Free AI web copilot to create summaries, insights and extended knowledge, download it at here

5791

Abstract

7156">I covered user-specific secrets here:</p><div id="744d" class="link-block"> <a href="https://readmedium.com/create-a-per-user-secret-in-secrets-manager-part-1-bb97b66e2a2d"> <div> <div> <h2>User-Specific Secrets on AWS: IAM Policies</h2> <div><h3>ACM.82 IAM Policies to allow users to describe their own secrets</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*PcniDpBJq2db0jbdryc_Nw.png)"></div> </div> </div> </a> </div><h2 id="aada">Create the user-specific Secret to store the automation credentials</h2><p id="a515">Next I create <b>SandboxDevAutomationSecret</b> in Secrets Manager, encrypted with my <b>Sandbox KMS key</b>.</p><figure id="e15e"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*DQonCyF8UzPnZZoiGOKD9w.png"><figcaption></figcaption></figure><figure id="f7b3"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*zITxEtD__wFDwpPrBpqv4w.png"><figcaption></figcaption></figure><h2 id="2e63">Create a user-specific EC2 instance role for the SandboxDev user</h2><p id="3417">Next I create an EC2 instance role that the developer is allowed to pass to EC2 instances named <b>SandboxDevEC2Role</b>.</p><figure id="44ef"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*__fohZeTWjwdYrS__B4imQ.png"><figcaption></figcaption></figure><p id="eee9">The role will have a prefix with the username:</p><figure id="7afa"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*7dKW5KiQMivtKqjgzA_1Gw.png"><figcaption></figcaption></figure><p id="a338">This role is granted access to:</p><ul><li>Read the<b> SandboxDevSecret.</b></li><li>Pull containers from the <b>sandbox Elastic Container Repository.</b></li><li>Use the <b>sandbox KMS key </b>to access decrypt the secret and the container in the repository</li></ul><h2 id="df90">Create the Automation user</h2><p id="b752">Create the <b>SandboxDevAutomation</b> user. Do not give this user console access.</p><figure id="ddeb"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*QWVvQMA9aDCtmiVxSR61iw.png"><figcaption></figcaption></figure><p id="c19e">Remember that I already have a role (<b>CloneGitHubtoCodeCommitRole</b>) used by my batch job from prior posts. Create a policy that allows the SandboxDevAutomation user to use STS to assume that role.</p><p id="559f">The <b>SandboxDev</b> user needs permission to change the <b>credentials</b> <b>and</b> MFA device of the <b>SandboxDevAutomation</b> user.</p><h2 id="0f53">Edit the batch job role trust policy to allow the SandboxDevAutomation role to assume it</h2><p id="7f1d">We need to modify the trust policy to allow the <b>SandboxDevAutomation</b> <b>user</b> to assume the <b>CloneGitHubtoCodeCommitRole</b> role with MFA.</p><figure id="6ad1"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*xAHGslW3SSbv6c5NO8mhzg.png"><figcaption></figcaption></figure><p id="7ad0">Edit the trust policy:</p><figure id="cfaf"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*Vna71G_F2e-8Vdtw4yBwFw.png"><figcaption></figcaption></figure><p id="6a5a">Change the user to SandboxDev:</p><figure id="f788"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*vpSqEqjFa_qg59v_dnPCzQ.png"><figcaption></figcaption></figure><h2 id="49b3">Add permissions to KMS Key Resource Policy</h2><p id="8cf1">Next I need to allow the <b>SandboxDev</b> user to encrypt and decrypt and the <b>SanboxDevEC2Role</b> to decrypt with the <b>sandbox KMS Key.</b> I edit my automation to add those two roles to the encrypt and decrypt users.</p><figure id="380f"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*UkzCt10p0iqCR4OpMs6uhQ.png"><figcaption></figcaption></figure><h2 id="d015">Login as SandboxDev</h2><p id="725d">Log into the AWS Console with the SandboxDev user. If you’ve been following along, you have an account with a prefix specific to your organization and -Dev at the end if you used my deployment scripts.</p><figure id="13d5"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*5L-3C9ORVXOWv6KRdCkBLg.png"><figcaption></figcaption></figure><h2 id="d260">Add MFA devices</h2><p id="5cca">Add a Hardware MFA device to the SandboxDev User.</p><figure id="21f0"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*8s8rTuyWOsLAQUEqfwTtOQ.png"><figcaption></figcaption></figure><p id="c0e6">Add a Virtual MFA device to the SandboxDevAutomation User.</p><p id="5cec">I explain why I do not use a Yubikey to generate MFA codes here:</p><div id="1308" class="link-block"> <a href="https://readmedium.com/the-yubikey-cli-and-aws-mfa-50e6be0698a7"> <div> <div> <h2>The Yubikey CLI and AWS MFA</h2> <div><h3>ACM.11 Considering the attack surface and MFA choices for our Security Batch Jobs</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*SFAKbcK__GlbJbJJJVXK9w.png)"></div> </div> </div> </a> </div><figure id="5893"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*iFl4DTQNuplt-SGONHpNYw.png"><figcaption></figcaption></figure><h2 id="d7df">Create automation credentials</h2><p id="b9e4">Create an <b>Access key</b> for the <b>SandboxDevAutomation</b> user.</p><figure id="7f1e"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*KoVfxp-aJvzBiacPyFeMlA.png"><figcaption></figcap

Options

tion></figure><p id="217e">I have explained before that I disagree with the verbiage on this page. The CLI in the browser has a much larger attack surface and it depends how you are using the keys.</p><figure id="0423"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*_CCe4xu8AcNLloUHgvF5Aw.png"><figcaption></figcaption></figure><h2 id="8caa">Store the credentials in the SandboxDevAutomationSecret</h2><p id="24aa">Head to the Secrets Manager dashboard.</p><p id="432d">Click on the SandboxDevAutomationSecret.</p><figure id="6893"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*cz9jnYSnBsGXf9Y8VZjGPQ.png"><figcaption></figcaption></figure><p id="f616">Store the secret key id and secret access key.</p><figure id="4b95"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*-G9eR929nKSsGWrsOuzucg.png"><figcaption></figcaption></figure><h2 id="5496">Test Launching an EC2 Instance with the SandboxDev role</h2><p id="8907">Head over the EC2 dashboard and test launching an EC2 Instance. Recall that the Instance name needs to match what we specified in the policy above.</p><figure id="a1c7"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*FqCLLp7V854JJZa88TIdvA.png"><figcaption></figcaption></figure><p id="2bc8">If you need to decode any error messages I explained how to do that here:</p><div id="bb13" class="link-block"> <a href="https://readmedium.com/decoding-aws-error-messages-db0e0cbecf0d"> <div> <div> <h2>Decoding AWS Error Messages</h2> <div><h3>Free Content on Jobs in Cybersecurity | Sign up for the Email List</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*4oxP4LXk8l8c3mpRvO7ejg.png)"></div> </div> </div> </a> </div><p id="bd85">Choose the existing networking created for EC2 instances from prior posts.</p><div id="a149" class="link-block"> <a href="https://readmedium.com/automating-cybersecurity-metrics-890dfabb6198"> <div> <div> <h2>Automating Cybersecurity Metrics (ACM)</h2> <div><h3>A series of blog posts on cybersecurity metrics and security automation</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*L9lEIsaWt6xm2Op2ww-G5w.png)"></div> </div> </div> </a> </div><p id="2937">Choose the role we created under Advanced details.</p><figure id="8870"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*oHJior3Ueea6woDB1zqqKQ.png"><figcaption></figcaption></figure><p id="a822">One note that took me a bit to resolve. The message when your user does not have permission to pass the IAM role to the EC2 instance is a bit ambiguous.</p><div id="a0fb" class="link-block"> <a href="https://readmedium.com/ambiguous-error-message-when-a-user-doesnt-have-permission-to-pass-a-specific-iam-role-to-an-ec2-b005f338b6df"> <div> <div> <h2>Ambiguous Error Message When a User Doesn’t Have Permission to Pass a Specific IAM Role to an EC2…</h2> <div><h3>This error message needs to be more specific and doesn’t show up in CloudTrail for the User Name</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*4oxP4LXk8l8c3mpRvO7ejg.png)"></div> </div> </div> </a> </div><p id="51b2">Getting the resources setup took some time because I realized I had to revise my approach. I didn’t automate any of this but I will in the future. For now I just want to make sure it works. I can also figure out what permissions each policy requires.</p><p id="1fb5">I will test the initialization script in the next post.</p><p id="2c31">Follow for updates.</p><p id="4a3a">Teri Radichel | <i>© <a href="https://2ndsightlab.com/?source=post_page---------------------------">2nd Sight Lab</a> 2023</i></p><div id="8b5f"><pre><span class="hljs-section">About Teri Radichel:

⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab</pre></div><div id="caae"><pre><span class="hljs-section">Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation</pre></div><div id="530b"><pre>Follow <span class="hljs-keyword">for</span> more stories like <span class="hljs-keyword">this</span>:

❤️ Sign Up my Medium Email List ❤️ Twitter: <span class="hljs-meta">@teriradichel</span> ❤️ LinkedIn: https:<span class="hljs-comment">//www.linkedin.com/in/teriradichel</span> ❤️ Mastodon: <span class="hljs-meta">@teriradichel</span><span class="hljs-meta">@infosec</span>.exchange ❤️ Facebook: 2nd Sight Lab ❤️ YouTube: @2ndsightlab</pre></div><figure id="eecf"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*H9Ew1KCl-29nZiPR.jpeg"><figcaption></figcaption></figure></article></body>

How I Dropped to 19% Body Fat at 65

In this article, I will give you my secrets to staying fit, both in body and mind, and offer tips on achieving your fitness goals at any age.

I sound like a wise old person. I’m neither wise nor old. But the older I get, the less stupid I become.

I recently finished my 65th trip around the sun. Sixty-five used to be old. Now, it’s the new whatever your mind wants it to be.

This leads me to … Secret #1.

Don’t think like an old person. EVER! I don’t care if you’re in your teens or 100s (The 100s group is growing in size); think young. Hang out with young people. Stay current. Embrace new technologies. Do stuff you’re not “supposed to do.” Break rules!

Never say … “When I was your age …” because the minute you do, you become a holier-than-thou annoying old person, and whoever you’re talking to will stop listening.

Turn the tables around and learn from people younger than you.

OK, now that we’ve gotten that out of the way, let’s get to why you clicked on this article — keeping your body — your temple, God’s temple, if that’s what you choose to call it — fit and healthy.

Did you get that? Healthy. Not just fit. Because many people look fit, but they’re one pushup or smoothie away from an injury or a health crisis.

Let’s start by breaking some food rules.

Give Yourself Permission To Eat Shit

Food is fuel. It’s also fun.

The first thing you should eliminate from your diet is the word diet.

Diet implies eating for a designated amount of time to reach a goal (most likely losing weight), returning to your old ways, putting back all the weight you lost — and more — when your diet ends, and beginning the cycle anew.

You go on a diet and then back to being fat.

Diet, lose, eat, gain, rinse, repeat.

And as Tony Robbins once said, “The first three letters of the word diet are DIE.”

You get the point.

Diets end. Healthy eating doesn’t. Aim for healthy eating. You don’t have to be a rocket scientist to know how to do that. Have you ever heard of an app? With some help from your friend Google, you will find dozens of apps that will teach you how to eat right without overwhelming you with scientific information and formulas that will send you sailing to the Chips Ahoy! and Oreos aisle.

But for God’s sake, make sure the “guru” you’re listening to is credible. (More about this later.)

Six-Pack Abs Are Born in The Kitchen

Why You Shouldn’t Throw Your Pearls In Front Of Swine

medium.com

Back to our story.

I have eaten healthy all my life, although I didn’t realize it until the things I’ve eaten since I was a kid — like fruit as a snack and a salad with every meal — became trendy.

But lest you think of me as an elementary school hummus-eating nerd (I was), I also had my share of Twinkies and Ho Hos. Waiting for the Good Humor ice cream truck to pull up to my Brooklyn street every afternoon after school was a religion.

So, full disclosure. I’ve eaten my share of shit.

You can too, but balance it with eating clean about 90% of the time (I made up that percentage, so find what works for you and stick to it).

Everything in moderation. It’s a motto you should live by starting right now.

Work Out, REST, RECOVER!

My journey to low body fat didn’t begin overnight, and it wasn’t limited to the kitchen. Although once I hit my 50s, the kitchen started playing a more significant role in my fitness level.

I have always been active.

My days as a Brooklyn tomboy included hours of sewer-to-sewer stickball until it was so dark the only thing visible was the glow of the pinky ball flying too close to Mrs. Tracey’s bay window, from which she glared at those crazy kids outside.

A week before starting the third grade, I fell off my bicycle, broke my arm, and spent a month in a cast. The cast was a badge of honor. All the kids thought it was cool.

Biking is my cardio of choice. And I still fall. These days, my badge includes two trips to the emergency room, 13 stitches, a dislocated shoulder, and enough bruises to make purple jealous.

I also fell off my bike and broke my wrist, but by the time I went to see a doctor, it had healed on its own perfectly.

“You are a freak of nature,” he said. “You can resume all exercise; just don’t do pushups.” I went home and immediately did pushups. I should have listened to the doctor.

But Ruby, my bike, is OK. And that’s all that matters. (More on Ruby later.)

In my 20s, I ran marathons. Three of them. All in NYC. I also ran dozens of shorter road races, ignoring my knees and their complaints. Taking a day off sent me into guilt trips that made me want to go to confession.

I moved to Florida and discovered that running in the Florida heat made waterboarding look like fun. (Not that I’ve ever been waterboarded, but it’s the only analogy that I could think of while writing this.)

That’s when I found the joys of weight training. I loved it from the get-go.

Although I pushed myself through three trainers, I could never get below 25 percent body fat. I was fit and strong, but I was skinny fat. At the time, I was not paying attention to what I ate, mostly because I was still eating like a marathoner, and my workouts were keeping me thin despite my higher-than-I-wanted body fat percentage.

My knees were also trying desperately to get my attention. I dislocated my right one running on the treadmill. However, I didn’t know it was dislocated. Three months and a three-week excruciatingly painful European vacation later, I finally decided to have it checked out. I still feel the pain just thinking about the X-ray.

Don’t be like me. If your injury hurts for more than a few days, get it checked out.

You’re in this for the long haul. Push through the pain, and you risk your future fitness.

Which is fine if your goal is to be the envy of a manatee.

Ruby To The Rescue

Then came a little blip on the exercise radar known as the pandemic, COVID-19, or fake news — whatever you prefer.

I was determined to come out of it fit and fast. I biked hundreds of miles but not much else. I was fit, and I was fast. But not much else.

Riding my bike, followed by hours of sitting on my ass during work Zoom meetings, lifting my water bottle became my weight-bearing exercise of choice.

My cardiovascular system rivaled that of a cheetah. My body was lean thanks to my inherited skinny genes (not a typo), but lifting anything heavier than 10 pounds was humbling.

In January 2023, my partner’s knee replacement surgery coaxed me back into the gym.

It was there that I found a trainer who helped me get down below the 20 percent body fat level, long after I had accepted I would never get there.

Right out of the gate, while training with him, I realized how much strength I had lost. Bike riding for two years had created muscle imbalances and tightness that scared me as much as it motivated me.

We started slow, something I wasn’t very good at. I also lifted lighter and did fewer reps and sets. But as I began to see quick results, I started paying attention.

When my sessions with him ended, I had gone down to 20 percent body fat. I went back to the gym on my own. And I followed his advice, slowly increasing the weight but always listening to my body for clues I might be overdoing things.

Last weigh-in this morning, my body fat had dipped to 19 percent.

Too Much Of A Good Thing Is Bad

I spend less time on the bike now because too much cardio kills muscle mass.

I’ve stopped punishing myself in the gym, on the road, and in my head … especially in my head.

I no longer feel guilty when I take a day or two off. I know that when I return, I will be rested and able to lift longer and heavier.

Workouts tear your muscles down. Rest days heal. That means you build muscle on your days off. Imagine that.

If You Hate The Gym, Why Do You Go?

You Can Be Fit & Healthy For Life If You Stop Forcing It

medium.com

I see people in the gym lifting weights beyond their means, having horrible form, and injuries waiting to happen. (And what’s up with you, iPhone posers?)

If that’s you, stop it right now. Don’t be impressed by those muscle-bound big boys and girls. Think of where they will be in 10, 20, 30 years. Will they still be in the gym? Or will injuries have won the battle?

A dear coworker recently started working out to recover after a life-changing surgery. I applaud her and the progress she’s made. But now she’s spending two hours in the gym every day. I tell her to slow down. She tells me she loves me, but I know she won’t listen.

Listen up! Less is more. If you sleep in the more, more, more bed, you’ll wake up tired, tired, tired.

And speaking of beds, make yours every morning. My mom does. And she just turned 96.

When I’m 65 (not a song by the Beatles)

Everyone is a health expert these days. Instagram, YouTube, and social media have turned everyday people into influencers and experts on everything, including diet and exercise.

Most are quacks. They are the modern-day version of snake oil salesmen, promoting the latest fad diet. If there’s anything more dangerous than the word diet, it’s the adjective “fad.”

Your brain knows best. Your body likes it when you listen to your brain. If something sounds weird to you, avoid it. If it makes sense, try it. If your body rejects it, move on. It might be good for someone else, but not for you.

For example, if the “experts” tell you yogurt is good for you but yogurt makes you vomit, stop eating yogurt. See, nutrition isn’t that difficult. Eat stuff that doesn’t make you throw up.

Anything taken to extremes is unhealthy.

Again, listen to your body. Learn to find the sweet spot between “I need rest” and “I’m just being a lazy ass.” Sometimes that means starting a workout, but if 10 minutes into it you don’t feel like continuing, stop. It’s OK. Push through, and you could get hurt.

Those are my secrets to staying fit for life.

Now, I know you won’t follow the advice I gave you in this article. How do I know? Because no matter how old I am, I hear advice from other people all the time, but it’s not until I learn by experience that I incorporate that advice into my life. (See what I did there? You thought I was going to say, “Because when I was your age …,” didn’t you?)

So, take from this article what you like, and one day, when you learn the lessons by experience, pay them forward.

Oh, and one more thing … I don’t drink alcohol anymore. If you want to learn more about how sobriety can help you stay physically, mentally, and emotionally fit, the stories of my journey through sobriety will offer insights to help you get started.

Update:

How I Have Stayed at 19% Body Fat Since Turning 65

It’s Easy To Do Now That I Stopped Trying

medium.com

How I Stayed at 19% Body Fat While Recovering From COVID-19

Rest Did Wonders For My Body and Mind

medium.com

Thank you for reading this article.

I appreciate you and welcome your comments. If you found this article helpful, please share it and give it a few claps so others can find it. If you’d like to support my work, buy me a coffee!

Barb Besteni is a writer, spiritual seeker, former rock star, and animal lover. After 35 years of writing, copyediting, and producing content for local, national, and international television news, she left the newsroom for the comfort of her home office. Get an email whenever Barb publishes a new story on Medium: https://medium.com/@barbbesteni/subscribe.