Archives for AWS
Installing certbot on an EC2 using AWS Systems Manager
Registering the certbot client and requesting a certificate - sudo yum -y install yum-utils - sudo yum -y install - sudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional - sudo yum -y install certbot - sudo certbot register --server {{ CertServerUrl }} -m {{ contactEmail }} --no-eff-email - sudo certbot certonly --server {{ CertServerUrl }} --cert-name {{ certName }} -d {{ certDomains }} --webroot-path {{ webrootPath }} > / The terraform file () # input variables variable "instance_ids" { type = list default = } variable "cert_common_name" { type = string default = "avTestCert" }…
Private Subnets and VPN Tunnels in AWS
VPN Tunnel The idea is for all your private subnets to route via the VPN Tunnel. Create a custom route table shown below for the first private subnet. This is…
AWS Lake Formation FAQ (built on AWS Glue)
Where is the schema stored? Crawlers will dump data into S3 - WITH the schema structure. How is the DATA ingested? Prebuilt ingest jobs are available. In addition, customized ingest…
Cloud Health for Kubernetes Clusters and VMs
Tying an Azure Subscription (or AWS account) to Cloud health portal You have two options (for Azure). Either use an EA (get an Enrollment ID from your EA) and use…
Delete Default VPCs in AWS using bash
Default VPCs, with their default NACLs - all need to be removed. To delete default VPCs in a region, one needs to first delete any IgWs, any NAT gateways etc.…
Enabling Encryption on Existing EBS volumes or RDS Instances
RDS encryption RDS encryption can only be setup during initial creation. If you need to do it after the fact, the correct process is to create a snapshot, encrypt the…
Security Hub Notification emails – Severity Level Filtered
Also read - Securing S3 buckets How do I send out a custom email for all the config violations (all the security hub events) that arise in my account? Use…
Cloudflare for S3 Content Protection
Ever thought about protecting your s3 workloads just the same as your compute workloads (for behind a WAF )? Cloudflare on AWS can be used to server s3 content. The…
OUs and Security
Also read AWS Security Risk Factors and AWS Security Audits - Roles, Policies and GCP, Azure Equivalents Your Account Hierarchy Ensure that you have set up an org hierarchy -…
AWS Data Life Cycle Management Policies
Tags created by DLM (these are used to distinguish the resource tags from tags created otherwise) aws:dlm:lifecycle-policy-idaws:dlm:lifecycle-schedule-name aws:dlm:expirationTime dlm:managed Types of DLM Policies Snapshot lifecycle policy— Most Common. These help…