Double SSH Hops example


Client -ssh only--> Jumpbox00 -ssh only--> Jumpbox01 --http only-> Internal network Here is how to ssh to jumpbox01, and visit websites in internal networks from Client. 1) Ensure you have a private key that is trusted by both jumpbox00 and jumpbox01. For example, jb.pem under ~/.ssh/, then run the following command: ssh-add ~/.ssh/jb.pem  2) Add the following … Continue reading Double SSH Hops example

Avoid Elastic Beanstalk to create security group for ELB


Just found out that there is a Elastic Beanstalk option named 'ManagedSecurityGroup' to allow you to use an exisiting security group for the ELB. Note the security group must be in the aws:elb:loadbalancer SecurityGroups list. Here is a sample: { "Namespace": "aws:elb:loadbalancer", "OptionName": "SecurityGroups", "Value": "sg-1111111,sg-222222" }, } "Namespace": "aws:elb:loadbalancer", "OptionName": "ManagedSecurityGroup", "Value": "sg-1111111" } … Continue reading Avoid Elastic Beanstalk to create security group for ELB

Deselect ‘Custom Availability Zones’ in Elastic Beanstalk


It is frustrated that Elastic Beanstalk console does not allow you deselect the custom availability zone once you selected and applied . I guess AWS just missed that function in the javascript. Here is a example. There is no way for me to deselect ap-southeast-2a in the custom availability zone in the Elastic Beanstalk console. The … Continue reading Deselect ‘Custom Availability Zones’ in Elastic Beanstalk

keyWatcher scan exposed AWS key


AWS Trusted Advisor recently added a new check 'Exposed Access Key' in Security category. This to checks popular code repositories for access keys that have been exposed to the public and for irregular Amazon Elastic Compute Cloud (Amazon EC2) usage that could be the result of a compromised access key. By default Trusted Advisor run … Continue reading keyWatcher scan exposed AWS key