Two Examples of using AWS Network Firewall

AWS Network Firewall is a high-available and scalable firewall service that provides network protections for VPC, which is a supplement to the existing security services. Security group protects computing resources (EC2, Lambda, RDS...)NACL (Network Access Control List) protects subnetsWAF (Web Application Firewall) and Shield protects frontend resources (ELB, CloudFound, API Gateway) There are quite a … Continue reading Two Examples of using AWS Network Firewall →

When KMS key grant is created for Lambda execution role?

I was working on a new Lambda function a couple days ago. It took me a while to deploy it successfully via CloudFormation. It was all due to some required IAM policies were missed in the deployment role. So I had to delete the stack then create again for a couple of times. When I … Continue reading When KMS key grant is created for Lambda execution role? →

How ACM protects the private key?

Simply speaking ACM (AWS Certificate Manager) uses KMS (Key Management Service) to protects the private key. What drew my attention into this topic is that a user get denied (no permission to describe kms key) when trying to request a ACM certificate in a region where KMS is explicitly denied. This diagrams explains how ACM … Continue reading How ACM protects the private key? →

AWS IAM Role Chaining

Question: Using the credentials for one IAM role 1 to assume a different IAM role 2, what is the maximum duration of the new credentials? A. Same as Role 1B. Same as Role 2C. Same as the role (1 or 2) which has longer maximum duration D. Same as the role (1 or 2) which … Continue reading AWS IAM Role Chaining →

AWS Security Checklist

Identity & Access Management Secure AWS account (AWS organization, MFA).Rely on centralized identity provider (SSO).Use multiple AWS accounts ot separate workloads and workloads stages such as production and non-production (SCP, Guardrails, Control Tower).Store and use secret securely (STS, Secrets Manager). Detection Enable foundation security services (AWS CloudTrail, Amazon GuardDuty, and AWS Security Hub).Configure service and … Continue reading AWS Security Checklist →

	runcheng on When KMS key grant is created…
	tuhinchakravorty on PowerCLI: Check ESXi Scratch L…
	Tuhin Chakravorty on PowerCLI: Check ESXi Scratch L…
	Dijon Luc on Moving VM to Folder in vC…
	Jackie Chen on CICD Design for Atlassian Suit…
	Daniel on CICD Design for Atlassian Suit…
	Backup Exec Communic… on Backup Exec: Communication Sta…
	Nathan Dolan on Yum gets ‘HTTPS Error 40…
	BigJefe on Fail to quiesce a virtual mach…
	Jackie Chen on Run Jira Data Center on Kubern…