Skip to main content

Posts

Showing posts with the label Cloud

Securing Terraform and You, Part 3 -- The Finish Line

9/20: The open source version of Terraform is now OpenTofu   I swear, this is not a recurring series. The problem just -- finally -- got solved. Part 2 is over here . I went back to tfsec after seeing the simple start guide posted here , by Liam Galvin at Ghost Security. There are two aspects of my code:  Allow buckets starting with [word]  deny buckets that don't start with [word].  The initial guide only has "don't allow buckets that are exactly named this", but that's all I needed to actually get going! The problems could have been; The rego file and the terraform file don't play well in the same folder. Having the options in two separate subfolders helped even though there was a command that I used to read both files in the same folder. Trivy ... I don't know. Maybe the metadata setup was incorrect - but if it's set up as comments -- readable by the program but not acknowledged in the rego -- who knows. I can work on that in the future. The code w...

Securing Terraform and You Part 2 -- Trivy by AquaSecurity

9/20: The open source version of Terraform is now  OpenTofu    Part one is over here . This comes as the 3rd tool in a long line of tools I am using to make Terraform (OpenTofu) code consistent. I went back to the Styra Academy courses for OPA Policy Writing. I am a very "Just show me the general idea, and I can probably figure it out", and I am reasonable enough to say that it didn't work this time, and I had to take the slow road. Good start; Trivy told us where it installed; trivy info installed /usr/local/bin/trivy /Users/morganza/Library/Caches/trivy the homebrew package had an outdated version, so I had to install v. 0.40.0 myself and link it to the previously installed 0.18.0 I believe -- See the GitHub discussion here . We are now back to rego, but fortunately, Trivy works as intended when you run it locally with the following command; trivy conf --policy . --namespaces morganza . There was an odd combination of YAML with a bit of rego involved for tfsec -- can ...

Using AWS Data Migration Service

 Want to share this easily?  Check out the Notion page. By Morgan Lucas (she/her) from this video by Johnny Chivers We use data migration services to, well, migrate data. But why would we want to do this?  Perhaps... We're moving our business to the cloud, and need to shift all of that cold storage we have onsite. We want to use it as a backup in cause our infrastructure is out of commission. We could have information to share with a 3rd party, and instead of giving access to on-site databases, we put it on AWS to share. Nevertheless, let's recap what I've done. Created publicly accessible, password-protected database with Amazon Aurora with PostgreSQL Compatibility to migrate to Amazon Dynamo DB Managed inbound rules of security group to limit access Used open source software HeidiDB to interact with database via a TCP/IP session and specific URL for DB (Not shown here for security)     Connected to Aurora PostgreSQL Database ran queries that deleted and cre...

Business Bonus: AWS Outage (12/7/2021)

  There was an AWS outage a few days ago; You were probably impacted in one way or another. If any of my appliances would ever e-mail me, I think I'd die of shock. Every thing from Disney+ to McDonalds was affected, as US-East-1 was US-East-None for a few hours. Even Amazon delivery drivers and warehouse workers couldn't complete their breakneck, no bathroom, tasks. My Alexa couldn't reach AWS. "Guess I better attach it to the new hotspot..." I thought, before moving on with my day and not doing that. Turns out, my hotspot wasn't the issue.

Get in CloudFormation; A Timeline learning IaC for AWS

  Want to share this page easily?  Here's a Notion Page .   A big shoutout to Pluralsight for their free weekend, and James Millar for a great introductory course . For the longest time, I couldn't see how people found this easy, but this helped. (Why did we make up so many programming languages that only work based upon the correct formatting of spaces and tabs? Readability is important, but when you're just beginning, how I learn, I'm interested in 'it works' first and 'it's pretty' second).   The (paid) project: Create an Instance that has basic security rules from a security group it's in. The most difficult part was learning the tool and the formatting. This was much easier in Terraform (Now OpenTofu) for AWS, but this time we wanted to use CloudFormation.   The Numbers: Resources Created: At least 11 VPC MacOSImageID* MacOSInstanceKeyName* InternetGateway PublicInternetRoute VPCGatewayAttachment PublicInternetRouteTable PublicSubnet01 P...

Totally Terraform (Or, Introducing Terraform DevOps Cloud Engineer Proceedures to A Company) [Updated March 2022]

 Want to share this post easily? Here's a Notion page !   9/20: Terraform is now  OpenTofu   I got to teach myself Terraform, but that's what this entire blog is about; Teaching myself things and hoping for work sometimes to make money and being employed by multiple people. You can be the next one! Anyway, what do I like about Terraform? A lot. Including all the troubleshooting and digging into new things. The Numbers on What Was Made: Project : 1 Resources created : 7 Virtual Machine Network Interface Virtual Network Security Rule attached to Security Group Security Group (with outputs) Subnet Public IP address Many of these resources are attached to each other - The Network Interface is attached to the Virtual Machine, and they’re both in a Security Group which has Security Rules attached to it. The Virtual Network is attached to the Subnet, and the Public IP address is attached to the Network Security Group. This way, The Virtual Machine has internet acce...

Azure Networking Options - Core Cloud Services

I have done a lot of AWS things on here. Time to give Azure some attention. After all, since employers don't think Cisco or COMPTIA certifications are important, maybe Microsoft ones are? First, let's really think about why these are the two biggest cloud services providers in the world: They've been doing internet things for a long time. Amazon launched in 1995 , a virtual bookstore. Microsoft, well, you know.  They've lived, breathed, and frankly, created, infrastructure that we use today, that they're selling to us today. Of course the Store of Everything and the Company of Everything would encourage us to put everything in their hands. Also: Azure has a lot less silly names for modules. Important. I appreciate straightforwardness. I said 'a lot less', not '100% sensible names' Microsoft has a clear set of Azure Fundamentals that anyone can interact with. Let's talk about networking basics, basically to say, again, ...