Image for post
Image for post
www.datanextsolutions.com

Introduction

In today’s competitive world, the protection of data and digital assets is a top priority for any security architect and enterprise. Digital assets could be in form of PII (Personal Identifiable Information), client list, network information, trade secrets, or more.

Securing these assets using a complex password is not enough, we all know people are used to setting the same password on multiple platforms, compromising one password could be a potential call for trouble. Odd enough I recently saw an article on CNN citing the problem

MFA or Multi-factor authentication can solve this problem to some extent, MFA allows you to have an additional layer of security to access your cloud or on-premise applications, even if you have the same password assigned to the various platforms, MFA technically makes it unique. …


Image for post
Image for post
www.datanextsolutions.com

Often there is a case when you have to provide read-only access to a user on your AWS account for security, training, or auditing purposes.

In this post, I will show you how we can provide read-only access to the AWS console to any user.

Create a Group

This step is optional, but I would suggest it as a best practice. Groups allow you to easily manage users and policies.

In this example, I am creating a group called auditors

Image for post
Image for post

Attach an IAM Policy to Group

On the next screen, while creating a group, you have an option to attach a policy to the group, search and select “ReadOnlyAccess” predefined AWS policy as shown in the following…


Image for post
Image for post
www.datanextsolutions.com

In my previous post Exploring AWS Secret Manager, we learned about some key benefits of using AWS Secret Manager. In this post, we will explore how to use it with a practical example.

How it Works

You can use Secret Manager to store, rotate, monitor, and control access to secrets such as database credentials, API keys, and OAuth tokens.

I have discussed the benefits and workflow of Secret Manager in my other post check it out

Image for post
Image for post
AWS Secret Manager Workflow

The above slide describes the typical application workflow when working with AWS Secret Manager

  1. The DBA or Service admin creates a service account credential to use the service for a particular app. For example, DBA creates a username and password for MyWebApp to access the database. …


Image for post
Image for post

In this fast-changing world of Cloud, Containers, APIs and Microservices, keeping and managing IT resources is one challenge and securing them is another.

Credentials management is one of the most overlooked concepts when comes to securing your applications. I have seen organizations keep all passwords in a single spreadsheet or confluence page or on many occasions on a sticky note under the manager’s keyboard 😄

AWS Secret Manager allows you to easily store, rotate, manage credentials throughout the lifecycle of your applications. …


Image for post
Image for post
www.datanextsolutions.com

Object storage is a very popular service in the cloud, the first thing normally organizations move to the cloud is the object storage which are files like documents, images, audio, video, and other content data.

With many different services that exist in the cloud, security is a top priority of any organization. Therefore, protecting data with accidental delete also should be included in the top list of operations. In AWS S3 you can optionally add another layer of security by configuring buckets to enable MFA Delete, which can help to prevent accidental bucket deletions and it’s content.

In this post, we cover how to enable MFA (Multi-factor authentication) on S3 buckets in AWS. If you want to learn more about how to enable MFA I did a post on it a while back. …


Image for post
Image for post
www.datanextsolutions.com

Overview

I will be posting a series of some cool articles related to AWS security, some are required to use Multi-Factor Authentication (MFA) so here is a basic one how to enable MFA on AWS.

Probably many of you already familiar with using MFA login in a web browser, In this post, I will also share how to use MFA login on AWS CLI.

Create IAM User

The first step is to create an IAM user if you don’t have one using the AWS Console. Make sure you allow console access or programmatic access (if required)

In this example, I am creating a user called…


Image for post
Image for post
www.datanextsolutions.com

Overview

AWS offers 3 types of load balancers as part of Elastic Load Balancer (ELB) service one is called Classic Load Balancer, TCP load balancer and the latest is the Application load balancer (ALB).

ALB offers some unique features over Classic ELB and one of the features is Path-based Routing. What is Path-based Routing? well in simple terms the ALB could forward the incoming requests to different destinations based on the path as shown in the slide.

Image for post
Image for post
Path-based routing example

Example

In the above slide, if the request contains the text /en/ the request would be forwarded to EC2 instance where our app (Hello World) is running in English and if the request contains the text /es/, then the request would be redirected to other EC2 instance and we will see the Hello World message in Spanish. …


Image for post
Image for post

Modules are used in Terraform to modularize and encapsulate groups of resources in your infrastructure. Using Modules you can write a generic code and reuse it as you need if you are from database background it is similar to using stored procedures.

Terraform provides a various way to use Modules, you can write module and use it from many sources, similar to using files from Shared Drives or services like DropBox and Google Drive.

The module installer supports installation from a number of different source types, as listed below.

  • Local paths
  • Terraform Registry
  • GitHub
  • Bitbucket
  • Generic Git, Mercurial repositories
  • HTTP…


Image for post
Image for post
www.datanextsolutions.com

Overview

A short and useful post today, recently we had a customer requirement to migrate their git repositories from one account to another service provider, for example moving from bitbucket to GitHub, the repositories had a history of branches and commit for over 5 years and were quite huge in size.

The solution was quite simple but I thought to document this for anyone who is looking to solve a similar problem.

Solution

Step 1 is to mirror the Git repository to your local machine by the following command

$ git clone --mirror https://url-of-the-source-git-repo.git

The above command would create a directory with your repository name.git …


Image for post
Image for post

AWS Lambda is a serverless compute service which lets you run code without provisioning or managing servers. With Lambda, you can run code for virtually any type of application or backend service — just set up your code to automatically trigger from other AWS services or call it directly from any web or mobile app.

Amazon API Gateway is a fully managed service that allows you to create, publish, maintain, monitor, and secure APIs at any scale. With API Gateway you can create an API that acts as a “front door” for AWS Lambda functions.

Together AWS Lambda and API Gateway are commonly used in N-Tier architecture applications, for example, the front end UI developed in Angular, ReactJS or Vu.js and calls API gateway endpoints which eventually triggers Lambda functions. …

About

Zeeshan Baig

Cloud Security Expert & CEO of DataNext Solutions, helping people every day with the latest tech. Connect @LinkedIn http://bit.ly/zb-linkedin

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store