Questions tagged with Security
Content language: English
Sort by most recent
I am working on Airbnb like project. There are Public RESTful APIs that need to be secured with API Gateway and oauth 2.0 I want a solution to secure the public RESTful APIs with OAuth 2.0. Thanks
Has anyone managed to get this to work ? I have just launched a new CSR and it has a public and private interface.
But I just cant get the DMVPN to go past NHRP.
Does anyone have an example CSR config they could share.
The CSR comes up as a spoke to the current HUB ok and EIGRP advertises the private subnet OK.
The issue is if I try and get another spoke site to use the CSR as the hub.
The inbound security group on the private CSR interface is currently set to accept all traffic from the spoke site.
I have a problem that I'm trying to fix for my school project.
Let's say I have account A and my friend accounts B.
each one of us as 1 instance ubuntu, and I want to transfer/allocate my elastic ip (if a program fails) to his instance through AWS CLI.
both instances are in the same vpc, same subnet.
so I have a script that disassociates the elastic ip and associates the new one to his instance like this.
aws ec2 disassociate-address --public-ip 00.00.000.00
(maybe on the script here I have to tranfer the elastic ip or make the awscli access his account?)
aws ec2 associate-address --public-ip 00.00.000.00 --instance-id i-00000000
of course, it won't work because the AWS CLI is connected to my account but I can't seem to find a way to make this work.
Possible ways, transfer ip but don't know how to do it in an automated way, iam roles?
I don't mind having both instances on one account but since we are 2 I would like to take advantage of the free tier since it's our first time using aws.
Any idea how I can make this work?
Is it possible to enable the oath2 backend for rabbit - https://www.rabbitmq.com/oauth2.html - within the Amazon MQ managed service?
My aws account was hacked today and the person changed my email (that’s how I knew it). I only have the minimum privileges and I want to close this account which no longer serves me anything since I can do nothing about it. I obviously can’t do it myself, what should I do?
I'm making changes to the applications to no longer use IAM User but IAM Role. But there are credentials that are still in use and I can't find them easily. A factor that would help would be to see the ip address that is using it. I tried to find it through CloudTrail but I wasn't successful. Is it possible to find out the ip address?
Hi,
Im trying to deploy a AWS WAF behind the AWS Network firewall.
Currently my setup has two Subnets under one VPC Public and Private.
Under Public Subner have give the firewall to work and private subnet for the WEB server just enabled http service.
Right now im trying to deploy AWS WAF behind the Network Firewall.
Is this possible or how should i take this forward on this.
I am using AWS EC2 instance and I can connect to it using username and key-value pair (file). But I'd need to connect (over Wordpress) to the server and it's asking me to enter a password.
How and where can I find the password which I can type in? (The only password, or better said private key, I am familiar with is in the .pem file)
Here is the screenshot: https://prnt.sc/gAdr9Y0DSaJb
Thanks!
Is there a way to allow a trailing slash or follow a 308 redirect for an OIDC discovery endpoint using the JWT Authorizer?
I'm currently using next.js with `trailingSlash: true` and some middleware that adds the .well-known/openid-configuration endpoint. Unfortunately next.js added a "/" suffix to make it .well-known/openid-configuration/ and the HTTP API gateway responds with the following header:
```
www-authenticate
Bearer scope="" error="invalid_token" error_description="non-200 status code received from OIDC discovery endpoint"
```
Is there a way to workaround this? Is this a bug or a strict adherence to the spec?
Any help would be appreciated,
Dave
Is it possible to have a secure (https) site hosted on S3 without CloudFront? I am using AWS GovCloud, and CloudFront is not a service available to me, nor can I use the commercially available CloudFront. I need to find other methods that allow me to have an https site that can reach out to an authenticator. What services can I use to accomplish this? Do I use a VPN?
I have a bunch of SQS services & s3 backup services that use a single IP address(NAT). As from today morning, I've lost complete connectivity to any & all aws services. Any TCP connection doesn't proceed beyond the firsy SYN packet. Has anyone ever heard of AWS perm-banning an IP address? I've got a bunch of business critical transactions stuck in SQS queues due to this :(
```
sudo tcpdump -i eth0 host 18.133.45.123 -n &
curl -v https://eu-west-2.queue.amazonaws.com/
* Trying 18.133.45.123...
* TCP_NODELAY set
16:20:47.610811 IP 197.248.216.154.33256 > 18.133.45.123.443: Flags [S], seq 2128825396, win 29200, options [mss 1460,sackOK,TS val 480045 ecr 0,nop,wscale 7], length 0
16:20:48.611248 IP 197.248.216.154.33256 > 18.133.45.123.443: Flags [S], seq 2128825396, win 29200, options [mss 1460,sackOK,TS val 480296 ecr 0,nop,wscale 7], length 0
16:20:50.627280 IP 197.248.216.154.33256 > 18.133.45.123.443: Flags [S], seq 2128825396, win 29200, options [mss 1460,sackOK,TS val 480800 ecr 0,nop,wscale 7], length 0
16:20:54.851253 IP 197.248.216.154.33256 > 18.133.45.123.443: Flags [S], seq 2128825396, win 29200, options [mss 1460,sackOK,TS val 481856 ecr 0,nop,wscale 7], length 0
16:21:01.934970 IP 197.248.216.154.42816 > 18.133.45.123.443: Flags [S], seq 3361955245, win 29200, options [mss 1460,sackOK,TS val 158275010 ecr 0,nop,wscale 7], length 0
16:21:02.960332 IP 197.248.216.154.42816 > 18.133.45.123.443: Flags [S], seq 3361955245, win 29200, options [mss 1460,sackOK,TS val 158275264 ecr 0,nop,wscale 7], length 0
16:21:03.043229 IP 197.248.216.154.33256 > 18.133.45.123.443: Flags [S], seq 2128825396, win 29200, options [mss 1460,sackOK,TS val 483904 ecr 0,nop,wscale 7], length 0
16:21:04.965428 IP 197.248.216.154.42816 > 18.133.45.123.443: Flags [S], seq 3361955245, win 29200, options [mss 1460,sackOK,TS val 158275768 ecr 0,nop,wscale 7], length 0
16:21:07.625705 IP 197.248.216.154.52394 > 18.133.45.123.443: Flags [S], seq 3840675465, win 29200, options [mss 1460,sackOK,TS val 3898989 ecr 0,nop,wscale 7], length 0
16:21:08.629690 IP 197.248.216.154.52394 > 18.133.45.123.443: Flags [S], seq 3840675465, win 29200, options [mss 1460,sackOK,TS val 3899240 ecr 0,nop,wscale 7], length 0
16:21:09.093703 IP 197.248.216.154.42816 > 18.133.45.123.443: Flags [S], seq 3361955245, win 29200, options [mss 1460,sackOK,TS val 158276800 ecr 0,nop,wscale 7], length 0
16:21:10.645819 IP 197.248.216.154.52394 > 18.133.45.123.443: Flags [S], seq 3840675465, win 29200, options [mss 1460,sackOK,TS val 3899744 ecr 0,nop,wscale 7], length 0
```
Console is not accessible too
```
sudo tcpdump -i eth0 host 99.83.252.222 -n &
curl -v http://console.aws.amazon.com/
* Trying 99.83.252.222...
* TCP_NODELAY set
16:21:46.099953 IP 197.248.216.154.36516 > 99.83.252.222.80: Flags [S], seq 773244091, win 29200, options [mss 1460,sackOK,TS val 494668 ecr 0,nop,wscale 7], length 0
16:21:47.107267 IP 197.248.216.154.36516 > 99.83.252.222.80: Flags [S], seq 773244091, win 29200, options [mss 1460,sackOK,TS val 494920 ecr 0,nop,wscale 7], length 0
16:21:49.123236 IP 197.248.216.154.36516 > 99.83.252.222.80: Flags [S], seq 773244091, win 29200, options [mss 1460,sackOK,TS val 495424 ecr 0,nop,wscale 7], length 0
16:21:53.219258 IP 197.248.216.154.36516 > 99.83.252.222.80: Flags [S], seq 773244091, win 29200, options [mss 1460,sackOK,TS val 496448 ecr 0,nop,wscale 7], length 0
```
Hello!
I am using AWS for the first time ever and got this email. I have an EC2 instance and using Amazon SES for transactional emails for my website. Not sure what exactly I need to do. Any help/direction would be much appreciated. I searched on re:Post but couldn't find a similar post.
We've received a report(s) that your AWS resource(s)
AWS ID: XXXX XXXXXX Region: us-west-2 EC2 Instance Id: XXXXXXXXXXXX
AWS ID: XXXX XXXXXX Region: us-west-2 Network Interface Id: XXXXXXXXXXXXXXXXXX
has been implicated in activity which resembles attempts to access remote hosts on the internet without authorization.
If you're unaware of this activity, it's possible that your environment has been compromised by an external attacker, or a vulnerability is allowing your machine to be used in a way that it was not intended.
* Log Extract:
<<<
This is an email abuse report about the IP address XX.XX.XX.XX generated at Mar 10 19:32:53
You get this email because you are listed as the official abuse contact for this IP address.
**The following intrusion attempts were detected:
Mar 10 19:32:53 arwen fail2ban.filter[4731]: INFO [proftpd] Found XX.XX.XX.XX - 2023-03-10 19:32:53
Mar 10 19:32:54 arwen fail2ban.filter[4731]: INFO [proftpd] Found XX.XX.XX.XX - 2023-03-10 19:32:54
Mar 10 19:32:55 arwen fail2ban.filter[4731]: INFO [proftpd] Found XX.XX.XX.XX - 2023-03-10 19:32:55
Mar 10 19:32:55 arwen fail2ban.actions[4731]: NOTICE [proftpd] Ban XX.XX.XX.XX
**
>>>