When KMS key grant is created for Lambda execution role?


I was working on a new Lambda function a couple days ago. It took me a while to deploy it successfully via CloudFormation. It was all due to some required IAM policies were missed in the deployment role. So I had to delete the stack then create again for a couple of times. When I … Continue reading When KMS key grant is created for Lambda execution role?

AWS Security Checklist


Identity & Access Management Secure AWS account (AWS organization, MFA).Rely on centralized identity provider (SSO).Use multiple AWS accounts ot separate workloads and workloads stages such as production and non-production (SCP, Guardrails, Control Tower).Store and use secret securely (STS, Secrets Manager). Detection Enable foundation security services (AWS CloudTrail, Amazon GuardDuty, and AWS Security Hub).Configure service and … Continue reading AWS Security Checklist

ELBv2 ALB Security Group Check in Cloud Conformity


We use Cloud Conformity as a compliance check tool against our AWS environments. Recently, there is a new check failed - ELBv2 ALB Security Group, and the given reason is Load Balancer [alb-d-LoadB-XXXXXXXX] is not associated with valid and secure security groups. I have confirmed that the ALB is associated with a valid and security … Continue reading ELBv2 ALB Security Group Check in Cloud Conformity