Finding Suspicious Traffic using CloudWatch Log Insights and VPC Flow Logs

While playing around with AWS CloudWatch Log Insights to analyze VPC flow logs, I thought of a couple of fun ways to identify (probably) malicious traffic. Finding Vulnerability Scanners These are the guys that hammer your box looking for anything from silly SQL injection attacks (so 2005) to CSRF vulnerabilities. The tell: look for hosts that reuse the same source port. The Query filter (srcPort > 1024 and srcAddr !

Studying for the AWS Certified Solutions Architect: Associate Exam (SAA-C01)

Study Guides The AWS Certified Solutions Architect Study Guide: Associate SAA-C01 Exam 2nd Edition ($30) by David Clinton and myself covers more than you need to know to pass the exam. If you don’t believe me, just click the link and look at the reviews on Amazon. If you are fairly new to AWS, you’re better off starting with the AWS Certified Cloud Practitioner Study Guide: CLF-C01 Exam, also by David Clinton and yours truly.

Operational Excellence Means Automation

People use the term “operational excellence” in a lot of different ways. In its vaguest sense, it means continuous improvement as applied to operations. But you’re interested in what it means in the context of technology operations. And I’m here to tell you that it means automation. Operational Excellence is one of the five pillars of the AWS Well-architected Framework. The AWS whitepaper lists six design principles for achieving operational excellence.

Using AWS Systems Manager to Upgrade WordPress

After years of manually upgrading my self-hosted WordPress installation, I decided it was finally time to apply some devops principles (namely automation) to this process. This site runs on an EC2 instance on AWS, so I decided to use AWS Systems Manager (aka SSM). I started out by creating the following Command Document (which happens to be in YAML format because JSON is ugly): --- schemaVersion: "2.2" description: "Download and install WordPress"

Architecting for Security on AWS

My latest course “Architecting for Security on AWS” is now available on Pluralsight! You’ll learn how to secure your data and AWS services using a defense-in-depth approach, including: Protecting your AWS credentials using identity and access management Capturing and analyze logs using CloudTrail, CloudWatch, and Athena Implementing network and instance security Encrypting data at rest and in-transit Setting up data backup, replication, and recovery Go check it out!

AWS Networking Deep Dive Courses

Puzzled by networking on AWS? Check out my AWS networking deep dive series! AWS Networking Deep Dive: Route 53 DNS Configure Route 53 for any domain name, and configure health checks and routing policies.   AWS Networking Deep Dive: Virtual Private Cloud (VPC) Create secure and scalable VPCs. Implement multi-VPC topologies, build peering connections, network address translation, and more.   AWS Networking Deep Dive: Elastic Load Balancing (ELB) Securely configure load balancing for any public or private application.

AWS Networking Deep Dive: Route 53 DNS

Many of you have been asking for months when my Route 53 course would release. Well, it’s finally here! _AWS Networking Deep Dive: Route 53 DNS_ is now available on Pluralsight. Topics covered include: Configuring Route 53 to work with any domain name, even one registered with a different registrar DNS concepts and how Route 53 fits in with the internet’s domain name system Creating public hosted zones, health checks, and routing policies Using private hosted zones with multiple VPCs