avatarKirsten Fabish

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

5791

Abstract

7156">I covered user-specific secrets here:</p><div id="744d" class="link-block"> <a href="https://readmedium.com/create-a-per-user-secret-in-secrets-manager-part-1-bb97b66e2a2d"> <div> <div> <h2>User-Specific Secrets on AWS: IAM Policies</h2> <div><h3>ACM.82 IAM Policies to allow users to describe their own secrets</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*PcniDpBJq2db0jbdryc_Nw.png)"></div> </div> </div> </a> </div><h2 id="aada">Create the user-specific Secret to store the automation credentials</h2><p id="a515">Next I create <b>SandboxDevAutomationSecret</b> in Secrets Manager, encrypted with my <b>Sandbox KMS key</b>.</p><figure id="e15e"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*DQonCyF8UzPnZZoiGOKD9w.png"><figcaption></figcaption></figure><figure id="f7b3"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*zITxEtD__wFDwpPrBpqv4w.png"><figcaption></figcaption></figure><h2 id="2e63">Create a user-specific EC2 instance role for the SandboxDev user</h2><p id="3417">Next I create an EC2 instance role that the developer is allowed to pass to EC2 instances named <b>SandboxDevEC2Role</b>.</p><figure id="44ef"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*__fohZeTWjwdYrS__B4imQ.png"><figcaption></figcaption></figure><p id="eee9">The role will have a prefix with the username:</p><figure id="7afa"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*7dKW5KiQMivtKqjgzA_1Gw.png"><figcaption></figcaption></figure><p id="a338">This role is granted access to:</p><ul><li>Read the<b> SandboxDevSecret.</b></li><li>Pull containers from the <b>sandbox Elastic Container Repository.</b></li><li>Use the <b>sandbox KMS key </b>to access decrypt the secret and the container in the repository</li></ul><h2 id="df90">Create the Automation user</h2><p id="b752">Create the <b>SandboxDevAutomation</b> user. Do not give this user console access.</p><figure id="ddeb"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*QWVvQMA9aDCtmiVxSR61iw.png"><figcaption></figcaption></figure><p id="c19e">Remember that I already have a role (<b>CloneGitHubtoCodeCommitRole</b>) used by my batch job from prior posts. Create a policy that allows the SandboxDevAutomation user to use STS to assume that role.</p><p id="559f">The <b>SandboxDev</b> user needs permission to change the <b>credentials</b> <b>and</b> MFA device of the <b>SandboxDevAutomation</b> user.</p><h2 id="0f53">Edit the batch job role trust policy to allow the SandboxDevAutomation role to assume it</h2><p id="7f1d">We need to modify the trust policy to allow the <b>SandboxDevAutomation</b> <b>user</b> to assume the <b>CloneGitHubtoCodeCommitRole</b> role with MFA.</p><figure id="6ad1"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*xAHGslW3SSbv6c5NO8mhzg.png"><figcaption></figcaption></figure><p id="7ad0">Edit the trust policy:</p><figure id="cfaf"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*Vna71G_F2e-8Vdtw4yBwFw.png"><figcaption></figcaption></figure><p id="6a5a">Change the user to SandboxDev:</p><figure id="f788"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*vpSqEqjFa_qg59v_dnPCzQ.png"><figcaption></figcaption></figure><h2 id="49b3">Add permissions to KMS Key Resource Policy</h2><p id="8cf1">Next I need to allow the <b>SandboxDev</b> user to encrypt and decrypt and the <b>SanboxDevEC2Role</b> to decrypt with the <b>sandbox KMS Key.</b> I edit my automation to add those two roles to the encrypt and decrypt users.</p><figure id="380f"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*UkzCt10p0iqCR4OpMs6uhQ.png"><figcaption></figcaption></figure><h2 id="d015">Login as SandboxDev</h2><p id="725d">Log into the AWS Console with the SandboxDev user. If you’ve been following along, you have an account with a prefix specific to your organization and -Dev at the end if you used my deployment scripts.</p><figure id="13d5"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*5L-3C9ORVXOWv6KRdCkBLg.png"><figcaption></figcaption></figure><h2 id="d260">Add MFA devices</h2><p id="5cca">Add a Hardware MFA device to the SandboxDev User.</p><figure id="21f0"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*8s8rTuyWOsLAQUEqfwTtOQ.png"><figcaption></figcaption></figure><p id="c0e6">Add a Virtual MFA device to the SandboxDevAutomation User.</p><p id="5cec">I explain why I do not use a Yubikey to generate MFA codes here:</p><div id="1308" class="link-block"> <a href="https://readmedium.com/the-yubikey-cli-and-aws-mfa-50e6be0698a7"> <div> <div> <h2>The Yubikey CLI and AWS MFA</h2> <div><h3>ACM.11 Considering the attack surface and MFA choices for our Security Batch Jobs</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*SFAKbcK__GlbJbJJJVXK9w.png)"></div> </div> </div> </a> </div><figure id="5893"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*iFl4DTQNuplt-SGONHpNYw.png"><figcaption></figcaption></figure><h2 id="d7df">Create automation credentials</h2><p id="b9e4">Create an <b>Access key</b> for the <b>SandboxDevAutomation</b> user.</p><figure id="7f1e"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*KoVfxp-aJvzBiacPyFeMlA.png"><figcaption></figcap

Options

tion></figure><p id="217e">I have explained before that I disagree with the verbiage on this page. The CLI in the browser has a much larger attack surface and it depends how you are using the keys.</p><figure id="0423"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*_CCe4xu8AcNLloUHgvF5Aw.png"><figcaption></figcaption></figure><h2 id="8caa">Store the credentials in the SandboxDevAutomationSecret</h2><p id="24aa">Head to the Secrets Manager dashboard.</p><p id="432d">Click on the SandboxDevAutomationSecret.</p><figure id="6893"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*cz9jnYSnBsGXf9Y8VZjGPQ.png"><figcaption></figcaption></figure><p id="f616">Store the secret key id and secret access key.</p><figure id="4b95"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*-G9eR929nKSsGWrsOuzucg.png"><figcaption></figcaption></figure><h2 id="5496">Test Launching an EC2 Instance with the SandboxDev role</h2><p id="8907">Head over the EC2 dashboard and test launching an EC2 Instance. Recall that the Instance name needs to match what we specified in the policy above.</p><figure id="a1c7"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*FqCLLp7V854JJZa88TIdvA.png"><figcaption></figcaption></figure><p id="2bc8">If you need to decode any error messages I explained how to do that here:</p><div id="bb13" class="link-block"> <a href="https://readmedium.com/decoding-aws-error-messages-db0e0cbecf0d"> <div> <div> <h2>Decoding AWS Error Messages</h2> <div><h3>Free Content on Jobs in Cybersecurity | Sign up for the Email List</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*4oxP4LXk8l8c3mpRvO7ejg.png)"></div> </div> </div> </a> </div><p id="bd85">Choose the existing networking created for EC2 instances from prior posts.</p><div id="a149" class="link-block"> <a href="https://readmedium.com/automating-cybersecurity-metrics-890dfabb6198"> <div> <div> <h2>Automating Cybersecurity Metrics (ACM)</h2> <div><h3>A series of blog posts on cybersecurity metrics and security automation</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*L9lEIsaWt6xm2Op2ww-G5w.png)"></div> </div> </div> </a> </div><p id="2937">Choose the role we created under Advanced details.</p><figure id="8870"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*oHJior3Ueea6woDB1zqqKQ.png"><figcaption></figcaption></figure><p id="a822">One note that took me a bit to resolve. The message when your user does not have permission to pass the IAM role to the EC2 instance is a bit ambiguous.</p><div id="a0fb" class="link-block"> <a href="https://readmedium.com/ambiguous-error-message-when-a-user-doesnt-have-permission-to-pass-a-specific-iam-role-to-an-ec2-b005f338b6df"> <div> <div> <h2>Ambiguous Error Message When a User Doesn’t Have Permission to Pass a Specific IAM Role to an EC2…</h2> <div><h3>This error message needs to be more specific and doesn’t show up in CloudTrail for the User Name</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*4oxP4LXk8l8c3mpRvO7ejg.png)"></div> </div> </div> </a> </div><p id="51b2">Getting the resources setup took some time because I realized I had to revise my approach. I didn’t automate any of this but I will in the future. For now I just want to make sure it works. I can also figure out what permissions each policy requires.</p><p id="1fb5">I will test the initialization script in the next post.</p><p id="2c31">Follow for updates.</p><p id="4a3a">Teri Radichel | <i>© <a href="https://2ndsightlab.com/?source=post_page---------------------------">2nd Sight Lab</a> 2023</i></p><div id="8b5f"><pre><span class="hljs-section">About Teri Radichel:

⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab</pre></div><div id="caae"><pre><span class="hljs-section">Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation</pre></div><div id="530b"><pre>Follow <span class="hljs-keyword">for</span> more stories like <span class="hljs-keyword">this</span>:

❤️ Sign Up my Medium Email List ❤️ Twitter: <span class="hljs-meta">@teriradichel</span> ❤️ LinkedIn: https:<span class="hljs-comment">//www.linkedin.com/in/teriradichel</span> ❤️ Mastodon: <span class="hljs-meta">@teriradichel</span><span class="hljs-meta">@infosec</span>.exchange ❤️ Facebook: 2nd Sight Lab ❤️ YouTube: @2ndsightlab</pre></div><figure id="eecf"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*H9Ew1KCl-29nZiPR.jpeg"><figcaption></figcaption></figure></article></body>

Tarot/Intuitive Read: MONEY February 2024

A Collective Money Reading & Advice

Photo by Gio Bartlett on Unsplash

Let’s do some poking around in the money world and see what advice the Tarot has for us when it comes to our finances.

DISCLAIMER: I am not a financial advisor. This is for entertainment purposes as well as spiritual guidance. Any decisions made or actions taken by a person are the sole responsibility. My Readings are Constructive and not Destructive.

For February 2024 we have pulled the following…

3 of Swords (reversed), 10 of Coins (reversed), The Magician (upright), The Sun (upright).

With the 3 of Swords here it’s looking like we are getting over disappointment. We are getting over the loss. We are getting over stress. We are getting over grief when it comes to our finances. I think that we can all agree that in the last while with inflation, the economy, the taxes, and the seemingly impossible chance of home ownership… things are looking up! If you have been having some financial setbacks lately, this is your signal that things are going to start to improve this month. This is a great month to start looking into savings accounts, starting a budget with the focus on saving for something big and paying things off, we are finding ourselves in a better financial situation or setup than we thought we were in. There is an increase in stability being shown to me as well.

On the other hand…

If you have suffered a huge financial loss recently, and by recently I mean in the last year, you more than likely will feel the effects of this. You more than likely will need to clear issues with guilt and grief that you have built up from this. You need to let go of your money guilt and grief so that you can attract again. If you are in a serious amount of credit card debt you are being heavily pushed to change your spending habits. This will be a struggle for those who have been living outside their means for a while without consequences. You will start to see the consequences of this. Long story short, debt is out of control, and it’s time to rein in. For some, they are going to be needing to give up a standard of living to accommodate their financial situation so we could see an increase in home movement and people putting up items for sale. This might need to happen for some of us, we might need to give something up that is outside our means. There is a huge reality check coming through. Not accepting this truth is only going to make your life more difficult. This is about longevity and what is best for you in the long run. We are creating stability, structure, and a financial setup that can withstand the storm. This is where we might see signs of a back-and-forth economy where we aren’t sure if we are ok or in the clear. Things are teetering one way and then the other.

I do wonder if something is going to give here right away on a bigger scale if we are being pushed so hard to get our financial situation together. Our money and finances were also heavily talked about in my February 2024 Reading. This can be read here…

With the 10 of coins reversed this is a signal that we need to be very careful with our money in February. Save, Save, Save. Do not let debts pile up this month. PAY OFF THEM DEBTS. This month would be a good month to do a no-spend challenge and stick to a strict budget. We need to get our asses in gear when it comes to our spending and our debt. There could be some big financial losses for some. I wonder if this is maybe about the stock market??? We will have to wait and see! Or possibly just another emphasis on living outside of our means. There can also be some fights over money with inheritance, family arguments, or just general fights over money. We just need to be extra careful right now is the big message and take away from this.

For The Magician, it does seem like we are in a manifesting vortex. This just means that there will be opportunities to improve our financial situations, but we will more than likely need to jump on them. I do think that they will be fleeting. This can be a good sign for day traders that there will be opportunities to make some money this month but you will need to take what you can get and not get greedy. When you hit a target or see an opportunity be quick. In and out. Our mind needs to be very clear though for this. The Guides are saying that these opportunities are going to show through in skills that we already have and are knowledgeable in. It won’t be something that we need to go out and buy or learn about. It’s already in our tool kit. What skills do we underutilize? How can we get creative with what we know how to do? We need to take a bit of initiative here. Being creative will yield results. That will be a key for you.

There is also a suggestion coming from the magician that we need to stop the fight. Stop the chase and just be smart. There is a battle that we are having with money that is ruining our energy. Stop fighting it. Stop battling. It also emphasizes the need to look at how we live outside of our means and what things we can cut out of our lives that are costing us money. I feel that this is going to be the winning ticket for everyone. We all need to look at how we overspend, what we spend frivolously on, how can we cut back, our subscriptions, etc.… Many of us have a luxury expense that we need to face a reality over.

I do think that there will be lots of scams out and about so just keep that in mind. Only deal with people who you trust and know well this month.

The Sun is shining on all the things we refuse to face, refuse to acknowledge, and even reveal the truths of our finances. This is about coming back down to Earth when it comes to our spending. Grounded spending, grounded money. With the sun shining on our finances, this change and these hard truths are meant to bring us back into a place of harmony when it comes to money. Many of us haven’t been there in a while or haven’t felt good about our money for some time now. We have played a victim role when it comes to money for too long and it is causing us to lose our power and we are giving our money away as well. Victimhood leaks and loses energy and money. Energy is currency, and so is money, money is a currency. Big revelations on our money will be a theme for this month. It’s time to make some big changes that secure us for the future. This is all about stability, happiness, peace, comfort, rewards, and gratitude. That is what we are trying to create this month when it comes to money. That is what the Universe is going to be supporting when it comes to our finances.

Photo by Josh Appel on Unsplash

Collective Message

Ace of Swords (upright), 8 of Cups (upright), 4 of Swords (upright), Justice (upright), 3 of Cups (upright).

This is the part where things are meant to get better financially for us. There is a finality to this month when it comes to our finances. Some truths are being revealed in our situation. I do expect some will receive some windfalls or some good news when it comes to their financial matters. I do believe that as long as we work in a manner that is meant to improve our situation rather than chase, the universe will conspire in our favor and full support. Chasing is a big no-no this month. More more more will not work. This is only going to dig us deeper into a pit. We need to be practical and level-headed about what we can do. Some of us cannot maintain some of the luxuries that we have and it’s time to consider what you can do with what you have to make a situation better. Many of us may need to give something up, truthfully.

We need to tame our monkey minds when it comes to money. We have been running in a state of chase, stress, and despair for so long that it has become second nature and it is causing more stress and more chase. We are always in this mode of I need more more more and it’s causing us suffering, it’s causing our relationships to suffer, and many of us are not having a good time in the hustle. It has knocked us out of the flow, and out of alignment, and makes it so hard to attract what is meant to be effortless. Constantly staring at your bank account and thinking of all the things that you don’t have, and checking your bank account constantly is a trauma and a monkey mind response. STOP.

This is an ideal time for some partnerships to come together as well and work with someone when it comes to finances. It’s ok to ask for help and suggestions to see where you are falling short. There are some partnerships as well that happen this month that are going to prove to be financially abundant.

We need to keep things honest. Any shady moves or behavior when it comes to money will not bode well with Justice making an appearance in a financial reading. BALANCE. BALANCE. BALANCE. Balance your books. Only take what you need and give what you can. Stop with the overspending, the overgiving, and the over expenditures. Continue to keep things balanced and everything will be ok.

Thank you for reading!

Did you like this article? Please let me know by following, clapping, subscribing, or commenting below! Also, highlight any sections that resonated with you. I love hearing feedback in what way, plus it’s a free way to support writers on Medium.

Follow for more articles like this. I appreciate it so much.

Personal readings, energy healing sessions, and packages are available in my booking link as well. Light Wolf Energy

Photo by Author
Tarot
Finance
Money
Spirituality
Budget
Recommended from ReadMedium