avatarTeri Radichel

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

1847

Abstract

easy to use. All of us saw excel sheets at some point in our lives. And here is the best part — any decent app offers an integration with Google products. So, maybe, just maybe, you don’t even need a developer to start collecting data from your vendors, or create a simple contacts database that can be embedded in your CRM.</p><h2 id="d797">Google Forms</h2><p id="f556">It all starts with <a href="https://www.google.com/forms/about/">Google Forms </a>where you can use a drag and drop builder to create a form for data entry or a survey. Those forms are easy to share and embed on almost any third-party website. They are lightweight, customizable, and just easy to work with.</p><figure id="5e65"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*4ByT335dOejVUI5G71tyMw.png"><figcaption></figcaption></figure><p id="b623">For this example, I chose the Contact Information template. My plan is to create a simple form for data entry and embed it on my hypothetical intranet website. The idea is to allow employees to enter the contact information of people they work with. But where do we store all this data? Here is where <a href="https://www.google.com/sheets/about/">Google Sheets</a> come into play.</p><h2 id="e1eb">Google Sheets</h2><p id="5c80">Once my form is ready, I move to the second tab called Responses and add a source for this form. I can connect a new spreadsheet that has all the columns defined automatically (they will match the names of the fields in my form). The sheet will be populated automatically.</p><figure id="17d9"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*3qsRhHD7hYWVs5VKC2yijw.png"><figcaption></figcaption></figure><figure id="4eb9"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*yOKcgU4J7y8J2Z5upwgpaQ.png"><figcaption></figcaption></figure><p id="

Options

e2ef">And just like that, I have a new spreadsheet that will keep all entered information from the form in one place. Now, everything is neatly organized and easily searchable. If I want, I can add more forms in the future that point to the same sheet or create a new sheet for each new form.</p><figure id="1482"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*naCwfvtuQc5WMpTNjirTLQ.png"><figcaption></figcaption></figure><p id="9b42">I can also share this spreadsheet with others or, to take it even further, use Sheets API to display this data in any way I like on my Intranet website. And my client-facing website. Anywhere, actually.</p><div id="658a" class="link-block"> <a href="https://developers.google.com/sheets/api"> <div> <div> <h2>Sheets API | Google Developers</h2> <div><h3>The Google Sheets API lets you read, write, and format Google Sheets data with your preferred programming language…</h3></div> <div><p>developers.google.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*JfkvTo8HOGQPyxsY)"></div> </div> </div> </a> </div><h2 id="6517">Google Analytics</h2><p id="1afb"><a href="https://analytics.google.com/">Google Analytics</a> is the final and optional piece of this simple puzzle. In this example, I don’t really need to track who entered what, but I can think of many other use cases where analytics is needed. Google Analytics is a real powerhouse and it integrates with Google Forms easily. If you use Google Forms to collect feedback from your clients or to hire people, for example, you’ll benefit from having nice charts and more in-depth data.</p></article></body>

Importing a Resource In an AWS Deployment Container

ACM.449 A generic function to import CloudFormation resources

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Part of my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: AWS Security | Application Security

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I wrote about potential resource injection into CloudFormation stacks in the last post:

The reason I’m thinking about imports which led to drift detection which led to the cases where it didn’t work in the post prior to that, is because I need to figure something out with my AWS Organization import in my very first deployment in a new account.

I have a single container that can be used to deploy almost anything:

I want to modify the initial deployment in a new account to use that container so I’m going to create a configuration for it in my config repository. I wrote about those repositories here:

I was about to do that when I realized I had forgotten one thing. The AWS Organizations deployment imports the resource if it already exists, otherwise it updates it.

So that got me back to thinking about something I was pondering earlier. Can I make this import generic so it can be used for all resource types?

Probably. With a few caveats.

Let’s take a look at the code.

Here I’ve pulled up the code and shown how we can essentially replace everywhere it’s using “organizations” or the resource category with a variable. Similarly we can replace resource type with a variable.

We can probably move the import block into its own function and call it if needed from our generic deploy_stack function instead of what I’m doing below.

We can check to see if a resource already exists using the generic “get_id” function I’m adding to every resource to get an id to pass into our import statement. I’m not sure how or if that will work for certain resources but we’ll cross those bridges when we come to them.

The empty stack template can be used for every stack.

All that said we don’t really have to write any new code for new resource types for which we want to support import except for one thing — I have an import yaml file for an organization. Let’s take a look at that.

Here’s the organizationimport.yaml file.

Well, this makes things pretty simple actually. When the code runs it could check for the import file if the user is trying to import a resource and tell them it doesn’t exist and that they need to add it first. If it exists, then import is supported.

It may also be pretty easy to generate the import file. The reason I didn’t use the organization.yaml file is because outputs are not supported on import. So I first ran the command to import the resource and then I ran the template with the outputs.

But how will the import process handle parameters and values associated with the resource?

I started to work on a generic import function here:

I showed how I used placeholders for the VPC id in the import template:

I’ll need to make a few changes to this but the building blocks are all there to import any resource if it already exists.

Determining when to run import versus creating or updating a stack

The next challenge will be how to know if the code should import a resource or update an existing stack.

  • Call get_id for the resource name.
  • If no id exists, deploy a new stack.
  • If the id exists, then the resource already exists.
  • Then check to see if a stack already exists for that resource.
  • If no stack exists for that resource based on our naming convention, then deploy a new stack.
  • If a stack exists, but the resource is not in that stack, import the resource into that stack.

We can probably use describe-stack-resources to determine if a stack exists in a resource:

Placeholder code:

Figure out whether to call deploy or import:

That seems like it should work. Now to add that to my deploy function. Working on this and will update the repo and publish a blog post here when it’s ready.

It’s always like this. I start working on one thing, which leads to another which leads to another. But once we have all the things I’ve written about in the last few posts, it seems like it should be decently straightforward to create a new configuration and the template if it doesn’t exist and deploy just about anything.

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2024

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
AWS
Import
Cloudformation
Deploy
Security
Recommended from ReadMedium