Tag: Security

How to assume root user of an AWS account?


Due to that some tasks require root user credentials, from time to time we need to login into an AWS account as root, e.g removing a misconfigured S3 bucket policy which denies all principals. Conventionally, we login into the account from the AWS login console with root user email, password and MFA. Now, there is … Continue reading How to assume root user of an AWS account?

Two Examples of using AWS Network Firewall


AWS Network Firewall is a high-available and scalable firewall service that provides network protections for VPC, which is a supplement to the existing security services. Security group protects computing resources (EC2, Lambda, RDS...)NACL (Network Access Control List) protects subnetsWAF (Web Application Firewall) and Shield protects frontend resources (ELB, CloudFound, API Gateway) There are quite a … Continue reading Two Examples of using AWS Network Firewall

AWS Security Checklist


Identity & Access Management Secure AWS account (AWS organization, MFA).Rely on centralized identity provider (SSO).Use multiple AWS accounts ot separate workloads and workloads stages such as production and non-production (SCP, Guardrails, Control Tower).Store and use secret securely (STS, Secrets Manager). Detection Enable foundation security services (AWS CloudTrail, Amazon GuardDuty, and AWS Security Hub).Configure service and … Continue reading AWS Security Checklist

Use AWS Secret Manager to handle credentials


AWS Secret Manager is a great solution for secret management. It is similar to HarshiCorp Vault, but with better integrations with other AWS services, e.g. IAM, RDS, Redshift, DocumentDB. As illustrated above, I created a database in RDS and a credential in Secret Manager, then attached the credential to the database for dynamic reference. The … Continue reading Use AWS Secret Manager to handle credentials