Featured

Automating Cybersecurity

A series of blog posts on cybersecurity automation

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️A series on Security Automation. The Code.

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Summary of this blog series:

How AI is making me rethink security automation, batch jobs, and my blog

GitHub Repo

SecurityMetricsAutomation/README.md at main · tradichel/SecurityMetricsAutomation

AWS Security Automation Topics:

Approaching 350 posts exist in this series on automating Security Metrics Automation. I happen to be using AWS but the security and automation concepts are applicable to Azure, GCP or on premises environments. What started out as a simple blog series on batch job automation for security became a bit more complex. I also have close to 1500 posts on mostly cloud security at the time of this writing so organizing them by topic here to make them easier to find.

Cloud Governance

AWS Organizations

Network Security

DNS Security

Okta and IdPs

AWS Security

Cloud Security Architecture

AWS IAM

AWS S3

Encryption and KMS

Creating and DEPLOYING a Static Website Hosted on AWS S3 (In progress)

Batch Job Security

Related:

Ubuntu on AWS

Secure Code

Application Security

Troubleshooting CloudFormation — tips and error messages you might face

Troubleshooting and Issues with EC2, CloudShell, etc.

AI

Continuous improvement — revisions and do overs

I’m adding a preliminary post to this series to explain what it’s all about and where you may want to start. I decided to start over with a new account and rebuild everything out for reasons I explained along the way. All the initial posts are relevant and will be used in the new architecture. To decide where you want to start check out this post:

Baking Security In From the Ground Up on AWS

Walk through the thought process of creating secure Batch Jobs to capture and report on cybersecurity metrics in this blog series. Please note that this series contains information related to governance and secure deployments — not just the batch jobs themselves. I’m basically coding every day and writing about it as I go to complete a project I’m working on to help customers with security metrics.

Cybersecurity Book Review: How to Measure Anything in Cybersecurity Risk

Should We Apply Statistics to Cybersecurity Risk Decisions?

A Value-Based Approach to Cybersecurity Metrics

How Batch Jobs Can Help Cybersecurity

Creating an AWS Batch Job That Requires MFA

Components of an AWS Batch Job

Threat Modeling for Containers

A C2 Channel on WordPress to Access AWS IAM Role Credentials

Cloud Architecture and KMS Keys

Welcome to AWS Identity Center

The Yubikey CLI and AWS MFA

Automate AWS Account Creation

Architecting Automated Operations That Require MFA on AWS

Security Architecture is Not A Checklist

Create an IAM User with CloudFormation

Create an IAM role for a Batch Job

Adding Conditions to AWS IAM Policies

Generic AWS KMS Key Deployments

Defining Requirements for KMS Encryption Key Policies

A Role for Automated Credential Deployments

Create a Batch Job Trigger Role

Limiting Access to KMS Keys via Secrets Manager

A KMS Key Administrator Role and IAM Policy

Resource, IAM, and Trust Policies on AWS

Why You Should Consider Separate IAM Administrators

Test Automation for Deployments

Deploy A KMS Key and Key Policy with CloudFormation

Using an AWS CLI Profile with MFA

Unique AWS Policy Templates for a Common Role Template

Modifying A Role CloudFormation Template to Pass in an ARN to Assume the Role

Confused Deputy Attack in IAM, Resource, and AssumeRole Policies

Conditions and Mappings in CloudFormation Templates

Specifying the Roles an IAM Identity Can Assume

Protecting KMS keys, S3 buckets and other resources from unintended exposure

Creating Automation Credentials Without Exposing Them To Users

Creating Zero Trust AWS Policies

Querying CloudTrail with CloudTrailLake

Adding a KMS Key Alias With CloudFormation

AWS Lambda and Batch jobs for Steps in a Process

AWS Resources Organization and Naming Conventions

Cloud Network Architecture and Naming Conventions

Refactoring Existing Code to Use IAM Naming Conventions: Part 1

Refactoring Existing Code to Use IAM Naming Conventions: Part 2

Refactoring Existing Code to Use IAM Naming Conventions: Part 3

Assigning a Group to a Trust Policy in an AWS IAM Role

Creating Shared Repositories and Code in an Organization

Limiting which CloudFormation Stacks an AWS principal can update

Keeping Credentials Out of GitHub

Cloud Security Architecture — Batch Jobs

Lambda Networking

Cryptographically Secure Random

Automating a Lambda Function Deployment

Which Programming Language Should You Use?

Sending an SMS Message from a Lambda Function

Using Python and Boto3 in AWS

Parameters in Lambda Functions that lead to XSS and Injection

Validating Input Parameters in A Lambda Function

Using AWS Systems Manager Parameter Store with AWS Lambda

Adding a KMS Key Id to AWS SSM Parameter Store

Automate Creation of a VPC

Public and Private VPCs and Subnets (Route Tables)

Remove extraneous VPC route tables

VPC Flow Logs Governance

Automated Creation and CIDR Allocation for Subnets on AWS

Why You Need a VPC

Automated Creation of NACLS on AWS

Automated Creation of Security Groups on AWS

AWS Credentials in Boto3 and CLI Debug Output

Troubleshooting CloudFormation

Network Services on AWS

Default VPC Security Group Names and Set Rules

Network Design: Developer Network

Network Design: Serverless Applications

DNS and NTP on AWS

AWS PrivateLink and VPC Endpoints

Developer Virtual Machines as Bastion Hosts

Mechanisms of Authenticating to a Linux VM (EC2 Instance) on AWS

Automated Creation of an SSH Key for an AWS User

When What You Deleted is Not Really Deleted

AWS Nitro Enclaves and TPMs

Creating and Storing an EC2 SSH Key in Secrets Manager

User-Specific Secrets on AWS: IAM Policies

User-Specific Secrets on AWS: Separation of Duties

User-Specific Secrets on AWS: KMS and MFA with Developer Credentials

Creating an AppSec Group to Administer Secrets Manager Secrets

AppSec Role for Secrets Management

Ensuring Your CloudFormation Scripts Deploy Properly in Production

Automated Deployment of an EC2 Instance with the Latest AWS Linux AMI

Deploy an EC2 Instance with a KMS Encryption Key

Updating Test Scripts With Dependencies in Mind

Autogenerated Passwords in CloudFormation for AWS Console Access

Automatically Deleting a Failed CloudFormation Stack in a Rollback State

User-Specific Secrets: Console Access

AWS Changing ARNs in Trust Policies — Big Problems

Deleting CloudFormation Stacks

Deleting CloudFormation resources with IAM and Resource Policy Dependencies

Allowing Users to Start Encrypted EC2 Instances in the AWS Console

Connecting to an EC2 instance via SSH (and when you can’t)

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

Deploying an AWS Elastic IP Address

Local Firewall Rules to Connect to an AWS EIP via SSH

Limiting Access to an AWS EIP in GitHub

Prefix Lists in Network Rules to Access AWS Services Without CIDRs

How an EIPAssociation in CloudFormation can Help Prevent Dependency Issues

Creating an AWS Security Group rule to Access GitHub with a Customer-Managed Prefix List

VPC Endpoint for CloudFormation

Creating a Role for an EC2 Instance with CloudFormation

Validating VPC Endpoint Connections Occur Via the Private Network

Add a Policy to an AWS VPC Endpoint

How to Fix CloudFormation

How CloudFormation Helps Security

Stop Writing Paper Policies

Why You Should Not Swallow Errors

User-Specific Security Group for Remote Access

User-Specific EC2 Instance

Bypassing the User-Specific Restrictions We Created for Cloud VMs

Automatically Stop VMs on AWS

Customer-Managed KMS Keys vs. AWS Managed Encryption

AWS Secrets Manager vs. SSM Parameter Store

Multiple MFA Devices for AWS IAM

Authentication Flow for Batch Jobs

Biggest Data Breaches of 2022

Oktapus

Domain Name Registration Security

Governance for DNS on AWS

AWS SSO (IAM Identity Center) for Separation of Duties

AWS CLI for an SSO User

Can I Restrict an AWS SSO user to Console Only?

Transferring Files in S3 Between AWS Accounts

IAM Administrator Permissions for An AWS Organization

To NotResource or To Not NotResource In an AWS IAM Policy

AWS IAM Permission Boundaries

Privilege Escalation Via a Cloud Compute Resource

Backdoors and Privilege Escalation Via Cloud Account Users

Abstraction in Cybersecurity

DRY — Don’t Repeat Yourself

AWS Service Control Policies

Would You Accept an Inconvenience To Prevent a Data Breach?

Letting Governance Teams Govern

Creating an AWS Governance Account

Delegated Administrator for AWS Organizations

Analyzing CloudTrail Requests Related to SCPs

Delegating SCP Management to Governance Team via AWS Organizations

re:Boot ~ Creating an AWS Account

Mitigating CreateUser Privilege Escalation and Back Doors

What are AWS’s Security Responsibilities, Anyway?

AWS CLI Session Compromise

Multi-Session Compromise

Security Product Assessments

What is an identity provider (IdP)?

Okta for Directory, IdP, and SSO

SCIM (System for Cross-domain Identity Management)

AWS SCIM and AWS IAM Identity Center

Automated AWS Organization Creation

Risk Associated with the Root User for a New AWS Organizations Account

Risk Associated With Default AWS Service-Linked Roles

Risk Associated With The Role Created In New AWS Organizations Accounts

A Safer AWS Organizations Management Role

Organizational Root User for Initial Setup on AWS

Cross-Account Access to an Account in an AWS Organization

AWS IAM Architecture for New AWS Accounts

Federating AWS Authentication to Okta with SAML

Assessing Okta’s Protection of Customer’s AWS Credentials and User Directory

Cloud (CSPM) and SaaS Security Posture Management (SSPM)

Okta Networking

Okta IAM

Okta MFA

Okta Logging, Monitoring, and Alerts

AWS SAML Federation to Okta Architecture

Close an AWS Account in an Organization

AWS Service Control Policy Architecture

Root OU Service Control Policies

Creating an Organizational Unit (OU) and Service Control Policies (SCPs) with CloudFormation

Okta SAML Integration with AWS IAM Step 1: Obtaining the Metadata

Okta SAML Integration with AWS IAM Step 2: AWS IAM Identity Provider

Okta SAML Integration with AWS IAM Step 3: Creating SAML Roles

Okta SAML Integration with AWS IAM Step 4: Granting Okta Users Access to AWS Roles

Security Risks Associated with Support Teams

Risks Using a Third Party Identity Provider with Azure

Create an AWS Account with CloudFormation

Proposal: Revisions for CIS Controls #1 and #2

Assessing Supply Chain Geopolitical Risk

Defining AWS Accounts and Organizational Units

Root SCP Fails to Disable Root Actions — Troubleshooting SCPs

SCP to Allow Closing and Removing AWS Accounts — Part 1

SCP to Allow Closing and Removing AWS Accounts — Part 2

SCP to Allow Closing and Removing AWS Accounts — Part 3

Simplifying Security in AWS

Closing An AWS Account Associated With AWS Control Tower

Creating an AWS Backup Account

Steps to Enable CloudTrail for an AWS Organization

AWS Organizations: Enable All Features

Create A KMS Key for AWS Organizations Trail

Granting AWS CloudTrail and Users Permission to use a KMS Key

AWS S3 Bucket Configuration

Generic Template for an S3 Bucket

How a CloudFormation Template Can Secure Your S3 Buckets

S3 Bucket for S3 Access Logs

S3 Bucket for CloudTrail

Who Owns The Objects in your AWS S3 Buckets?

Conditional Properties and Resources in CloudFormation Templates

S3 Bucket Policy for an Organization CloudTrail Bucket

Troubleshooting S3 bucket policies

S3 Server Access Log Bucket Policy

Granting AWS Services Access to use a KMS Key

Create an Organization CloudTrail with CloudFormation

Incremental Service Control Policy Rollouts to Prevent Production Outages

Enabling Cost and Usage

MFA on Delete For S3 Buckets

Assume the Organizations Role in the Sandbox Account

Creating Functions to Use Assumed Role Credentials

Create an AWS Sandbox Account Administrator

Create a KMS Key for the Sandbox Account with Organization Role

Deploy a Cross Account Role that Requires MFA Using CloudFormation

Using the Security Automation Framework with Your Own Code

Breaking Change ~ Validating Variables

Manually Migrate an AMI to a New Account

Troubleshooting Cross-Account AMI Permissions

Re-encrypting an EC2 Instance With Your Own CMK

Sharing an Encrypted AMI Programmatically

Copy Files Between S3 Buckets In Different AWS Accounts

AWS StackSets

Remove AWS Control Tower

AWS Organizations Close Account Constraint

Increase AWS Organizations Account Limit

Move Account from Organization to Another

Do You Need AWS Traffic Mirroring?

Create Functions to Deploy a SecureString SSM Parameter

Getting Around One of the AWS SSO (Identity Center) Weaknesses

Using the AWS CLI to Configure a Role Profile With MFA

Components of a Static Web Site on AWS

Create a New GitHub Repository Using the Command Line

Create an AWS User, Group, and Cross-Account Role for Static Web Management

Test Script For Cross-Account Roles

Managing Application Code

Migrating Code from S3 to a New GitHub Repository

Preventing Sensitive Files in GitHub with a .gitignore file

Protected Git Branches

Refreshing Temporary Credentials in an AWS CLI Profile

Subdomains — uses and attacks

Deploying an AWS Route 53 DNS Hosted Zone

Tags on AWS for Governance, Security, and Cost Allocation

Multi-Person Process for Updating Domain Names

Getting Account Number by Account Name with the AWS CLI

Function to Move AWS Accounts Between Organizational Units

A Cloud Security Center of Excellence

Setting up a User and Role for Domain Name Administration

Update NS Records for a Domain Name on AWS

Updating the NS Records for a Subdomain on AWS with the AWS CLI

Deploy A TLS Certificate for on AWS Using CloudFormation

Validate A TLS Certificate Deployed With CloudFormation

Certificate Transparency Logs —What you need to know

How to Fix TLS Certificate Deployment Via CloudFormation

Delete a DNS Record in a Hosted Zone with the AWS CLI

Getting the Actual Path of a Script Included with Bash Source

Automatically Displaying the Reason A CloudFormation Stack Failed Using AWS CLI

KMS Keys for Static Website S3 Buckets

Automated Deployment of an S3 Bucket for a Static Website

How a Content Delivery Network (CDN) Can Help Your Website

GitHub Actions

Security Best Practices for GitHub Actions

Alternatives to GitHub Actions

A Script For Checking In Code to GitHub

AWS Code Commit vs. GitHub — Why Not Both?

Create an AWS Code Commit Repository With CloudFormation

Using Git Commands with AWS Code Commit

Network Security for AWS CodeCommit Git Repositories

IAM Policies for AWS CodeCommit

Fixing Your Python Version on AWS EC2 with Amazon Linux

Require MFA for Git Commands With AWS CodeCommit

Saving Money on S3 and KMS with Lifecycle Rules, CloudFront, and AWS S3 Bucket Keys

Lambda Networking Best Practices

Lambda Functions as Batch Jobs

AWS VPC with a NAT

AWS Transit Gateway with a NAT and Network Security Options

Architecture with Transit Gateway in an AWS Organization

Conditions and Parameters in IAM and Resource Policies

Fixing AWS GitHub Prefix List — GitHub API Changes??

Deploy a Public and Private Subnet in an AWS VPC

Simplifying ID Lookups from CloudFormation Outputs

VPC with a NAT and a VPC Endpoint Deployed With CloudFormation

Containers 101 and Why Use Them?

Installing Git in a Container

How to Tell if You’re Inside a Container

Cloning git Repositories in a Container

Container Engines and Runtimes

Deploy an AWS Elastic Container Registry Repository with CloudFormation

How do I convince my security team to let me stop using CloudFormation

How to Make CloudFormation Faster

CloudFormation Micro-Templates

Inconsistencies and Risks That Make AWS KMS Key Deployments Complicated

Pushing a Container to the AWS Elastic Container Registry

Leveraging Containers in Lambda for Governance, Secure Configurations, and Portability

A Single Template Each for Lambda Functions, Roles, and Policies

Deploying A Generic Lambda Container Role and Policy

Deploying a Secret to Use With A Lambda Function Using CloudFormation

Adding Fn::ForEach to a KMS Key Policy CloudFormation Template

Thinking About CloudFormation LanguageTransformations

Pausing to Consider Services vs. Users of KMS Keys

Allow Lambda to Pull Containers from Elastic Container Registry

Your Website Got an F in Security

Different Types of Man-In-The-Middle Attacks

Deploying a Lambda running a Container using CloudFormation

Testing a Lambda function with the AWS Console and Enabling CloudWatch Logs and Metrics

Lambda Architecture vs. Container Architecture

Fixing Application Errors Inside a Container Used By a Lambda Function and Redeploying It

Testing Lambda Functions Locally Outside of Lambda

Why Do I Need a Language Specific Runtime in a Lambda Container?

Custom Lambda Runtimes

Custom Bash Runtime for Lambda Container

Adding Error Handling to Bash Custom Lambda Runtime

Using the Lambda Runtime Interface Emulator With a Custom Bash Runtime

Troubleshooting Lambda Networking

Tips to Reduce Network Noise via AWS Subnet NACL

Why You Need CloudTrail Data Events for AWS Lambda Functions

Restricting the Ability to Invoke a Lambda Function to a Private Network

Restricting Access to Invoke Lambda Functions to an IP Range in a Service Control Policy

AWS IP Conditions in an SCP Not Working With Private IP Ranges and Lambda VPC Endpoint

Restricting Access to Call Lambda Functions to a VPC Endpoint in a Service Control Policy

Adding a Secret to A Lambda Deployment

Configuring GitHub With a Personal Access Token and Network Access for a Lambda function

Using a Secrets Manager in an AWS Lambda Function in a Private Network

How I Just Significantly Improved Network Performance on AWS

Troubleshooting VPC Endpoints

A Bash Error Handler For a Bash Custom Lambda Runtime

Handling Credentials Generically in a Custom Lambda Runtime

Where Are Your Yum Packages Coming From?

Cloning a GitHub Repo to AWS CodeCommit

Giving Your Cloud Credentials to Another Cloud Provider

Mirroring a GitHub Repository to GitHub with AWS Secrets Manager

Parsing and Validating Lambda Parameters and Environment Variables

Expanded Validation Functions to Prevent Malicious Characters

Getting Git Credentials Out of the URL

An SCP with Multiple Conditions to Enforce MFA to Clone a GitHub Repository (In theory)

Enforcing MFA Each Time a Lambda Function Runs (First Attempt and Set Up)

Troubleshooting the MFA in Lambda— Works Locally Not In Lambda

Moving A Lambda Function to AWS Batch

Had to republish this one:

Require MFA for Git Commands With AWS CodeCommit

Building a Container for AWS Batch vs. AWS Lambda

Analyzing IAM Roles and Policies for MFA to Run AWS Batch

Batch Compute Environment and Execution Roles and Policies

Reorganizing AWS Batch Service Documentation

Preventing the Cross-Service Confused Deputy Attack on AWS

CloudFormation for AWS Batch Roles and Policies

Troubleshooting AWS Batch And Minimizing Costs

A New Strategy for Batch Job Orchestration

It’s Friday.

Why Does Private Networking on AWS Cost So Much?

Passing AWS Credentials Into a Container

Assuming a Role With MFA When An EC2 Instance Starts and Run a Container With the Credentials

Automation Credentials Versus Console Credentials

Configure an EC2 Instance to Assume a Role With MFA on Startup and Pass it to a Container

Revisiting The Generic Lambda Function Objective

A Policy That Allows Cloning A CodeCommit Repository and Pushing It To An S3 Bucket

S3 Access and Logging Pop Quiz

Lambda Function Policy With Cross-Account S3 Bucket Access

A Generic S3 Bucket Policy for Applications

Troubleshooting Software Installs on AWS Private Networks

Simplifying An AWS Network Design

Clone a CodeCommit Repository in a Lambda Function

Creating a Base Container for Lambda Functions

Why I’m Not Using Lambda Step Functions (Yet)

AWS S3 Bucket Keys to Reduce KMS costs

Organization-Environment Naming Convention on AWS

KMS Keys for AWS Organizations Environments

Generic Scripts For Deploying an Organizations, Environments, and Applications

BoolIfExists for MFA — Just Say No

Getting the ARN or ID for A Resource Deployed With CloudFormation

Generating A Directory Structure For CloudFormation Templates

Why I Am Not Using AWS Organizational Unit for My Environment Name

Oops 364.

Aligning Template File Names With Resource Names

A Better Function For Validating Parameters Are Set

Simplifying Deployment Scripts While Maintaining Separation of Duties

BoolIfExists for MFA — Just Say No

Restricting Users to Creation of Their Own MFA Devices

Restricting Users to Changing Their Own Credentials

How to End an Active AWS CLI Assumed Role Session

Preventing Privilege Escalation with an AWS IAM Permission Boundary

AWS IAM Permission Boundaries Versus Service Control Policies

Architecting Administrative Access in an AWS Organization

Deploying the Initial Admin User With Limited Permissions

Deploy an Organization With CloudFormation

Creating an Initial Admin Role Credentials For Automation With MFA

Creating a Common Deployment Container That Requires MFA

Selling on the AWS Marketplace

AWS Service Endpoints and VPC Endpoints

Using a Deployment Container That Requires MFA to Deploy Resources to an Account In Another AWS…

Ensuring Your AWS CLI is Really Up To Date

A vulnerability was announced that involves SSH and RSA. I addressed that vulnerability in these three posts.

What to Do About a Recently Discovered SSH Vulnerability

A CloudFormation Template to Enforce a Secure SSH Encryption Algorithm for EC2 Key Pairs

Creating a Service Control Policy To Limit SSH Key Algorithms

A *Working* Container That Requires an MFA Code on Every Invocation and Runs A Script

Resources To Deploy for an AWS Organization Using a Common Deployment Container

Migrating AWS Organization Configuration Code to a Container

Using Session Names to Log Who Deployed What in CloudTrail

Generic Changes to Migrate Scripts From My POC Code Base to the Container Code Base

Why I am not using Dynamic AWS SSM Parameter Store Resolution in CloudFormation

Repository Accounts and Administrators

Passing a Parameter List Into A Container That Runs an AWS Deployment

AWS Org Admin Account

Trusted Access for Account Management on AWS

Generic Methods for Enabling and Disabling Services for an AWS Organization

Delegated Administrators for Services Integrated with AWS Organizations

Automated Deployment of a Resource Policy for an AWS Organizations

The Conundrum of Limiting Access to Change a Single Service Control Policy

Avoiding Naming Conflicts in CloudFormation Template Outputs

Generating CloudFormation Deployment Code With a Simple Script

Locking Down An SCP to Only Allow Modifications From the Management Account — Dynamically

Attempting* to Use A Service Control Policy to Limit Users to Changing Their Own Credentials

Requiring MFA in an AWS Organizations Service Control Policy

Testing the AWS Organizations Role With an SCP That Enforces MFA

An AWS Organizations Admin in a Non-Management Account

Deploying Multiple Resources By Combining Micro-Templates Scripts

Adding Names to the Parameters Passed Into A Container and Functions

Parallel Processing for CloudFormation Micro-Templates

A Recursive Function to Obtain Organizational Unit IDs

What Happens When You Change the Parent ID for an Organizational Unit CloudFormation stack?

Adding Environments to An AWS Infrastructure Naming Convention

If You Delete a Resource Created By CloudFormation Will It Be Recreated If You Redeploy the Stack?

Deploying an AWS Account Using a Deployment Container

If You Delete and Redeploy a Principal Referenced in an AWS Policy, Will Your Policy Still Work?

How to Change the AWS Account Email in an AWS Organizations Account

Naming Conventions That Minimize Complexity for Policies and Roles

Creating an AWS Account Alias

Assuming the AWS Organizations Role In a Job that Creates a New AWS Account

Deploying AWS Accounts In Parallel Using CloudFormation

Creating a Project Account With Microtemplates on AWS

What’s Taking Me So Long To Write This Code?

Configuring a New Project Account: One job, many templates

Creating a KMS Key Shared With an Organization OU Using a Generic Key Policy

Checking out the new CloudFormation import-existing-resources option

Import The Default Route Table for a VPC Into CloudFormation

Do you know where your certificates reside when you use AWS ACM with a “Trusted Enclave”?

Using git-secrets and GitHub policies To Keep Secrets Out of GitHub

Setting Up A Delegated Organizations Administrator With CloudFormation

Using an SSM Parameter to Pass Parameters To A Container

The Importance of Parameter Management in Cybersecurity and Application Security

Using SSM Parameters to Define Jobs A User Can Run in an AWS Account

Creating a Generic Job Execution Container

Structuring Accounts For A Common Job Execution Framework

Separate Repositories for a Job Execution Framework, Job Images, and Job Configurations

A Docker Container In CloudShell

A Container That Initializes an AWS Organization in CloudShell

A Container That Initializes an AWS Organization in CloudShell

Job Execution Framework Environments

Creating a New Batch Job Type For The 2SL Job Execution Framework

Adding a Batch Job Configuration SSM Parameter For The 2SL Job Execution Framework

Deploying a Stack With The 2SL Job Execution Framework

How Much Code Have You Eliminated Today?

Standard, Configurable Repositories to Run Jobs

One AWS Deployment Container

AWS Developer Credentials Sent Straight to an AWS Secret

Test and Production Repositories

A Firewall for AWS CloudShell

When Drift Detection Fails

Resource Injection via a CloudFormation Import

Importing a Resource In an AWS Deployment Container

Evaluating Use of a New Programming Language ~ Rust

Declarative, Imperative, Configuration, Data, Executable, Predicate Logic, Deterministic…

Initializing Your 2nd Sight Lab Job Execution Framework Configuration Repository (v 1.0)

Creating A Private Job Configuration for the 2nd Sight Lab Job Execution Framework (v 1.0)

Executing The First Root Job Using The 2nd Sight Lab Job Execution Framework (v 1.0)

Setting up the 2nd Sight Lab Job Execution Framework to Run Jobs Manually On AWS

A Credential Hierarchy for the 2nd Sight Lab Job Execution Framework

Updates to 2nd Sight Lab Job Execution Framework Configuration Deployment Script

Running Docker in Rootless Mode in Amazon Linux 2023

Had to take a break here to work on some security changes due to an issue on one of my laptops. Looking for ways to improve security. Once I figure out the best way to deploy the additional security, I hope to deploy it with the container solution I’ve been working on. 😊

~~~

Investigating, Containing, and Removing Malware on a Mac

~~

IPV6 Attacks

Who Owns That IP Address?

Public and Private Autonomous System Numbers (ASNs)

I Created a Fake Entry In AWS VPC Flow Logs

AWS Routing Logs and Error Messages #awswishlist

How to Route Your Home Network or Business Network Traffic Through AWS and Why

Configuring the VPC and VPC Flow Logs for an AWS Site to Site pfSense VPN

AWS Credentials and Roles for the pfSense VPN Wizard

Calculating the Cost of An AWS Architecture plus a Region Security Warning

Creating an AWS Site to Site VPN for pfSense with a Virtual Private Gateway

Test Sending Traffic From a Load Balancer To A NAT Gateway

Sending Traffic From pfSense to a Site to Site VPN to a VGW to a NAT in AWS

Subnets And Routes For a Public NAT

Configure a Transit Gateway To Route Traffic From A Site To Site VPN to a NAT

Why All The So-Called VPN Replacements Are Not VPN Replacements

Does Your VPN Have a DNS Leak?

Looking for Packet Leaks After Implementing an IPSEC VPN

To be continued…

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2022

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call

Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab