security

Avoid security credentials on GitHub

Your AWS account is a valuable target for bad guys. With access to your security credentials an attacker is potential able to steal sensitive data, utilize resources on your costs, or sabotage your infrastructure. Two years ago AWS and their customers observed that bad guys started to crawl public GitHub repositories for security credentials granting them access to AWS accounts. Turns out even the most cautious engineer commits secrets to public GitHub repositories from time to time. We are all humans! W...

Antivirus for S3 Buckets

Antivirus for S3 Buckets

Many of our AWS consultancy clients ask me: “How can we make sure that the files that we store on S3 are virus free?” As always, our clients are looking for simple and cheap solutions. That’s why I developed S3 VirusScan. Every file that is added to a...

Manage AWS EC2 SSH access with IAM

Manage AWS EC2 SSH access with IAM

AWS can deploy one EC2 Key Pair to your EC2 instance. But this approach has several disadvantages: You can only use one key per EC2 instance. But you shouldn’t share keys between users. Access to EC2 instances via SSH can not be restricted to specific ...

Event Driven Security Automation on AWS

If your developers create their own infrastructure in minutes, who cares about security? In some organizations the security teams become the new bottleneck if the company wants to deploy every commit to production. Because manual reviews can’t be done for every commit. Teri Radichel’s paper Balancing Security and Innovation With Event Driven Automation shows how you can use AWS to tackle the security bottleneck problem. I will shortly summarize her work and encourage you to read the whole paper and have ...

Avoid Sharing Key Pairs for EC2

Avoid Sharing Key Pairs for EC2

Lock and key devices are used by mankind for more than 6.000 years. Whether mechanical, electrical or digital, the concept stays the same: a key is needed to access resources behind a lock. Technology has made incredible progress since then. But one pro...

Improve AWS security: protect your keys with ease

Improve AWS security: protect your keys with ease

As a DevOps engineer, I love to work with the AWS Command Line Interface (CLI) to control various AWS resources in an (half-)automated way. To be able to do so it is necessary to store access keys on my local machine. These access keys (access key ID an...

CloudFormation vs Engineers: How to protect your CloudFormation managed AWS account from human intervention

To eliminate human error as much as possible I advised you to follow the idea of Infrastructure as Code implemented by AWS CloudFormation. Changes to your infrastructure like launching a new virtual server or making changes to a firewall configuration are no longer done manually. Instead you change the description of your infrastructure and let CloudFormation apply the changes.A common problem with CloudFormation are manual changes to resources managed by CloudFormation. A manual change to your AWS accou...

Monitor your AWS account to detect suspicious behavior in real time

Monitor your AWS account to detect suspicious behavior in real time

You can track every change made to your AWS account with CloudTrail. Did you know that you can also monitor your AWS account in near real time with custom rules specific to your use case? By combining CloudTrail, S3, SNS, and Lambda, you can run a piece...

Your single AWS account is a serious risk

Your single AWS account is a serious risk

Your AWS account is one of the most valuable things you own if you run a business on AWS. If you only own a single AWS account, you’re facing a serious security risk! The post will show you why this a problem and how you can solve it. This post receive...


marbot

Are you part of a highly motivated DevOps team? Use marbot, a friendly chatbot, to forward all kind of alerts from your AWS infrastructure to Slack. Alerts are escalated across your team automatically allowing you to focus on your daily work.

Amazon Web Services in Action

Amazon Web Services in Action introduces you to computing, storing, and networking in the AWS cloud.

Customer Reviews: