security

/Tag:security
­

SSM Sessions the easy way

In the previous post - Using SSM Session Manager for interactive instance access - I showed you how to access EC2 instances through AWS Systems Manager (SSM) Sessions without having to open Security Groups or firewall ports, maintain SSH keys, VPNs, Jump Hosts, and so on. The native way for starting a SSM Session with [...]

By |May 27th, 2019|Projects|10 Comments

Using SSM Session Manager for interactive instance access

You may argue that interactive login to EC2 instances should never be needed. Everything is dynamic, automated, self healing, centrally logged, and so on and there is no place for human interaction, right? But lets be honest - the world isn't perfect and we all sometimes need to jump into bash to do stuff for [...]

By |May 25th, 2019|Best Practice|7 Comments

IP-Ranges Updater

Back in March I wrote about a command line script filter-ip-ranges that can parse the Amazon-published ip-ranges.json file and look up address ranges by region, service or IP address. That's handy for the occasional manual use or for creating or updating some whitelists or Security Groups through aws-cli. But running an aws-cli script from cron [...]

By |December 28th, 2018|Projects|2 Comments

Cross-account access with aws-cli

In the previous post I explained how to Use Cross-account access through AWS Console. Today I'll show you how to do the same in the command line using aws-cli. We've got Access and Secret keys for the Login account and want to use aws-cli to create and manage resources in the Dev account above. [...]

By |January 10th, 2018|Best Practice|0 Comments

Using Cross-account access (AWS Console)

Short post to demonstrate how to use AWS Cross-account access from AWS Console. To re-iterate this is what we what we have set up in our previous post: First step is to login to the aws-nz-login account as an non-privileged IAM user, e.g. as michael.ludvig in my case. In the top-right menu under [...]

By |December 10th, 2017|Best Practice|0 Comments

Cross-account access

In bigger organisations it is common to have one central AWS account with IAM User accounts and a whole lot of independent per-project or per-team accounts that are only through cross-account access from this central account. The benefits is obvious - company has a single place where they manage user accounts, credentials, passwords, permissions, etc. [...]

By |December 6th, 2017|Best Practice|1 Comment

Linux user authentication with SSSD / LDAP

Current Linux distributions can seamlessly work as members of Active Directory domains which gives them access to the AD authentication system. However it requires the Linux hosts to "join" the AD domain, for which one has to posses some special AD privileges. In many cases this is not viable and we may only want a [...]

By |October 17th, 2017|Best Practice|13 Comments

Joining a Linux EC2 instance to Active Directory realm

This post is not too AWS-specific, in fact the steps below should work not only on Amazon Linux but also on RedHat Linux, CentOS and Oracle Linux and posibly on Debian and Ubuntu based distros as well. There is a number of prerequisities for a successful completion of this task. At least the following records should be [...]

By |June 6th, 2017|Best Practice|9 Comments

S3 Pre-signed URL example

S3 Pre-signed URLs can be used to provide a temporary 3rd party access to private objects in S3 buckets. For example non-public files on a file sharing site can only be made available to the approved users with one-off URLs that expire after 10 minutes. Here we offer a simple demo for testing the concept. The demo consists of [...]

By |January 25th, 2017|Best Practice|7 Comments

Re-using EC2 Key Pair in multiple regions

One of the parameters required for launching an EC2 instance is a Key Pair which is effectively an SSH Key used for interactive logging into the default user account - on Amazon Linux it's the ec-user account - or for decrypting the Windows Administrator's password. It is easy to create a new Key Pair / [...]

By |July 4th, 2016|Best Practice|2 Comments