Category Archives: Amazon Web Services

Amazon Web Services is a subsidiary of Amazon that provides on-demand cloud computing platforms to individuals, companies and governments, on a paid subscription basis.

AWS: Lambda – copy EC2 tags to its EBS, part 2 – create a Lambda function

13 October 2021
 

 let’s proceed in our journey of the AWS Lambda function, which will copy an EC2’s AWS Tags to all EBS volumes, attached to it. In the first part, AWS: Lambda — copy EC2 tags to its EBS, part 1 – Python and boto3, we wrote a Python script that can get all EC2 instances in… Read More »

AWS: Lambda – copy EC2 tags to its EBS, part 1 – Python and boto3

13 October 2021
 

 We have an AWS Elastic Kubernetes Service cluster, which has a few WorkerNode Groups that were created as AWS AutoScaling Groups by using the eksctl, see the AWS Elastic Kubernetes Service: a cluster creation automation, part 2 – Ansible, eksctl for more details. The WorkerNode Group configuration for the eksctl keeps a set of Tags,… Read More »

AWS: disable TLS 1.0 and TLS 1.1 for Application LoadBalancer

27 September 2021
 

 If check any of a freshly created AWS Application LoadBalancer with a certificate from the AWS Certificate Manager, and with an HTTPS Listener’s default settings you’ll see the B grade: The main point of the SSL Labs is the support of the deprecated encryption versions – TLS 1.0 and 1.1. AWS LoadBalancer SecurityPolicy and TLS… Read More »

AWS: Cost Explorer – costs checking on the CloudWatch Logs example

7 September 2021
 

 This post isn’t an overview of the AWS Cost Explorer service, but just a quick example of how to detect costs for your AWS account and its services. So, when I came back from the vacation, I noticed that we’ve paid more than usually for the AWS CloudWatch for August – almost 50 dollars per… Read More »

AWS: Lambda functions – an overview, and integration with AWS API Gateway

18 August 2021
 

 AWS Lambda allows running a code without the need to create and manage servers, also known as the serverless approach. AWS Lambda will determine how much CPU and memory is needed to run a function, and when it’s necessary it will perform autoscaling. A code to be running is organized in lambda functions and can be… Read More »

Tableau: install Tableau Bridge to access a database server in a private network

9 August 2021
 

 To access a database server, that has no public access (as it must be – access only inside an AWS VPC), Tableau suggests using its tool called Tableau Bridge. The idea is to have a Bridge service running in a network, which has access to a database server via its Private IP. Also, Bridge will… Read More »

AWS: Route53 Private Hosted Zones — hiding domains from the Internet

26 July 2021
 

 Private Hosted Zone in AWS Route53 allows to limit access to DNS records of a domain, thus making it inaccessible for the DNS Enumeration (or DNS brute-force), when an attacker checks for available records in a domain to know endpoints list to check them for vulnerabilities. For such attacks, there is a lot of utilities… Read More »

AWS: WAF WebACL logging and Logz.io integration

22 July 2021
 

 In the first post – AWS: Web Application Firewall overview, configuration, and its monitoring – we spoke about its main components, created a WebACL and Rules for it, and did basic monitoring. Also, we’ve configured WebACL’s logs collection with AWS Kinesis, but now it’s time to see them Logz.io, as CloudWatch Logs isn’t available for… Read More »

AWS: Web Application Firewall overview, configuration, and its monitoring

19 July 2021
 

  AWS WAF (Web Application Firewall) is an AWS service for monitoring incoming traffic to secure a web application for suspicious activity like SQL injections. Can be attached to an AWS Application LoadBalancer, AWS CloudFront distribution, Amazon API Gateway, and AWS AppSync GraphQL API. In case of finding any request that sits WAF’s rules, it… Read More »

AWS: CloudTrail overview and integration with CloudWatch and Opsgenie

15 July 2021
 

 AWS CloudTrail is a service for auditing AWS accounts events and is enabled by default. It saves all actions that were done by a user, IAM role, or an AWS service via AWS Console, AWS CLI, or AWS SDK. CloudTrail will write information about every API call, log in to the system, services events, and… Read More »