Skip to main content

Posts

Showing posts with the label Projects

Securing Terraform and You, Part 3 -- The Finish Line

9/20: The open source version of Terraform is now OpenTofu   I swear, this is not a recurring series. The problem just -- finally -- got solved. Part 2 is over here . I went back to tfsec after seeing the simple start guide posted here , by Liam Galvin at Ghost Security. There are two aspects of my code:  Allow buckets starting with [word]  deny buckets that don't start with [word].  The initial guide only has "don't allow buckets that are exactly named this", but that's all I needed to actually get going! The problems could have been; The rego file and the terraform file don't play well in the same folder. Having the options in two separate subfolders helped even though there was a command that I used to read both files in the same folder. Trivy ... I don't know. Maybe the metadata setup was incorrect - but if it's set up as comments -- readable by the program but not acknowledged in the rego -- who knows. I can work on that in the future. The code w...

Making KPI Dashboards with PowerBI

 While this is the free tier, I cannot share or collaborate with others, nor can I publish content to other people's workspaces, but they will not stop me from screenshooting and recording these self-taught adventures,so! I'm doing this because I idly searched "Mattel careers" and "Information Technology", and seeing a bulletpoint saying the following: Analytical and reporting skills such as creating dashboards and establishing KPIs such as experience with PowerBI, Cognos, Tableau, and Google Data Lake/AWS is preferred And thought "Well, I've used Tableau, and I've heard about PowerBI,  even if its in-demandness is questionable , so how similar is it? And can I write about it?"  First, PowerBI (PIB) does have a downloadable, local version, but apparently Windows-only. I could download the .exe but I couldn't run it / drag it to applications on my MacBook.  Not a problem, we'll use the online SaaS version, and a dataset found here, ...

Securing Terraform and You Part 2 -- Trivy by AquaSecurity

9/20: The open source version of Terraform is now  OpenTofu    Part one is over here . This comes as the 3rd tool in a long line of tools I am using to make Terraform (OpenTofu) code consistent. I went back to the Styra Academy courses for OPA Policy Writing. I am a very "Just show me the general idea, and I can probably figure it out", and I am reasonable enough to say that it didn't work this time, and I had to take the slow road. Good start; Trivy told us where it installed; trivy info installed /usr/local/bin/trivy /Users/morganza/Library/Caches/trivy the homebrew package had an outdated version, so I had to install v. 0.40.0 myself and link it to the previously installed 0.18.0 I believe -- See the GitHub discussion here . We are now back to rego, but fortunately, Trivy works as intended when you run it locally with the following command; trivy conf --policy . --namespaces morganza . There was an odd combination of YAML with a bit of rego involved for tfsec -- can ...

Securing Terraform and You Part 1 -- rego, Tfsec, and Terrascan

9/20: The open source version of Terraform is now  OpenTofu     Sometimes, I write articles even when things don't work. It's about showing a learning process.  Using IaC means consistency, and one thing you don't want to do is have 5 open S3 buckets on AWS that anyone on the internet can reach.  That's where tools such as Terrascan and Tfsec come in, where we can make our own policies and rules to be checked against our code before we init.  As this was contract work, I can't show you the exact code used, but I can tell you that this blog post by Cesar Rodriguez of Cloud Security Musings was quite helpful, as well as this one by Chris Ayers . The issue is using Rego; I found a cool VS Code Extension; Terrascan Rego Editor , as well as several courses on Styra Academy; Policy Authoring and Policy Essentials . The big issue was figuring out how to tell Terrascan to follow a certain policy; I made it, put it in a directory, and ran the program while in that ...

Building, Breaking, and Building A CRM with Retool

 I like no- or low-code solutions to things. I've often wanted to simply push a button or move some GUI around and have the code implement itself.  I've thought about building something that's like a customer relationship management (CRM) system for keeping up with my network better than my little spreadsheet where I click links and then go like something. The general idea in this CRM Development is:  To have a GUI to add people to a NRM (Network Relationship Management).       Attach it to a database (MySQL is what I went with eventually using Amazon Relational Database service, but you can use PostGRES, and probably others).     Make sure components are connected to each other in the retool interface. This video is a good start. Watching the tutorial video, heard some SQL commands and went 'Oh no 😳" before going "Wait I know basic SQL", which is good, because you'll see.  When you get set up, there's a plethora of resources you ...

Using AWS Systems Manager and Patch Groups

 This is a way to manage your cloud setup and use patch your AWS infrastructure in a way that meets certain parameters. There are multiple operating systems you can choose from; It's the equivalent of saying "Hey, I have a Linux machine here; So search though all of the Linux options only and see if my particular Instance needs a patch." Or "Here's a group of Windows Servers; Check for patches once a week and let me know." If you have multiple instances with multiple instances, you can put those into Patch Groups and designate a OS to each, however, an instance can only be in one AWS Patch Group (PG) at a time. The most challenging part was simply setting things up. I did this in two accounts: In my root account, with the help of this video on YouTube, I simply put in instances, applied patches easily. In an IAM account, I had to have multiple permissions, and even then it took about 2 days for the instances to be acknowledged and for me to have patches atta...

Log Sorting with AWS CloudWatch, AWS CloudWatch Insights

 The cool thing is, I was contracted to make these videos in collaboration with CloudAvail Technology Consulting to help people decide which service they wanted to use for their logging - AWS CloudWatch, AWS CloudWatch Insights, DataDog, or New Relic. I'm searching through nginx logs. I have accompanying videos of each service that you can find on the CloudAvail Youtube page; See these links to go to the DataDog and NewRelic posts.   The idea was to be subjective in the videos, but I can be objective on my personal blog.     CloudWatch     The syntax is odd, but easy to grasp. Sort log data by IP addresses, message codes, and status codes. The simplest query system, but not quite robust.   Insights       The syntax has changed - Vastly. I see major SQL influences. You can see that in how the parse function works - in this case, it's often taken pieces of a pre-existing standard - in this case, message - and breaking them into their own c...

Log Sorting With New Relic

 The nifty thing is, I was contracted to make these videos in collaboration with CloudAvail Technology Consulting to help people decide which service they wanted to use for their logging and data visualization - CloudWatch, CloudWatch Insights, DataDog, or New Relic. I'm searching through nginx logs. I have accompanying videos of each service that you can find on the CloudAvail Youtube page; See the following links to go to the CloudWatch , CloudWatch Insights , and DataDog posts.   NewRelic   I expected this to be easier than the previous two and it's rather dense in its information at first glance, although you an adjust it to show real-time analytics.  Documentation is reasonable and concise; One could gather the basics of the syntax quickly. Opening a singular log entry and clicking the elements of it to include or exclude from a new query was very helpful. check out the video for how I did error tracking. The GUI is my favorite; Sleek and modern, and yet i...

Log Sorting With DataDog

The nifty thing is, I was contracted to make these videos in collaboration with CloudAvail Technology Consulting to help people decide which service they wanted to use for their logging - CloudWatch, CloudWatch Insights, DataDog, or New Relic. I'm searching through nginx logs. I have accompanying videos of each service that you can find on the CloudAvail Youtube page; See the following links to go to the CloudWatch , CloudWatch Insights , and NewRelic posts.   The idea was to be subjective in the videos, but I can be objective on my personal blog.     ...There's a lot of information.  And a lot of ways to sort it. What's the difference between Patterns and Transactions? The Live Tail setting is pretty cool. Would be very helpful in making you panic if there was some kind of incident and you got a ton of error logs, but then you can sort by patterns and get a bit more insight into what is failing or being attacked. You can see in my video that I had to ad...

A Serverless Application on AWS

  By Morgan Lucas, From Adrian Cantrill’s More Than Certified / GitHub . Find the Notion Page HERE . Pictured: Someone who would get use out of the app. Technologies used: AWS, Lambda, Step Functions, API Gateway, S3, SNS & SES. What Is This?: A small app for pets to both you for cuddles that will send an alert to a phone and an email address. Both points of contact must be opted into first. Stage 1 I register 4 objects - Two email addresses (sending messages, receiving messages) and 2 phone numbers (one to receive SMS [text messages], and an origination number. Stage 2 I used CloudFormation (again, our old friend) to create an IAM role that email_reminder_lambda uses to interact with other AWS services. Really beats searching through the policies! In the Lambda console, I create a function that uses Python 3.9 rundown and use the LambdaRole created via CloudFormation. There are multiple entries called some variation of LambdaRole, so look for the one with SES/SNS and C...

Building AWS Infrastructure with Python (+ Learning the Code)

Follow along with more DevOps stuff! It's not only CloudFormation and YAML we can use to build infrastructure in AWS - The ever-popular Python is here. I like how the docs say it should take around 6 minutes, and I'm here on maybe...minute 34 waiting for packages to finish installing. I'm sure it doesn't account for setup, but for a while, I was concerned I had misconfigured something. No, there are just a ton of packages to download.   Node.js had to not only open Powershell, but update my chocolatey and some VS Code components. Importing Python packages happens in consoles/terminals . You have to import them each session.  So, I open a terminal in VS Code to install this Pipenv Virtual Environment Package in theory. The hardest part is always installing Python packages, as I never remember what command works in Windows Terminal.  It's never pip install or apt-get, but 'python -m pip install [package], when you are not in the Python prompt. Now, into the cmd ...

Working With Terraform Modules for AWS

9/20/2023: The open source version of Terraform is now  OpenTofu  Terraform (now OpenTofu) for AWS is somewhat clearer than Terraform for Azure - easier to grasp than YAML and it's finicky formatting. After pushing some DevOps Terraform (TF) configurations live to AWS, I wondered if I could push a static webpage. Situation - Why Would You Use This? To quickly spin up the front-end for a simple webpage that might take user input after attaching it to back end services that accept and hold the data.  What Other Options Are There? I've documented hosting static webpages through Azure before on here through various methods - The process is somewhat intensive and relies strongly on interconnected systems. GitHub to host the code Azure Webapps to take the code and display it Another option would be using Netlify,  but that works best for truly single-page apps like this . It looks like it has different pages to the untrained eye, but it's only one. Task - How Is It Done? ...

Recon and SSID - Mapping With VisiWave Site Survey

My laptop is refurbished. I've written about how there are a few ... quirks. Being a technology professional, I felt okay with adopting an older machine, knowing I had the skill to fix moderate issues. From dying drivers to monitor massacres, I've ID'd, solved, and documented a lot of issues.  The newest one was my Wi-Fi adapter dropping the connection to a specific extender. While troubleshooting, I was curious about doing recon of WiFi networks and broadcasting devices anyway. That issue? A power setting. It was so determined to save power, it would disconnect. The extender is also flirting with the older end of 6 years old.  The battery needs to be replaced, but that's new to me. As a Windows laptop, there are a plethora of options to pick. How do you decide which one is safest?  I am suddenly concerned about this despite having 3 unofficial, 15$ Macbook Air chargers from eBay, and no explosions. But let's move onto the Site Survey - Where can I find the stronges...

Get in CloudFormation; A Timeline learning IaC for AWS

  Want to share this page easily?  Here's a Notion Page .   A big shoutout to Pluralsight for their free weekend, and James Millar for a great introductory course . For the longest time, I couldn't see how people found this easy, but this helped. (Why did we make up so many programming languages that only work based upon the correct formatting of spaces and tabs? Readability is important, but when you're just beginning, how I learn, I'm interested in 'it works' first and 'it's pretty' second).   The (paid) project: Create an Instance that has basic security rules from a security group it's in. The most difficult part was learning the tool and the formatting. This was much easier in Terraform (Now OpenTofu) for AWS, but this time we wanted to use CloudFormation.   The Numbers: Resources Created: At least 11 VPC MacOSImageID* MacOSInstanceKeyName* InternetGateway PublicInternetRoute VPCGatewayAttachment PublicInternetRouteTable PublicSubnet01 P...

Totally Terraform (Or, Introducing Terraform DevOps Cloud Engineer Proceedures to A Company) [Updated March 2022]

 Want to share this post easily? Here's a Notion page !   9/20: Terraform is now  OpenTofu   I got to teach myself Terraform, but that's what this entire blog is about; Teaching myself things and hoping for work sometimes to make money and being employed by multiple people. You can be the next one! Anyway, what do I like about Terraform? A lot. Including all the troubleshooting and digging into new things. The Numbers on What Was Made: Project : 1 Resources created : 7 Virtual Machine Network Interface Virtual Network Security Rule attached to Security Group Security Group (with outputs) Subnet Public IP address Many of these resources are attached to each other - The Network Interface is attached to the Virtual Machine, and they’re both in a Security Group which has Security Rules attached to it. The Virtual Network is attached to the Subnet, and the Public IP address is attached to the Network Security Group. This way, The Virtual Machine has internet acce...

Using Azure Web Apps to Host a Landing Site (#CloudGuruChallenge)

The video is really a Creative Agency webpage, but I followed along and repurposed it for my own ends. I got this out during the time of the #CloudResumeChallenge on LI! The parameters for the challenge are here . I found this page after I created the site. Hey, still learned something. Isn't the entire point of tech thinking outside the box and figuring stuff out anyway? Technologies used : Azure, HTML, CSS, Javascript, GitHub, Deployment Tokens, Twitter, Canva, Talking to People Resources : Tyler Potts' Creative Agency webpage with edits to make it an online portfolio - resume. Why Make a Landing Site? It's a brief site where a potential client or employer can quickly get the idea of what I do. You see it, and it's less overwhelming than a LinkedIn profile, or a blog with long posts. I had a similar site made in Webflow, and a links landing page made in Canva. Fine options, however -  - I couldn't get the Webflow elements lined up properly - An issue you'll ...

New Website Concepts - Made in Figma + Wireframing

   I had a 'Website Refresh' draft in my portal here - At a year old, I thought "I might as well make another post," I said (In September 2020) and here we are (Feb 2021).  I decided to take a short Figma course (Also September 2020). I'd say "Why am I not on time?" but who says there was a "time"? My understanding of Figma...Well, I made these pages! Is it perfect? No, but the general idea is here.  2/2021 : I have added Wireframing for more ideas. The Wireframes do not match the concepts in Figma.  Every icon sans the blog logo is from Evericons . The linked 'Concept #' lead to the actual Figma file, so take a look at it!