April 5, 2021

Connect Escalation

Connect is a really interesting product with some interesting use cases. I had one come up recently about how to provide an escalated paging service. We needed to restrict access to only Australian mobiles and wanted to also validate that the mobile user was at least some what real. Finally we send a page via Opsgenie. - If you wish to use an alternative service, update the code to your provider. Read more

April 5, 2021

WAF insights with QuickSight

Following on from my last post using Athena to query WAF logs, I decided to take this a big further and look at what I can do with QuickSight to get some insights. Directly quoted from the Amazon QuickSight home page: Amazon QuickSight is a scalable, serverless, embeddable, machine learning-powered business intelligence (BI) service built for the cloud. QuickSight lets you easily create and publish interactive BI dashboards that include Machine Learning-powered insights. Read more

March 23, 2021

Query WAF logs with Athena

I’ve been using AWS WAF a bit recently and I needed a way to query the logs that are shipped to S3. Athena is the logical solution to this. There is great documentation to get you started with querying WAF logs via Athena and also how to setup WAF logging. My specific requirement required me to start off with the WAF in COUNT mode. While WAF has an excellent facility to to see samples, they only last for 3 hours so I needed the ability to get the logs. Read more

March 21, 2021

Why Infrastructure as Code (IaC) is important

Infrastructure as Code or IaC is becoming a staple for configuring, deploying and maintaining infrastructure and service configuration in the cloud. Both of the large Hyperscalers, AWS and Azure support their own version of IaC. AWS has CloudFormation, and Azure has ARM (Azure Resource Manager). Then there is the ever popular open source Terraform from Hashicorp. AWS released CloudFormation on 25th February 2011, Azure released Azure Resource Manager in April 2014 around the same time that Hashicorp started hacking on Terraform. Read more

March 21, 2021

How to deploy Control Tower Config in Management Account

Have you deployed Control Tower and then deployed Security Hub and expected that AWS Config would be enabled in the Management account, but find that it isn’t? It’s a relatively simple fix that involves adding your account id to several StackSets and configuring a missing role: StackSets: AWSControlTowerBP-BASELINE-SERVICE-ROLES AWSControlTowerBP-BASELINE-ROLES AWSControlTowerBP-BASELINE-CONFIG Roles: AWSControlTowerExecution I’m generally deploying to the Sydney (ap-southeast-2) region, so my procedure will use this region. If you are deploying Security Hub and Control Tower in other regions substitute as appropriate. Read more

© Greg Cockburn

Powered by Hugo & Kiss.