avatarJairam R Prabhu

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

5791

Abstract

7156">I covered user-specific secrets here:</p><div id="744d" class="link-block"> <a href="https://readmedium.com/create-a-per-user-secret-in-secrets-manager-part-1-bb97b66e2a2d"> <div> <div> <h2>User-Specific Secrets on AWS: IAM Policies</h2> <div><h3>ACM.82 IAM Policies to allow users to describe their own secrets</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*PcniDpBJq2db0jbdryc_Nw.png)"></div> </div> </div> </a> </div><h2 id="aada">Create the user-specific Secret to store the automation credentials</h2><p id="a515">Next I create <b>SandboxDevAutomationSecret</b> in Secrets Manager, encrypted with my <b>Sandbox KMS key</b>.</p><figure id="e15e"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*DQonCyF8UzPnZZoiGOKD9w.png"><figcaption></figcaption></figure><figure id="f7b3"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*zITxEtD__wFDwpPrBpqv4w.png"><figcaption></figcaption></figure><h2 id="2e63">Create a user-specific EC2 instance role for the SandboxDev user</h2><p id="3417">Next I create an EC2 instance role that the developer is allowed to pass to EC2 instances named <b>SandboxDevEC2Role</b>.</p><figure id="44ef"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*__fohZeTWjwdYrS__B4imQ.png"><figcaption></figcaption></figure><p id="eee9">The role will have a prefix with the username:</p><figure id="7afa"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*7dKW5KiQMivtKqjgzA_1Gw.png"><figcaption></figcaption></figure><p id="a338">This role is granted access to:</p><ul><li>Read the<b> SandboxDevSecret.</b></li><li>Pull containers from the <b>sandbox Elastic Container Repository.</b></li><li>Use the <b>sandbox KMS key </b>to access decrypt the secret and the container in the repository</li></ul><h2 id="df90">Create the Automation user</h2><p id="b752">Create the <b>SandboxDevAutomation</b> user. Do not give this user console access.</p><figure id="ddeb"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*QWVvQMA9aDCtmiVxSR61iw.png"><figcaption></figcaption></figure><p id="c19e">Remember that I already have a role (<b>CloneGitHubtoCodeCommitRole</b>) used by my batch job from prior posts. Create a policy that allows the SandboxDevAutomation user to use STS to assume that role.</p><p id="559f">The <b>SandboxDev</b> user needs permission to change the <b>credentials</b> <b>and</b> MFA device of the <b>SandboxDevAutomation</b> user.</p><h2 id="0f53">Edit the batch job role trust policy to allow the SandboxDevAutomation role to assume it</h2><p id="7f1d">We need to modify the trust policy to allow the <b>SandboxDevAutomation</b> <b>user</b> to assume the <b>CloneGitHubtoCodeCommitRole</b> role with MFA.</p><figure id="6ad1"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*xAHGslW3SSbv6c5NO8mhzg.png"><figcaption></figcaption></figure><p id="7ad0">Edit the trust policy:</p><figure id="cfaf"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*Vna71G_F2e-8Vdtw4yBwFw.png"><figcaption></figcaption></figure><p id="6a5a">Change the user to SandboxDev:</p><figure id="f788"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*vpSqEqjFa_qg59v_dnPCzQ.png"><figcaption></figcaption></figure><h2 id="49b3">Add permissions to KMS Key Resource Policy</h2><p id="8cf1">Next I need to allow the <b>SandboxDev</b> user to encrypt and decrypt and the <b>SanboxDevEC2Role</b> to decrypt with the <b>sandbox KMS Key.</b> I edit my automation to add those two roles to the encrypt and decrypt users.</p><figure id="380f"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*UkzCt10p0iqCR4OpMs6uhQ.png"><figcaption></figcaption></figure><h2 id="d015">Login as SandboxDev</h2><p id="725d">Log into the AWS Console with the SandboxDev user. If you’ve been following along, you have an account with a prefix specific to your organization and -Dev at the end if you used my deployment scripts.</p><figure id="13d5"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*5L-3C9ORVXOWv6KRdCkBLg.png"><figcaption></figcaption></figure><h2 id="d260">Add MFA devices</h2><p id="5cca">Add a Hardware MFA device to the SandboxDev User.</p><figure id="21f0"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*8s8rTuyWOsLAQUEqfwTtOQ.png"><figcaption></figcaption></figure><p id="c0e6">Add a Virtual MFA device to the SandboxDevAutomation User.</p><p id="5cec">I explain why I do not use a Yubikey to generate MFA codes here:</p><div id="1308" class="link-block"> <a href="https://readmedium.com/the-yubikey-cli-and-aws-mfa-50e6be0698a7"> <div> <div> <h2>The Yubikey CLI and AWS MFA</h2> <div><h3>ACM.11 Considering the attack surface and MFA choices for our Security Batch Jobs</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*SFAKbcK__GlbJbJJJVXK9w.png)"></div> </div> </div> </a> </div><figure id="5893"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*iFl4DTQNuplt-SGONHpNYw.png"><figcaption></figcaption></figure><h2 id="d7df">Create automation credentials</h2><p id="b9e4">Create an <b>Access key</b> for the <b>SandboxDevAutomation</b> user.</p><figure id="7f1e"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*KoVfxp-aJvzBiacPyFeMlA.png"><figcaption></figcap

Options

tion></figure><p id="217e">I have explained before that I disagree with the verbiage on this page. The CLI in the browser has a much larger attack surface and it depends how you are using the keys.</p><figure id="0423"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*_CCe4xu8AcNLloUHgvF5Aw.png"><figcaption></figcaption></figure><h2 id="8caa">Store the credentials in the SandboxDevAutomationSecret</h2><p id="24aa">Head to the Secrets Manager dashboard.</p><p id="432d">Click on the SandboxDevAutomationSecret.</p><figure id="6893"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*cz9jnYSnBsGXf9Y8VZjGPQ.png"><figcaption></figcaption></figure><p id="f616">Store the secret key id and secret access key.</p><figure id="4b95"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*-G9eR929nKSsGWrsOuzucg.png"><figcaption></figcaption></figure><h2 id="5496">Test Launching an EC2 Instance with the SandboxDev role</h2><p id="8907">Head over the EC2 dashboard and test launching an EC2 Instance. Recall that the Instance name needs to match what we specified in the policy above.</p><figure id="a1c7"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*FqCLLp7V854JJZa88TIdvA.png"><figcaption></figcaption></figure><p id="2bc8">If you need to decode any error messages I explained how to do that here:</p><div id="bb13" class="link-block"> <a href="https://readmedium.com/decoding-aws-error-messages-db0e0cbecf0d"> <div> <div> <h2>Decoding AWS Error Messages</h2> <div><h3>Free Content on Jobs in Cybersecurity | Sign up for the Email List</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*4oxP4LXk8l8c3mpRvO7ejg.png)"></div> </div> </div> </a> </div><p id="bd85">Choose the existing networking created for EC2 instances from prior posts.</p><div id="a149" class="link-block"> <a href="https://readmedium.com/automating-cybersecurity-metrics-890dfabb6198"> <div> <div> <h2>Automating Cybersecurity Metrics (ACM)</h2> <div><h3>A series of blog posts on cybersecurity metrics and security automation</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*L9lEIsaWt6xm2Op2ww-G5w.png)"></div> </div> </div> </a> </div><p id="2937">Choose the role we created under Advanced details.</p><figure id="8870"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*oHJior3Ueea6woDB1zqqKQ.png"><figcaption></figcaption></figure><p id="a822">One note that took me a bit to resolve. The message when your user does not have permission to pass the IAM role to the EC2 instance is a bit ambiguous.</p><div id="a0fb" class="link-block"> <a href="https://readmedium.com/ambiguous-error-message-when-a-user-doesnt-have-permission-to-pass-a-specific-iam-role-to-an-ec2-b005f338b6df"> <div> <div> <h2>Ambiguous Error Message When a User Doesn’t Have Permission to Pass a Specific IAM Role to an EC2…</h2> <div><h3>This error message needs to be more specific and doesn’t show up in CloudTrail for the User Name</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*4oxP4LXk8l8c3mpRvO7ejg.png)"></div> </div> </div> </a> </div><p id="51b2">Getting the resources setup took some time because I realized I had to revise my approach. I didn’t automate any of this but I will in the future. For now I just want to make sure it works. I can also figure out what permissions each policy requires.</p><p id="1fb5">I will test the initialization script in the next post.</p><p id="2c31">Follow for updates.</p><p id="4a3a">Teri Radichel | <i>© <a href="https://2ndsightlab.com/?source=post_page---------------------------">2nd Sight Lab</a> 2023</i></p><div id="8b5f"><pre><span class="hljs-section">About Teri Radichel:

⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab</pre></div><div id="caae"><pre><span class="hljs-section">Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation</pre></div><div id="530b"><pre>Follow <span class="hljs-keyword">for</span> more stories like <span class="hljs-keyword">this</span>:

❤️ Sign Up my Medium Email List ❤️ Twitter: <span class="hljs-meta">@teriradichel</span> ❤️ LinkedIn: https:<span class="hljs-comment">//www.linkedin.com/in/teriradichel</span> ❤️ Mastodon: <span class="hljs-meta">@teriradichel</span><span class="hljs-meta">@infosec</span>.exchange ❤️ Facebook: 2nd Sight Lab ❤️ YouTube: @2ndsightlab</pre></div><figure id="eecf"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*H9Ew1KCl-29nZiPR.jpeg"><figcaption></figcaption></figure></article></body>

KTU S4 Computer Science and Engineering Review and Tips

In this blog post, I will make a small review of the semester 4 of Computer Science and Engineering(which I am pursuing). Rather than taking you to a detailed analysis of different subjects and explaining things word by word, I will just brief you on what all you can expect, their importance and small tips which may help you out and rather not complicate it.

I am not qualified to give you tips, as I am still a student but I feel that there is something a student can help. That part I will be focusing on with my experience as well.

Before I begin, there is a bit of misunderstanding about what engineering really is. It is a problem-solving subject with some designing involved. Science is a subject which deals with various phenomena, physical conditions, etc. The problem with science is that it is purely theory-based, it doesn’t clearly indicate what it can be used for. But engineering comes in with a lot of problems which we face, take, for example, we need a fuel which is 100% pure and we know more on it but we don’t how we can exactly use it or whether it will be economically viable. Then an engineer comes in and designs an engine which uses this fuel. So now you understand what is the role of an engineer. He need not go much into the theory and all but needs to apply the known theory well to solve the problem.

Coming to Computer engineering and myths, people of other branches see us with a different angle. They believe that we are those people who are always sitting in front of a laptop and compiling programs. They are also like “Anyone can do programming…anyway, most of the engineers will land up in IT job”. Computer engineering is not about programming. The people who make programs are Computer Applicants (People with BCA or MCA degree). What computer engineer needs to do is to make algorithms or know how to design software, understand their working etc.

CSE course deals primarily with the theory of computation and design of computational systems

Do read my S3 review on my personal blog, link given-

To be honest, the academics of S4 didn’t make me happy at all. All the stuff was quite challenging except for one or two subjects. Many of the subjects had a dry theory portion which obviously had to be byhearted without even thinking what it was supposedly. By this Semester you have officially started your journey into Computer Science Core and now there is no looking back into your first year and think how better or worse it was.

All subjects require a strong base in S3 subjects like STLD and Linear algebra.

The first subject as always will be Mathematics and the last paper of maths in your Btech. This time you will be learning 3 topics- Probability, Transforms and Numerical Methods. As the name suggests this is the name of the subject. The probability portion will relatively be relatively easy as your continuing from class 12 basics. You will have one module of discrete probability and the other on continuous probability. Follow a good textbook and you can score very good marks from here. If you rather opt for a slow study then I have to suggest a youtube channel(link below) for the same. Probability has a lot of applications in engineering and physics.

Next two modules will be transforms. As the name suggests, this mainly on transforming one function of a variable to a function of some other. This is something totally new which you are learning. You need to be thorough with Integration which you are familiar with since school. This section is moderate to tough. Refer to the above channel for good videos. Transforms have a wide range of applications in the field of electronics, especially in signal generation and processing, it is also widely used for solving complex integrals, integral equations and differential equations. These three are the fundamental of any engineering branch.

The last topic under maths is Numerical Methods. It is fairly easy. You will be given formulas, which you will have to learn them properly and apply. You will need to practise a different type of questions before going for the exam. This portion is mainly used for computing accurate values, and for making algorithms to run programs which can solve mathematical problems. Learn about numerical methods from this channel.

The second subject is Computer Organisation and Architecture (COA). It mainly deals with computer hardware and its working. This is a rare type of subject that you may find in your 4 years. The subject is very complex, with different terms, block diagrams and varied concepts but with similar title names. This subject needs to be handled with care. The following youtube channel may be helpful for learning COA, JAVA, OOPs, and other technical and non-technical stuff which you may require later on as well.

The next subject which we will be discussing is Operating Systems. Here, you will be learning in detail about OS, its functions, how processes are being scheduled, memory management, etc. This subject is easy to moderate. You can perform well if you are able to study from the textbook. You may not need a supercomputer mind to learn this subject. OS is gonna be an interesting one. Along with this theory subject, you will have FOSS lab which will focus to help improve your knowledge on LINUX OS.

The fourth subject is OODP or Object-Oriented Design and Programming(with JAVA). Don’t be worried about this big title. It is more like the C++ which you must have learnt in class 11 and 12. More about programming, and theory on various OOPs. This time you will be learning JAVA language from scratch, till complex GUI making and database linking. This subject is easy to decode if you have a systematic learning habit and a bit of coding aptitude. You can also code programs and learn this subject. Again JAVA is indeed a useful subject if you are seeking a career in Computer Programming or Web development.

The last subject which is related to CSE is PDD or Principles of Database Design. The subject is not as much interesting as the title but somewhat okay to learn. The portions are vast and cannot be grasped in a single glance. You need time and patience to learn. It's good if you start learning this subject quite a time before the exam itself. This paper is more problematic and involves a bit of discrete mathematics too. This paper tells you more about Database, it's processing, management and storage. This subject also introduces you to a variety of topics like Big Data, which will be the future of Data Science. The knowledge which you had in class 12 about DBMS and SQL will be very much required here. You will also have SQL lab in S5.

This channel will help you to grasp about PDD and OS. All these subjects hold a very big importance for GATE exams as well as for Comprehensive test in S6.

With that important and core subjects are done with. What left is your elective. You are having two electives this year:- Life Skills and Business Economics. I had written about Life skills in S3 review, so do refer it there.

Business Economics is a straight forward and easy subject. The questions will be mainly subjective and theory-oriented. Majority of the portion you study is from class 11 and 12 economics. So those who have studied economics as their 6th subject will find this a cakewalk. Also, there are an immense amount of youtube videos for these topics as well. Learning to draw graphs and label them is the key to earn very good marks. Try to get the NCERT for both subjects if you want to explore more outside the textbook.

Follow this youtube Channel for last min tips on KTU CSE

More about KTU, some important tips, insights on University, along with interesting study materials-

Fear not, S4 is not a big hard rock, but it is breakable indeed. Let us not forget that systematic learning is very much essential. If you are not amongst the geeky gang then obviously you will need to move away from the conventional path and dig into other ways of learning like using Youtube or taking last-minute tuitions. Tips I mentioned here are mostly for last-minute learners and people who feel that learning without the help of teachers is indeed a daunting task. Those who believe that they can learn well may choose their own path. But for you, I have introduced into the subjects well in advance that you may need to prioritise what to learn and be assigned more time in your time table. Also, if you want some good PDFs, do reach out to me.

Last but not least, All the Best, Don’t be disheartened if one of your exams was hard, or don’t think about the results of the last semester and feel nervous. Think twice on your priorities and prepare well. Success is always yours.

If you are liking my blogs and in search of useful content keep following me. You can drop in your feedback either in the comments sections or reach out to me on Social Media- FB Messenger| Instagram|Quora|YKA or drop your input in this link. For my old posts do scroll down my profile page. Thank you! for continuing to support me.

Education
College
Academic
Computer Science
Engineering
Recommended from ReadMedium