Das #aws security team schlägt als Lösung vor #vpc #endpoints für Systems Manager zu aktivieren.

Durch VPC Endpoints können Dienste über AWS #PrivateLink angebunden werden. Hierdurch wird der Dienst nicht über seine öffentliche sondern eine private IP Adresse aus dem VPC angesprochen, wodurch wiederum sichergestellt ist, dass nur der Systems Manager Service des eigenen Accounts kontaktiert wird.

https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-create-vpc.html

QGIS3.32を利用してLASからCOPCとSTAC仕様に基づいたVirtual Point Clouds（仮想点群）を生成する
https://qiita.com/nokonoko_1203/items/c6e2f47da74f92ec3666?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items
#qiita #vpc #QGIS #PointCloud #STAC

Product research question: if you use #IPv6 in a #cloud provider, what are your top use-cases? If you want to use IPv6 in a #VPC, what are the things you require that may not be obvious (eg, prefix-per-host, ULA, SLAAC/DHCPv6-PD/DHCPv6/CloudInit, some IPv4aaS function, etc)?

Using CDK To Connect An External-Facing Node.js Lambda To A Postgres RDS Instance Within A VPC https://awstip.com/using-cdk-to-connect-an-external-facing-node-js-lambda-to-a-postgres-rds-instance-within-a-vpc-e35af9e112e1

#aws #cdk #vpc #serverless #lambda #rds #postgres #sequelize

Amazon VPC Lattice Now GA with New Capabilities for Service-to-Service Connectivity
https://www.infoq.com/news/2023/04/aws-vpc-lattice-ga/
#aws #vpc #networking #security

Yesterday saw me doing #sysadmin on Maolte Technical Solutions Limited's #cloudarchitecture implemented in my #aws #demo #project starting with #securityhub #infrastructure #resource recommendations... stay tuned for updates... #cloudinfrastructure #cloud #s3 #vpc

Some days, the only thing you accomplish is fixing someone else’s #VPC.

If you’re going to ship off your #VPC flow logs to a 3rd party vendor’s system (and not keep a local copy), for the love of Frejya, please actually confirm that the logs are there and queryable.

Threat actor in a client’s servers (#AWS) moving data between servers in different VPCs. They had flow logs for the source VPC, but the second VPC was using kenesis data firehose going to a third party, where the logs are…missing 🙄 Makes it difficult to see where the data went from there.

#DFIR

AWS Adds VPC Resource Map to Simplify Management of Virtual Networks
https://www.infoq.com/news/2023/02/vpc-resource-map/
#aws #vpc #networking

We ask #ChatGPT about an oft overlooked policy that you should be putting in place when using #VPC #Endpoints in #AWS. Do NOT inadvertently allow access to other tenants' resources!

FOLLOW US as we explore cloud network security with #AI.

#awssecurity

MC-LAG vs Cisco vPC: What You Need to Know ?
#Cisco #Arista #MCLAG #vPC #datacenter #networking #networks #networkengineers #ccna #ccnp #ccie #networkers
https://www.thenetworkdna.com/2023/02/mc-lag-vs-cisco-vpc-what-you-need-to.html

While #GCP make it more obvious, I have always suspected that #VPC #endpoints in #AWS are actually NAT instances behind the scenes simply translating network addresses. Reason being they take so long to spin up and shut down🤔

But why would anybody charge exorbitantly for just NAT😬

https://infosec.exchange/@ChaserSystems/109828531829510219

How to Setup a #VPC in #AWS https://shrtn.click/34wrPsg #tech #technology #cloud

Maybe I can’t use the data synchronization agent because the two sides of our #VPC are designed not to talk to each other in that direction? Will get with vendor and peers soon to confirm theory.

@verita84 @zbecker
Which one of both are you using? I first tried #pleroma but decided then to give first #mastodon a shot. As everything is still new to me I just wanted to start off mainstream.
Btw. I’m using #nixos to deploy the server there is a module which makes the setup really simple.
My 4 cpu 8 gb #vpc is spending most of its time idling at a load of 0.05. Resources seem not be the limiting factor right now 😅
🔗 https://nixos.wiki/wiki/Mastodon

@radio

What is best practice for setting up outbound rules of security groups inside of #Amazon #aws #VPC?

Just security based on (un)routable paths between subnets?

@mbootsman yep... Hij doet alsof ie vpn is, maar stuurt niets naar een andere server, als ik t goed begrijp.
Een #vpc dus.. Ofzo.. 😇

@dob That's a big scope.

Some things we do to make our lives easier and doesn't cost $$$.

Enable #guardduty and pipe all the alerts into a slack channel (+email as well).

Enable #cloudtrail log everything to an #S3 bucket in another account. #cloudwatch alerts on auth failures (to slack + email (some go to pagerduty #infosec contact).
We also have some alerts on updates when a cidr is added to a #SecurityGroup.

Don't use #ssh or #bastion/#JumpHosts use #ssm to run automations on the hosts (package install, service restarts etc) also to get a shell on a box (if needed at all). (you can use #TransitiveTags with #RoleAssumption to give granular access).
Using #ssm for console access also logs the entire session (including someone doing sudo su - root etc!) into #S3

Use #MicroSegmentation within our #vpc. Instances behind an #alb will only accept traffic from the #alb #SecurityGroup etc.. #rds, #elasticache willl only accept traffic from instances in the appropriate #SecurityGroup. (Basically we don't use cidr ingress rules, we use security group ids) (this works across accounts in the same region with peering, but not across regions however).

#aws

Tried to spin up a Debian vpc on vultr.com and getting an "Out of Stock" message. Not entirely sure how you can be "out of stock" of a digital asset.

Update: My bad, I hadn't selected a location.

#vpc #vultr #debian

My battle against the #AWS SecurityHub "best practices" continues. This time it's "[EC2.21] Network ACLs should not allow ingress from 0.0.0.0/0". I don't USE NACLs. NACLs are stupid. They're a total waste of time and not the right way to do network security. If NACLs are an important part of your #VPC #network #security, you're doing it wrong.

https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#ec2-21-remediation