Considering it’s Halloween, I thought I would share some terrifying scam stories, and some tips on tools on how you can keep the ghouls at bay this festive season (having said that, hindsight is a wonderful thing!)
security
Downloadable Threat Landscape Diagram
A threat landscape is a way of illustrating major threats that a user or organisation may encounter. This post provides a Mind Map that covers threats from an ENISA perspective.
First Look: AWS SNS Message Data Protection
AWS have released a new Beta feature for SNS called “AWS SNS Message Data Protection”. This post explains how this feature can be used.
Using AWS SNS with Private HTTPS Endpoints
A post on how the security-conscious can build a proxy to allow SNS to hit private HTTPS endpoints. Includes Source Code.
Automatically Logging S3 File Entries to CloudWatch
Explains how we can take files hitting an S3 bucket, calculate the delta for those files (i.e. new rows that have been added), and then split the new entries into individual messages for consumption by CloudWatch.
Includes Python Source-Code.
AWS Architect Professional (Recertification)
Advice for those re-sitting their AWS Architect Professional Exam, based on my own trials and tribulations!
Row Level Security for S3 Data on Redshift Spectrum – Part II
In the previous article of this 2-part blog, I outlined how Row-Level security can be implemented using Amazon Spectrum and Redshift.
This post deals with how tables and schemas can be created manually as part of row-level security.
Row Level Security for S3 Data on Redshift Spectrum – Part I
Part of the challenge of using some reporting applications on AWS is the limited connectors that are often available.
A recent challenge required reporting on data that was held in S3 and also to apply row-level security to that data. The reporting application in question did not have connectors for S3 but could connect to a database.
This article describes how I achieved this using AWS services.
This article is in two parts – Part I (this part) describes the configuration of the components at a high level. The next article will discuss how the objective can be automated.
Automating Thumbprint Retrieval for an EKS OIDC Provider
This article provides instructions on how to obtain a certificate thumbprint for an OIDC provider on AWS in an automated manner. Although this approach was created with EKS in mind, the same approach with work with other OIDC providers.
Working Java code is also provided.
AWS Forensics: EC2 Volatile Memory Capture
This post describes how you can implement EC2 Volatile Memory Capture in AWS.