Questions tagged with Security
Content language: English
Sort by most recent
I had an intrusion on my server ... a password was brute forced by some kid who proceeded to use the box to try to brute force other boxes.
I found and removed the script that was doing this, and secured the box ... but AWS has embargoed my server, leaving only the ssh port and one other open. This renders the system useless for doing my work.
I have no idea how to contact them to let them know what happened and hopefully regain my ability to use the system.
Please advise!
Hi, we were recently hacked and we now have access to our console again. We only use S3 but when logged back in I see that many other things were accessed and that a major part of charges come from appstream 2.0. Here is what we can see that was recently viewed. https://www.screencast.com/t/HtGis0sSY.
My question is, is there a way for me to remove appstream 2.0 and any of the other items in the screenshot above to really lock the count down. What should I be looking at to make sure that the hacked account is in proper order and that it is locked down tight? Any help would be greatly appreciated.
On updating the MSSQL package from Version6.2.0 to Version9.1.0 in package.json file , we are facing the below error .
Failed to connect to Server1_name - Hostname/IP does not match certificate's altnames: Host: Server1_name is not in the cert's altnames: DNS:Server2_name
The lambda is written in Node.js, lambda connects to mssql server in npm mssql version 6.2.0 but throws the above error in npm mssql version 9.1.1
We upgraded the version for resolving the security vulnerability reported for dependency package (xmldom).
Please guide what can be the ways to resolve the error and the root cause.
One of ECS Task status show as deactivating for long and if I go to container page by clicking containerID, there it show status as running.
Even i tried to stop from console and AWS Cli, non of them were stopping the task and it keeps running..
This may effect my billing. So please help me on this to stop.
Hi,
Is there a way to obtain a username of a user that's loging in with Identity Center?
I want to implement [this](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#policy-vars-wheretouse) same thing that works fine with regular IAM users.
Thanks!
I am trying to set a WAF ACL on top of my CloudFront distribution.
Initial idea behind the implementation is the idea of having a Video On Demand streaming. So basically I do have a web application, which is hosted on my HTTP web server. The web application wants to access a specific video resources, stored in my previously configured S3 bucket. There is an AOI created on top of it, so my CloudFront distribution shares the files stored in a previously mentioned S3 bucket.
I do want to prevent access to the files that can be accessed through a CloudFront distribution URL, and limit the access so only my web server which hosts my web application, can read those files. All other potential attackers and users who does not access files via my web application, should be rejected.
I already created a AWS WAF ACL with the allow action access policy on my set of IPs (within set of IPs there is only my web server IP which hosts my web application listed) and associate it within a rule as well as associate my WAF ACL with a previously mentioned CloudFront distribution.
I am looking for a way to enable video download through CloudFront distribution only via my web application. I've looked in a signed URLs implementation, but I do have a problem because i need to specify my video URL link into my web application through a simple web form on course level, which does not enable me some sort of dynamically set a signed URL once I could generate it.
We need to monitor nodes and pods in all clusters. To get this information, IAM user should be authorised using ClusterRoleBinding.
As per our understanding, ClusterRoleBinding needs to be applied for every cluster in EKS separately to get access to a cluster for a specific IAM user. It also requires us to keep a watch on new cluster creation as authorisation needs to be done for new cluster as soon as it's added. This is very cumbersome.
Is there any way by which an IAM user can be authorised for all EKS clusters in an AWS account in one step? Also, this user should get access to newly created clusters.
I have 2 databases that I am using, first DynamoDB and second one is TimestreamDB. And I am trying to query from both the databases using AppSync Graphql API.
for that I am adding multiple dynamo tables as separate data sources, and for timestream I am creating VPC endpoint for TimestreamDB, and adding HTTP data source for that.
Now the question is, I can create schema, query and resolvers for Dynamo Tables. And the AWS AppSync documentation says that for now, only public endpoints are working with AppSync. Ref:"https://docs.aws.amazon.com/appsync/latest/devguide/tutorial-http-resolvers.html"
So is there any other way I can satisfy my requirements of connecting Timestream HTTP endpoint with AppSYnc?
I am using Cognito's Authentication Code Grant. After logging in, a user is given a code inside the callback URL which is later exchanged for an `access_token`.
In my web application, after logging in, a user can access a "console" (similar to AWS). Each time the user interacts with the console (like accessing a service) it does it through an api in API Gateway.
Unauthenticated users should not access the console and all its services. Hence, the way I am doing this is that every time the user wants to make a request to these REST endpoints the `access_token` is required.
However, this `access_token` should be stored somewhere so that the user can pass it in the request headers for later calls.
Where should this `access_token` be stored?
Which is the right way to do this? Maybe requiring the `access_token` in every API endpoint is not right?
I'm creating a Spotify data analysis tool to communicate with the company API so I can provide a service on my web for people to see some insights of their spotify profiles. To do so, I need to incorporate the SSO on my web with the OAuth2.0 protocol (given by Spotify to use their API).
I would like to know if someone can guide me into the steps to do this since I have no prior experience working with external users authentication.
Can AWS Amplify be deployed inside a VPC?
I recently renamed one of the AD groups which was mapped to my AWS identity center from **access_group_thractor ** to **access_group_tractor**.
I then went into AWS Identity Center and deleted the old group and added the new group
When I go back into the application the old group name **access_group_thractor ** keeps showing up inside AWS Identity center after deleting and adding the correct group name.