AWS Security
A compilation of stories written about AWS by Teri Radichel
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: Application Security | Secure Code | AWS Security
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The series in the link below contains hundreds of posts on AWS Security and an associated GitHub repo. I’ve also attempted to categorize the posts so you can find what you’re looking for (IAM, Networking, Secrets Management, Encryption, Governance, Architecture, etc.).
What is Cloud
To understand what cloud is, we can take a look at the evolution of technology that lead to “cloud.”
Temporary access to log into an AWS VM using an AWS IOT Button
What is interesting about this particular post is that after publishing it, Azure implemented something called Just In Time access (JIT) on Azure with Privileged Access Management (PIM). You get limited access to a VM on Azure and when your time is up, access is shut off. Organizations can require people to request access prior to using it. Now this service is available in Azure for AWS EC2 instances (in preview at the time of this writing).
Why one of your favorite pentesting techniques doesn’t work on AWS
I was surprised just how popular this post has been over time. It was interesting to attend a presentation shortly after posting this at an event put on by an organization I work with. A copy of the diagram in this post was practically copied and put into the deck by the author. A different person was giving the talk with the slides and was surprised to see the slide and couldn’t explain it :-D. Please provide references and give credit when you lift other people’s content.
Amazon DocumentDB Network Access — Why the VPC?
I am continuously trying to explain network security to developers. I often feel like I haven’t done a good enough job because the topic keeps coming up but I’ll keep trying. This is one of those posts.
Keys to AWS Success
Also you might be interested in this summary of Keys to AWS Success from Andy Jassy in a prior AWS re:Invent keynote.
SSH to an AWS EC2 Instance with a Chromebook
My nephew was helping me test my AWS security classes and had a Chromebook. He’s one of the least interested in school and technology in my family and didn’t even last very long after I wrote this post — but ironically is one of my post popular blog posts. (Though not into school or tech he is actually very good at math and just did an amazing job of adding brick pavers to our back yard. Everyone has their own “thing.”)
The AWS CLI Documentation You Really Wanted
Easier CloudFormation
Many people struggle with CloudFormation. I think that is in part due to the way it is presented. Hopefully this post makes it easier to get started.
Proposed Standards For All AWS Security Teams
Just some ideas for standardization across the AWS ecosystem.
My History of DevSecOps
The first time I heard DevSecOps was when presented by some AWS security gurus at AWS re:Invent. That was part of my journey to AWS security.
.NET AWS Lambda Function
When AWS introduced .NET for AWS Lambda, I took a look. Surprisingly this has also been a very popular post. There must be a lot of people trying out .NET with AWS Lambda!
Zooma! Zoom! Zoom!
I tried running Zoom on an AWS Workspace instance. It worked for a while but had some issues. I wish this work work on a standard EC2 instance because AWS Workspaces are a bit expensive.
Step by step approach to installing Zoom on Amazon Workspaces
The problem I hit was that the driver started failing after initially working. I haven’t got back to testing this further. I am also concerned about the security implications of installing this driver. I installed it on a machine specifically used for communications on a locked down network. I wish AWS would build a solution for this. (If they haven’t yet.)
Cross account AWS IAM roles with external IDs and MFA
I use MFA when performing AWS penetration tests. It works with AWS IAM but not AWS SSO. This post explains how to MFA with the AWS CLI and an external ID. In my first link in this post I have posts on the related security threat that an external ID helps protect against — the confused deputy attack.
Install Go on AWS EC2
Based on my stats, a lot of people are interested in usign golang on AWS.
I wrote about the security benefits of Go here:
Real World Cloud Compromise
I gave a presentation for AWS Women in Tech on AWS application vulnerabilities found on penetration tests.
Serverless Security
In this presentation at RSA 2020 I talked about security services environments and a few issues I found on AWS penetration tests.
Red Team vs. Blue Team on AWS
In this presentation, Kolby Allen and I talk about attacks and defenses on AWS.
Security & Machine Learning
In these posts I explore security and machine learning, and I tried an Amazon DeepRacer.
AWS IAM Role Profiles with Boto3
In this post I explain how to use AWS IAM Roles with Boto3.
AWS IAM Role Profiles with Boto3
Leveraging EC2 IAM role profiles with the AWS Python SDK
medium.com
Mapping Attack Paths
This post talks about tools I use on AWS penetration tests to map out network attack paths.
AWS 2020 re:Invent Announcements
AWS Resources used in the Solar Winds Breach
This post explains how AWS resources were used in the Solar Winds Breach.
Hackers as Cloud Customers
Explained how attackers used AWS and Azure in the Solar Winds Breach.
What’s in Your Cloud?
My most popular post (sadly) on the Capital One Breach.
Amazon declined to testify at congressional hearing on SolarWinds hack
A post on click bait reporting.
On Becoming an AWS Hero
Container Escape in AWS HotPatch
Keeping Private Networks Private
Understand what happens when you assign a private IP address to an EC2 Instance on AWS.
Cloud Security Architecture
If you liked these posts you might also like this summary of Cloud Security Architecture posts.
AWS re:Invent
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2022
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
