I found this bug in CloudTrail when working on the AWS keyWatcher project. I noticed that some CloudTrail logs do not have access key id field. Then I opened a ticket with AWS support, and they forwarded it to the CloudTrail service team. Here is the response which confirms it is a bug: Briefly speaking, … Continue reading CloudTrail bug
Category: Security
AWS keyWatcher
We have seen multiple times that users accidentally expose their AWS access key and secret key on Internet, e.g. GitHub. This is a really dangerous thing, as whoever get that key can do whatever you can do to your AWS account. Here are two examples, the exposed key was used by someone unknown to create … Continue reading AWS keyWatcher
Akamai add basic auth to incoming request
In some cases, Akamai may need to add auth basic to incoming request before sending it to the origin. Here is how to: 1) encode the username and password in the format of username:password. It can be done either via bash script or the online tool. # echo -n username:password | base64 dXNlcm5hbWU6cGFzc3dvcmQ= https://www.base64encode.org/ 2) Add a behavior … Continue reading Akamai add basic auth to incoming request
Nginx upstream key exchange issue
Continue with my previous post. Now it is about phase #3. Theoretically, it should be very straightward. All Nginx needs to do is just fowarding the Akamai reqeusts to the upstream. Right? But in real life, whatever can go wrong will go wrong 😦 In the testing, we always get '502 Bad Gateway' error. I … Continue reading Nginx upstream key exchange issue
Akamai protocol rewrite issue
I have been working on a API gateway project (Akamai + Nginx + Lua) for quite a few weeks. There are lots of things that I would like to write and share. This post is one of them. The high level architecture looks like this: Phases: Users send http(s) GET or POST requests to Akamai. Akamai … Continue reading Akamai protocol rewrite issue
Jackie Chen's IT Workshop 