It is frustrated that Elastic Beanstalk console does not allow you deselect the custom availability zone once you selected and applied . I guess AWS just missed that function in the javascript. Here is a example. There is no way for me to deselect ap-southeast-2a in the custom availability zone in the Elastic Beanstalk console. The … Continue reading Deselect ‘Custom Availability Zones’ in Elastic Beanstalk
keyWatcher scan exposed AWS key
AWS Trusted Advisor recently added a new check 'Exposed Access Key' in Security category. This to checks popular code repositories for access keys that have been exposed to the public and for irregular Amazon Elastic Compute Cloud (Amazon EC2) usage that could be the result of a compromised access key. By default Trusted Advisor run … Continue reading keyWatcher scan exposed AWS key
‘aws support describe-trusted-advisor-checks’ is us-east-1 only?
Just found this out - you have to hard code '--region us-east-1` when run aws support trusted advisor relevant commands. I guess this is caused by the same reason that I explained in my previous blog IAM dependency. Here is my conclusion: whenever AWS says the service is global which does not require a region … Continue reading ‘aws support describe-trusted-advisor-checks’ is us-east-1 only?
CloudTrail bug
I found this bug in CloudTrail when working on the AWS keyWatcher project. I noticed that some CloudTrail logs do not have access key id field. Then I opened a ticket with AWS support, and they forwarded it to the CloudTrail service team. Here is the response which confirms it is a bug: Briefly speaking, … Continue reading CloudTrail bug
AWS keyWatcher
We have seen multiple times that users accidentally expose their AWS access key and secret key on Internet, e.g. GitHub. This is a really dangerous thing, as whoever get that key can do whatever you can do to your AWS account. Here are two examples, the exposed key was used by someone unknown to create … Continue reading AWS keyWatcher