Page 20
EC2 Instance Connect is an insecure default!
Two months before, Michael wrote about why AWS SSM is a trojan horse. Shortly after that, AWS released EC2 Instance Connect, which is even worse. If you use Amazon Linux 2 or Ubuntu, the chances are high that everyone in your AWS account can SSH into ev...
Read moreVerify SNS messages delivered via HTTP(S) in Node.js
Are you implementing an HTTP/HTTPS endpoint for SNS? If so, you should definetly verify the incoming messages. Otherwise, anyone on the Internet can deliver messages to your HTTP/HTTPS endpoint. Which is a security risk. How do you verify incoming mess...
Read moreReview: AWS Backup - A centralized place for managing backups?
AWS Backup aims to become a centralized place for managing backups. If possible, AWS Backup uses existing features to create backups (e.g., RDS snapshots). Sometimes, AWS Backup is the only way to create a backup (e.g., EFS file systems). Do you prefe...
Read moreCalling AppSync GraphQL from Lambda
AWS AppSync provides an easy way to run a GraphQL API that triggers AWS Lambda functions and other AWS services. If you start with AppSync, you likely have existing systems running next to it. Sooner or later, you want to call the GraphQL API from your ...
Read moreDockerizing legacy applications with confd
A legacy application typically uses files to read configuration parameters. But working with configuration files is cumbersome when building Docker images for the use with ECS (EC2 or Fargate). In theory, you could copy configuration files to the EC2 in...
Read moreHow to dockerize your PHP application for AWS Fargate?
The biggest game-changer for Docker on AWS was the announcement of AWS Fargate. Operating Docker containers could not be easier. With AWS Fargate, you launch Docker containers in the cloud without any need of managing virtual machines. All you need is ...
Read moreAnalyze CloudWatch Logs like a pro
This post was originally published on the marbot blog. Centralizing the logs from all your systems is critical in a cloud infrastructure. Typical solutions to store and analyze log messages are: Elastic Stack (Elasticsearch + Kibana), Loggly, Splunk, ...
Read moreSchool's Out For Summer
Michael and I have just returned from a trip to France where we enjoyed the sun, the beach, the pool, and - of course - the cheese. We are giving away 25 printed books Amazon Web Services in Action to students who are keen to get started with AWS during...
Read moreAWS CloudTrail: your audit log is incomplete
Recently, I was investigating the size of a security breach caused by leaked AWS credentials. The first place to go in such a scenario is the audit log recorded by CloudTrail. When configured correctly, CloudTrail captures the requests to the AWS API an...
Read moreEFS with TLS behind a proxy
Encryption of data at rest and in transit is the new normal. Or as Werner Vogels (Amazon, CTO) says: “Dance like nobody’s watching. Encrypt like everyone is.” The Amazon Elastic File System (EFS) supports both: encryption at rest and encryption in trans...
Read more