Questions tagged with Security
Content language: English
Sort by most recent
Hello,
I would like to host my backend application using the Lightsail container service using docker image and Github CI/CD (Build the image, push it to lightsail, create deployment). The application should have few secrets like RDS credentials, external services API keys etc. How can I manage those secrets?
I know I can use environment variables when creating the deployment, but that doesn't seem secure, as those variables are visible as plain text in the console.
That doesn't seem like the best approach.
maybe i already got an answer in my mind but still ill left this question here.
My team try to deploy AWS native network firewall insted of 3rd party firewall like Fortinet, Paloalto to our customer.
So we currently working on various case scenario with rules. and what make us bugging is standard rules like rules inside 5-tuple-rule groups seem to not have ability to left their rule id or something like that on log regardless of its alert or just flow.
Im sure this could be a huge pain in the a@# to the infra/security administrator when they dealing with trouble shooting some traffic flow related issues.
So what i want to know is is there any CLI hidden options to enable rule id or again Suricata custom rule is the answer?
Our web servers (three separate websites) keep crashing and our web developer thinks this is some kind of issue with the main control panel on Amazon, however, there are no issues with our account health. Any insight into what the issue could be would be greatly appreciated!
Hi Team, I'm looking for a solution to transfer huge data from one S3 to other S3 bucket, in different AWS account i.e. cross accounts, having NO VPC Peering connection allowed. Solution should be cost highly secured and cost effective. They are two different enterprise units and no connections like VPC-Peering allowed between their networks. I thought of DataSync but not sure how secure we can make it. Pls suggest the best way to design it.
Thanks
asked a month ago
How to enable WAF rule for an website hosted in LightSail ?
Hello. We recently received an abuse report saying an Elastic IP of ours was being used to send a malicious payload. We do indeed have that IP, but it isn't mapped or associated with anything (perhaps it was at one point. If so, it was before I was on the team). We dug through everything we could to find any instance using this IP and found nothing. No EC2 instances. Nothing in load balancers. I checked in every region, just in case. Has anyone come across something similar? If so, how did you track it down? Can we find what might be using the IP? We see the network interface mapped to it, but it's associated with a VPC used by a number of instances (none of which are the IP in the report).
Otherwise, if we can't find the IP being used anywhere, I'm assuming it's safe to just get rid of it, correct? We do not currently have a dedicated AWS person, so any help is appreciated. Thank you so much for any assistance you can provide.
Edit to add: Is it possible someone is spoofing the IP? The gateway says it was created in 2016 and I do not know the last time that IP was associated with an EC2 instance (if there's a way of finding that out).
I came into my company with Inspector Classic already set up and running. Recently, the weekly run of the Inspector report has stopped and I am unable to manually run the same report. The message, "The assessment run could not be executed at this time as there are no targeted instances available for the selected assessment template" is all I am able to get. I have tried to create a new template, but each time I am not getting the same results. I am very green when it comes to AWS and feel that I must be missing a large part to get the report running again. Please assist. Thank you in advance.
Hello!
I am a very novice customer and normally do not deal with VPN. However a couple of times now incidents have been identified where our team VPN has been used in probing/brute force attacks. For reference we allow BYoD and the VPN is used mainly for WorkDocs/Workmail access.
I have asked users to scan their devices for malicious soft to stop the attacks. However I need assistance with two issues:
-how do I identify exactly which of my users' devices is the source of issue
- is there a way to configure my VPN to prevent it from allowing similar brute force attacks from being carried out in the future?
Appreciate any assistance in advance.
I like to remove unused security groups. Also need to know which security groups are associated with my EC2 without Going one by one on EC2 instances. Any command or solution to make it manageable ?
I created a DocumentDB cluster that is now connected to a few EC2s in a ASG.
I know that for security reasons this should stay in a private subnet, is that really important? How can I check if my cluster is in a public subnet or a private one?
And if it is in a public subnet, how can I move it to a private one?
thanks
M
HI,
All API gateway called either through Postman or Unity are now giving 401 unauthorised to endpoints which were working fine. Nothing has been changed on my side which leads me to think AWS has changed something, For example, using an POST method API with a Cognito User Pool Authorizer worked fine with a username and password through Unity and Postman. Now they don't.
Thanks!
Bhav
I made a lambda function that needs to connect to my DocumentDB Cluster.
I created a security group for lambda to allow outbound 0.0.0.0/0. Then, I edited the VPC settings selecting my default VPC, 2 subnets, and the above security group. Note that the subnets are both public.
Then I modified the DocumentDB security group to allow inbound on 27017 from the lambda security group.
Still I am getting a timeout.
I read somewhere that the subnets need to be private but I only have public subnets, should I create 2 new private ones for this purpose only?
Any other useful suggestion?
thanks
M