Questions tagged with Security
Content language: English
Sort by most recent
How do I report a suspected fraudulent account?
I opened an Abuse case only to have the Trust & Safety Team bot reply that my question needed to go to Billing. I opened a Billing case only to have that bot tell me I needed to be able to login to the fraudulent account before I could discuss the account. It should not be this difficult to report fraud activity, or has it not occurred to anyone at AWS that fraud exists?
i have attached private subnet 1c to public application load balancer. what would happen with the server which is in public subnet 1c. will the traffic reach to that server ?
Hi All, is there anyone tried to configure CloudTrail for Redshift? we are trying to do this to get the IAM user activity who run the query in query editor v2.
We have found few docs and followed the steps to configure the CloudTrail, we cant get the logs we are looking forward.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-tutorial.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.html
This is the docs we have found to show us CloudTrail can integrate with Redshift. And it can get the log result for the query editor v2.
https://docs.aws.amazon.com/redshift/latest/mgmt/logging-with-cloudtrail.html
But it doesn't show the steps that how to logging the calls with CloudTrail.
Looking forward the guidance from you all, so that we can learn together.
Thanks.
I'm new to AWS and I'm trying to set up an Express server on Beanstalk and I'm logging to Cloudwatch.
I just set it up and got all the HTTPS stuff going and I'm able to use it on my app, but I noticed there were some weird logs in the `nginx/error.log` and `nginx/access.log`
**nginx/access.log**
```
xxx.xx.xx.xxx - - [27/Mar/2023:19:40:40 +0000] "\x16\x03\x01\x00\xA7\x01\x00\x00\xA3\x03\x03\x9E\xF3D\x02\x03\xD0R\xAAW\xA6\x7F]*U\x8A\xAC\x10\x22P \x8E\xA6\x10\x1F" 400 150 "-" "-" "-"
```
**nginx/error.log**
```
19:58:56 [warn] 9004#9004: *143823 using uninitialized "year" variable while logging request, client: xxx.xx.xx.xxx, server: , request: "��[�)
� !▴�0��햱�HX��6�]$w_�z� �
���xB��}{�p+�1l3~�G��>��n�&�+�/�#�'� ��,�0�$�(��"
19:58:56 [warn] 9004#9004: *143823 using uninitialized "month" variable while logging request, client: xxx.xx.xx.xxx, server: , request: "��[�)
� !▴�0��햱�HX��6�]$w_�z� �
���xB��}{�p+�1l3~�G��>��n�&�+�/�#�'� ��,�0�$�(��"
19:58:56 [warn] 9004#9004: *143823 using uninitialized "day" variable while logging request, client: xxx.xx.xx.xxx, server: , request: "��[�)
� !▴�0��햱�HX��6�]$w_�z� �
���xB��}{�p+�1l3~�G��>��n�&�+�/�#�'� ��,�0�$�(��"
```
I tried looking it up and all I got was someone else saying someone was trying to constantly ping me. Is this something I need to worry about? If not, is there a way to get rid of these logs so it doesn't clutter my logs? Would I just have to block these IP addresses?
Let me know if I need to provide more information, thank you!
I added an Inbound Rule to a Security Group, temporarily. After I was done with it, I attempt to remove it. When I try I get the following error...
There was an error modifying your security group inbound rules
The specified rule does not exist in this security group.
It is still listed as a rule, but I cannot delete it.
Advice? thx
Hi all,
I'm using the AWS Transfer Family service to transfer files using the AS2 protocol, and I'm having trouble whitelisting an IP or URL for the connector used by the service. Specifically, the connector does not have a static IP address, so I'm not sure what IP or URL I should whitelist on my partner's AS2 server.
I found a list of all the IP ranges used by AWS services at https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html, but I'm not sure which IP ranges I should put on the whitelist for the Transfer Family AS2 service connector. Is there a specific IP range or URL that I should whitellist for this purpose? Or is there a different approach I should take to configure network security rules for the connector?
Any help or guidance would be greatly appreciated!
Thanks in advance for your help!
I want to add range of IPs in outbound rules in security group. How can I do that ?
When we start with control tower, 2 accounts within security OU, i.e. log archive and audit accounts are created. On this structure I have a few questions:
1) I read detective guardrails are implemented by AWS config. But why can't I see those under config rules of AWS Config service.
2) I understand that Audit account has power to access other accounts programmatically. I thought this is the reason why security services like security hub, aws config and other security related services are hosted here. But in my project, security services are hosted in a separate account rather than audit account. If so, what is the purpose of audit account. Also, is it necessary for the account which holds centralized aws config aggregator, security hub etc. to have a programmatic access on other accounts?
3) By default, does log archive account just collects cloudtrails from all other accounts. Under AWS best practices, I see that audit account holds all the security services and also acts as a AWS config aggregator. At the same time, all logging (including DNS, VPC etc.) happens under Log archive account. If so, do we need to explicitly send aggregator logs in audit account to centralized s3 bucket under archive account.
Hello everyone,
I think you have also experienced this problem. I deleted the google authenticator app on my old phone and didn't move the account. On my new phone, I can't get the verification code. How can I re-enable 2fa app for my root account. I looked at many articles and progressed by marking troubleshooting, but it keeps looping. As a result, how can you disable and re-enable 2fa in your root accounts without entering the console?
Best regards
I'm trying to modify the networking configuration for my ECS cluster. During the creation process, I was able to specify the VPC and subnets, but I did not see an option to specify a security group. How can I specify a security group for my ECS cluster, and how can I add additional security groups to the cluster after it has been created? Thank you.
I want to be able to implement Attribute Based Access Controls on a complex data system.
To implement this, I want to use a dynamic verification ideally completely in IAM to preserve performance.
For example:
Person A has been given permissions to see objects with Green, Purple and Blue categories, but cannot see objects that have a Vehicle category.
Person B can see Purple and Vehicle but cannot see Green or Blue.
Object A is stored in the Vehicle category S3 and is also contains Blue data.
We initially looked at tags, but the customer currently manages thousands of tags and that equates to billions of potential tag combinations - and this number is always growing.
I am looking for a clean way to implement this access control that would meet these requirements.
Why is Fail2Ban completely missing from AL2023 repos? Are there instructions, including dependencies for hand installation on AL2023? Why would Amazon leave this standard component of basic hacker prevention and security out of the stack?