Photo by Sarah Kilian on Unsplash

One of the fundamental requirements of having a successful information security program is “Knowing what you have”. The concept of Asset management is not unique to cloud but public cloud environments do pose some unique challenges. Restricting users to create resources in pre-approved regions is essentials to ensure that you do not have data and services in unknown corners of the AWS infrastructure.

If you want your IAM users to never go beyond approved AWS regions, this is a post for you. This is a simple tutorial to restrict IAM principles to perform actions in pre-approved AWS regions.

Problem Statement…

If you are anything like me, you have a hard time keeping track of how various AWS service deployments work with Availability Zones and Regions.

This write-up is intended for readers already familiar with AWS services. It provides a single point of reference to compare multiple AWS services based on how they work with Regions and Availability Zones. One may also use it as a cheat sheet before appearing for any AWS certifications.

Do you think there is a service that should make that list? Let me know in the comments and I would be happy to update the same.

Your city is under lockdown due to COVID-19 and you have the luxury of time. May be you want to learn a new skill or may be you just want to go for that professional certification which will help you climb the next step up the corporate ladder. Luckily, this is the 20th century and we have The Internet.

Technology professionals like you are increasingly looking at online training options and Edureka is one of popular ones out there. This is an account of my ongoing training experience with them as I attend the training for AWS certified Solutions Architect.

Photo by JESHOOTS.COM on Unsplash

Getting Started:

What is Instance Metadata Service (IMDS)

IMDS provides a convenient way to access metadata about a running EC2 instance such as host name, network config, security groups etc. The service runs on a link-local IP address and is unique to every single instance.

One of the most important use-cases for IMDS is to allow applications running on EC2 instances to access AWS resources. In a world without IMDS, we would have to use hard-coded API keys to enable communication between AWS services and resources. The metadata service solves this problem with “temporary security credentials”. …

As I write this piece down, senators in US are accusing AWS for breaking the law and the US government is busy analyzing the terabytes of data they recovered from Paige Thompson’s computer. Paige is an ex AWS employee who has been accused of carrying out the Capital One security breach which affected more than 100 million customers in the North American region.

We are going to recreate what happened with Capital One, based on the information already available. The end goal is to have a proof of concept focusing on Server Side Request Forgery (SSRF) and the AWS metadata…

Security consulting goes well beyond achieving targets and delivering reports on time. It’s a job where networking skills are almost as important as the technical know how. As somebody who worked on short term projects for multiple clients, I rarely had the luxury of time when it came to establishing great relationships. This situation demands doing small things right to leave a positive impression on people you work with. Here it is.

Be Flexible

One of the biggest clients I ever worked with once told me, “The one big reason why we work with you (the firm) is the flexibility…

Mayank Sharma

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store