Das #aws security team schlägt als Lösung vor #vpc #endpoints für Systems Manager zu aktivieren.
Durch VPC Endpoints können Dienste über AWS #PrivateLink angebunden werden. Hierdurch wird der Dienst nicht über seine öffentliche sondern eine private IP Adresse aus dem VPC angesprochen, wodurch wiederum sichergestellt ist, dass nur der Systems Manager Service des eigenen Accounts kontaktiert wird.
https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-create-vpc.html
#aws #vpc #endpoints #privatelink
QGIS3.32を利用してLASからCOPCとSTAC仕様に基づいたVirtual Point Clouds(仮想点群)を生成する
https://qiita.com/nokonoko_1203/items/c6e2f47da74f92ec3666?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items
#qiita #vpc #QGIS #PointCloud #STAC
#qiita #vpc #qgis #pointcloud #stac
Using CDK To Connect An External-Facing Node.js Lambda To A Postgres RDS Instance Within A VPC https://awstip.com/using-cdk-to-connect-an-external-facing-node-js-lambda-to-a-postgres-rds-instance-within-a-vpc-e35af9e112e1
#aws #cdk #vpc #serverless #lambda #rds #postgres #sequelize
#aws #cdk #vpc #serverless #lambda #rds #postgres #sequelize
Amazon VPC Lattice Now GA with New Capabilities for Service-to-Service Connectivity
https://www.infoq.com/news/2023/04/aws-vpc-lattice-ga/
#aws #vpc #networking #security
#aws #vpc #networking #security
Yesterday saw me doing #sysadmin on Maolte Technical Solutions Limited's #cloudarchitecture implemented in my #aws #demo #project starting with #securityhub #infrastructure #resource recommendations... stay tuned for updates... #cloudinfrastructure #cloud #s3 #vpc
#sysadmin #cloudarchitecture #aws #demo #project #securityhub #infrastructure #resource #cloudinfrastructure #cloud #s3 #vpc
If you’re going to ship off your #VPC flow logs to a 3rd party vendor’s system (and not keep a local copy), for the love of Frejya, please actually confirm that the logs are there and queryable.
Threat actor in a client’s servers (#AWS) moving data between servers in different VPCs. They had flow logs for the source VPC, but the second VPC was using kenesis data firehose going to a third party, where the logs are…missing 🙄 Makes it difficult to see where the data went from there.
AWS Adds VPC Resource Map to Simplify Management of Virtual Networks
https://www.infoq.com/news/2023/02/vpc-resource-map/
#aws #vpc #networking
We ask #ChatGPT about an oft overlooked policy that you should be putting in place when using #VPC #Endpoints in #AWS. Do NOT inadvertently allow access to other tenants' resources!
FOLLOW US as we explore cloud network security with #AI.
#chatgpt #vpc #endpoints #aws #ai #awssecurity
MC-LAG vs Cisco vPC: What You Need to Know ?
#Cisco #Arista #MCLAG #vPC #datacenter #networking #networks #networkengineers #ccna #ccnp #ccie #networkers
https://www.thenetworkdna.com/2023/02/mc-lag-vs-cisco-vpc-what-you-need-to.html
#cisco #Arista #mclag #vpc #datacenter #networking #networks #networkengineers #ccna #ccnp #ccie #networkers
While #GCP make it more obvious, I have always suspected that #VPC #endpoints in #AWS are actually NAT instances behind the scenes simply translating network addresses. Reason being they take so long to spin up and shut down🤔
But why would anybody charge exorbitantly for just NAT😬
How to Setup a #VPC in #AWS https://shrtn.click/34wrPsg #tech #technology #cloud
#vpc #aws #tech #technology #cloud
Maybe I can’t use the data synchronization agent because the two sides of our #VPC are designed not to talk to each other in that direction? Will get with vendor and peers soon to confirm theory.
@verita84 @zbecker
Which one of both are you using? I first tried #pleroma but decided then to give first #mastodon a shot. As everything is still new to me I just wanted to start off mainstream.
Btw. I’m using #nixos to deploy the server there is a module which makes the setup really simple.
My 4 cpu 8 gb #vpc is spending most of its time idling at a load of 0.05. Resources seem not be the limiting factor right now 😅
🔗 https://nixos.wiki/wiki/Mastodon
#pleroma #mastodon #nixos #vpc
@mbootsman yep... Hij doet alsof ie vpn is, maar stuurt niets naar een andere server, als ik t goed begrijp.
Een #vpc dus.. Ofzo.. 😇
@dob That's a big scope.
Some things we do to make our lives easier and doesn't cost $$$.
Enable #guardduty and pipe all the alerts into a slack channel (+email as well).
Enable #cloudtrail log everything to an #S3 bucket in another account. #cloudwatch alerts on auth failures (to slack + email (some go to pagerduty #infosec contact).
We also have some alerts on updates when a cidr is added to a #SecurityGroup.
Don't use #ssh or #bastion/#JumpHosts use #ssm to run automations on the hosts (package install, service restarts etc) also to get a shell on a box (if needed at all). (you can use #TransitiveTags with #RoleAssumption to give granular access).
Using #ssm for console access also logs the entire session (including someone doing sudo su - root
etc!) into #S3
Use #MicroSegmentation within our #vpc. Instances behind an #alb will only accept traffic from the #alb #SecurityGroup etc.. #rds, #elasticache willl only accept traffic from instances in the appropriate #SecurityGroup. (Basically we don't use cidr ingress rules, we use security group ids) (this works across accounts in the same region with peering, but not across regions however).
#guardduty #cloudtrail #s3 #cloudwatch #infosec #securitygroup #ssh #bastion #ssm #transitivetags #roleassumption #microsegmentation #vpc #alb #rds #elasticache #aws
My battle against the #AWS SecurityHub "best practices" continues. This time it's "[EC2.21] Network ACLs should not allow ingress from 0.0.0.0/0". I don't USE NACLs. NACLs are stupid. They're a total waste of time and not the right way to do network security. If NACLs are an important part of your #VPC #network #security, you're doing it wrong.