September 2022 - AWS Security Architect

Archives for September, 2022

S3 ACLs and Bucket Policies

anuj varma September 25, 2022 S3 ACLs and Bucket Policies2022-09-25T14:33:48+00:00 S3 Security No Comment

S3 ACLs and S3 Bucket Policies ACLs were the first authorization mechanism in S3. Bucket policies are the newer method, and the method used for almost all AWS services. Policies can…

AWS SSO Groups, Root Users

anuj varma September 25, 2022 AWS SSO Groups, Root Users2022-09-25T14:46:17+00:00 AWS IAM No Comment

AWS SSO Groups and Root UsersAlso read Extending your AD to AWS and Restricted IAM Admin in AWS IAM Best Practice - Discourage use of local accounts and encourage SSO…

Extending your AD to AWS – AD on EC2 Instances

anuj varma September 25, 2022 Extending your AD to AWS – AD on EC2 Instances2022-09-25T07:38:41+00:00 AWS IAM 1 Comment

AD extend AWS Extending your AD to AWS Also read - Limited IAM Admin in AWS A very common use case - either to provide ease of addressing of AWS…

Accessing PaaS Services on AWS via Endpoints

anuj varma September 25, 2022 Accessing PaaS Services on AWS via Endpoints2022-09-25T07:20:18+00:00 PaaS Security No Comment

Also read, which PaaS services require VPCs Accessing PaaS Services on AWS AWS services like EC2, RDS, and ElastiCache come with an Elastic Network Interface (ENI), which enables communication from…

Limited IAM Admin in AWS

anuj varma September 25, 2022 Limited IAM Admin in AWS2022-09-25T06:48:58+00:00 AWS IAM 2 Comments

Often, we need to pare down the credentials of an IAM admin. This can be accomplished by creating a custom IAM policy for the restricted admin. What about a limited…

Testing your VPN Tunnel in AWS

anuj varma September 25, 2022 Testing your VPN Tunnel in AWS2022-09-25T06:20:11+00:00 AWS Network Security No Comment

VPN TUNNEL in AWS The idea is for all your private subnets to route via the VPN Tunnel. Create a custom route table shown below for the first private subnet.…

AWS SSM Connect for no ingress EC2 instances

anuj varma September 25, 2022 AWS SSM Connect for no ingress EC2 instances2022-09-25T06:20:21+00:00 EC2 Security 1 Comment

No Ingress EC2 is a great security option to completely block off all access to an EC2 instance. How then, will management users connect to this instance? This is a…

AWS DDOS Protection

anuj varma September 24, 2022 AWS DDOS Protection2022-09-24T16:26:17+00:00 AWS Network Security No Comment

AWS Shield A managed Distributed Denial of Service (DDoS) protection service. It detects and automatically mitigates attacks that could potentially result in downtime for your application. A DDoS attack results…

Protecting EC2 instances on AWS – Basic EC2 Security

anuj varma September 24, 2022 Protecting EC2 instances on AWS – Basic EC2 Security2022-09-25T06:19:10+00:00 EC2 Security No Comment

Also read - No Ingress EC2 Instances Here are a couple of simple, yet often ignored, best practices around EC2 instance access. Access to EC2 instances via Systems Manager Only (Management…

Routes in AWS – Destinations and Targets

anuj varma September 24, 2022 Routes in AWS – Destinations and Targets2022-09-29T18:09:12+00:00 AWS Network Security No Comment

routes in aws Also read - Palo Alto East West and Ingress Egress Filtering - on GCP and AWS Routes in AWS Overview - Destinations versus Targets Routes are composed…