← All posts
Category

Security

Posts on Security.

Deploying AWS GuardDuty with CloudFormation for Master and Member accounts

1 May 2018 ·

AWS GuardDuty analyses various events happening on your AWS account and can notify you when suspicious activity takes place. Right now, GuardDuty is specific to a region and needs to be enabled in each region you want to monitor (though AWS recommends you enable it in all regions to ensure global actions are monitored). Going through GuardDuty console in every AWS region can be a daunting task, and quite time consuming if you have multiple AWS accounts which you’d like to connect into Master-Member setup. Luckily, CloudFormation supports enabling and setting up GuardDuty detectors, so you can use it to make it a little bit less painful.

Read more →

Sharing encrypted AMIs between AWS accounts (using Python and boto3)

2 November 2017 ·

Each Amazon Machine Image (AMI) holds information of the volumes and snapshots of those volumes that should be attached to instances created from that AMI. To protect the data on those snapshots, you can choose to encrypt them using KMS. Encrypting your data at rest is generally a good idea, though many companies choose to avoid encrypting their snapshots, because sharing such snapshots between different AWS accounts (for example, Test and Production accounts) can be difficult. That’s why I’m sharing details on how to make this as easy as possible (and automated!).

Read more →

S3 bucket permissions: what does "everyone" mean?

10 May 2017 ·

On more than one occasion I have seen S3 bucket policies set for the predefined users groups: “Everyone” and “Any authenticated AWS user”, but rarely has it been done with understanding of what those groups actually mean. So, if you’ve ever set (or thought of setting) permissions for those, please read on.

Read more →

Let's talk

Start with a free second opinion: 30 minutes with our founder. No account access needed, and you keep a short written read.

Schedule a meeting: our calendar