost Explorer – costs checking on the CloudWatch Logs example

7 September 2021
 

 This post isn’t an overview of the AWS Cost Explorer service, but just a quick example of how to detect costs for your AWS account and its services. So, when I came back from the vacation, I noticed that we’ve paid more than usually for the AWS CloudWatch for August – almost 50 dollars per… Read More »

AWS: Lambda functions – an overview, and integration with AWS API Gateway

18 August 2021
 

 AWS Lambda allows running a code without the need to create and manage servers, also known as the serverless approach. AWS Lambda will determine how much CPU and memory is needed to run a function, and when it’s necessary it will perform autoscaling. A code to be running is organized in lambda functions and can be… Read More »

Git: scan repositories for secrets using Gitleaks

16 August 2021
 

 A confidential data leak such as RDS keys or passwords to a Git repository, even if it is a private Github repository, is a very bad thing and it’s good to check your repositories to know if any developer pushed a commit with such data. Scanning utilities To check Git repositories for a leak, at… Read More »

Tableau: install Tableau Bridge to access a database server in a private network

9 August 2021
 

 To access a database server, that has no public access (as it must be – access only inside an AWS VPC), Tableau suggests using its tool called Tableau Bridge. The idea is to have a Bridge service running in a network, which has access to a database server via its Private IP. Also, Bridge will… Read More »

AWS: Route53 Private Hosted Zones — hiding domains from the Internet

26 July 2021
 

 Private Hosted Zone in AWS Route53 allows to limit access to DNS records of a domain, thus making it inaccessible for the DNS Enumeration (or DNS brute-force), when an attacker checks for available records in a domain to know endpoints list to check them for vulnerabilities. For such attacks, there is a lot of utilities… Read More »

AWS: WAF WebACL logging and Logz.io integration

22 July 2021
 

 In the first post – AWS: Web Application Firewall overview, configuration, and its monitoring – we spoke about its main components, created a WebACL and Rules for it, and did basic monitoring. Also, we’ve configured WebACL’s logs collection with AWS Kinesis, but now it’s time to see them Logz.io, as CloudWatch Logs isn’t available for… Read More »