Two Examples of using AWS Network Firewall


AWS Network Firewall is a high-available and scalable firewall service that provides network protections for VPC, which is a supplement to the existing security services. Security group protects computing resources (EC2, Lambda, RDS...)NACL (Network Access Control List) protects subnetsWAF (Web Application Firewall) and Shield protects frontend resources (ELB, CloudFound, API Gateway) There are quite a … Continue reading Two Examples of using AWS Network Firewall

Yum gets ‘HTTPS Error 403 – Forbidden’ error in Amazon Linux 2


If you use S3 endpoint not NAT/Proxy to access the Amazon yum repository, then this post should be helpful to you. We use S3 endpoint to access Amazon repositories, and we noticed that any yum operations failed with the 'HTTPS Error 403 - Forbidden' error in the EC2 instances that are launched from the latest … Continue reading Yum gets ‘HTTPS Error 403 – Forbidden’ error in Amazon Linux 2

Setup AWS “Instance Profile” for on-prem servers


I assume you already knew what the EC2 instance profile is. Basically, the instance profile defines the permissions that a EC instance has. As it is associated with an IAM role which has a bunch of IAM policies attached. And the AWS credential in the EC2 metadata is automatically rotated by the instance profile. In … Continue reading Setup AWS “Instance Profile” for on-prem servers

When KMS key grant is created for Lambda execution role?


I was working on a new Lambda function a couple days ago. It took me a while to deploy it successfully via CloudFormation. It was all due to some required IAM policies were missed in the deployment role. So I had to delete the stack then create again for a couple of times. When I … Continue reading When KMS key grant is created for Lambda execution role?