A few months back, I introduced this project which masks texts in an image by utilizing a couple of AWS ML services (Rekognition, Textract and Comprehend). There are many use cases for such tooling, so last week I presented to my team with a live demo - Masking sensitive information in Slack with mask-it bot. … Continue reading Masking PII Image with Slack Bot
Category: Security
Serverless Ingress Solution on AWS
Below is the typical ingress solution for many organizations' AWS workloads. The data flow is: Users -> CDN (e.g Akamai,Cloudflare) -> Ingress internet-facing ALB -> Ingress ASG (e.g Nginx, HAProxy) -> TGW -> Workload internal ALB -> Workload applications (ASG or K8S services). As you can see, the improvements are the adoptions of some Cloud … Continue reading Serverless Ingress Solution on AWS
AWS IAM Roles Anywhere
A couple years back I wrote a post to share how to create AWS instance profile for on-premise servers. That was to use SSM agent and Lambda function to manage the IAM credentials for the on-premise servers. Starting early this month, the AWS native solution for such use cases are available - AWS IAM Role … Continue reading AWS IAM Roles Anywhere
Two Examples of using AWS Network Firewall
AWS Network Firewall is a high-available and scalable firewall service that provides network protections for VPC, which is a supplement to the existing security services. Security group protects computing resources (EC2, Lambda, RDS...)NACL (Network Access Control List) protects subnetsWAF (Web Application Firewall) and Shield protects frontend resources (ELB, CloudFound, API Gateway) There are quite a … Continue reading Two Examples of using AWS Network Firewall
When KMS key grant is created for Lambda execution role?
I was working on a new Lambda function a couple days ago. It took me a while to deploy it successfully via CloudFormation. It was all due to some required IAM policies were missed in the deployment role. So I had to delete the stack then create again for a couple of times. When I … Continue reading When KMS key grant is created for Lambda execution role?