Articles tagged with "aws"

One Step Closer to IPv6

Over many years, we have now read warnings about the exhaustion of available IPv4 addresses. So far, there still seem to be ways and ideas on how to extend their lifetime (by approaching large organizations, using NAT, re-dedication of 240.0.0.0/4, and so on). Switching over to the much-dreaded IPv6 sounds easy, but even minor things can still cause problems. So what is the current state of AWS with this topic? And how did the landscape change during re:Invent 2021?

NetApp DataSense on AWS

Over the last years, demands and expectations on data security have increased dramatically. The main drivers are local data privacy regulations like the EU-GDPR, which imply awareness of sensitive data and an overview of potential risks. Amazon has offered its service Macie in 2017, added new capabilities lately, and is doing a great job with data on S3. But how do you include your EFS/FSx file shares and RDS databases to eliminate blind spots? Meet NetApp Cloud DataSense.

Testing Terraform with InSpec (Part 1)

While Infrastructure-as-Code slowly becomes omnipresent, many of the communicated advantages of the approach stay mostly unrealized. Sure, code style checks (linting) and even automated documentation get more common every month. But one of the cornerstones often gets ignore: testing. Let’s see which types of code testing are available and how to do it without writing too much code. The promise of the Infrastructure-as-Code (short: IaC) movement is to handle infrastructure just as if it was a program.

Be Aware of EBS Direct APIs

Recently, I blogged about a security incident where CloudTrail was not set up to log S3 data events. But while this is the most common type of data events, there are some more. And one of them has really scary implications. But good news: you can protect yourself about that.

How To Hybrid! - AWS Systems Manager Patch Management

As AWS Cloud adoption becomes more widespread throughout the industries, challenges arise how to govern IT resource usage and implement a coherent management for systems across on-premises and the AWS Cloud. This blog post gives insights in how the AWS offered Systems Manager capabilities could be extended from the cloud environment to your hybrid and on-premises environments.

CloudTrail Data Events

In today’s post, I will talk about a hacking investigation I recently took part in. We will look into what went wrong, what the attackers did, and how we can improve detection and prevention to manage such incidents better.

Map out your IAM with PMapper

Writing “Least Privilege” policies is an art in itself, but it inevitably leads to a large number of JSON-based policies in your accounts. As one of the rules of good security is “low maintainability = low security”, let’s dive into tools which can show us risks inside our policies - which might even result in paths to administrative privileges!