aws

Finding Suspicious Traffic using CloudWatch Log Insights and VPC Flow Logs

While playing around with AWS CloudWatch Log Insights to analyze VPC flow logs, I thought of a couple of fun ways to identify (probably) malicious traffic. Finding Vulnerability Scanners These are the guys that hammer your box looking for anything from silly SQL injection attacks (so 2005) to CSRF vulnerabilities. The tell: look for hosts that reuse the same source port. The Query filter (srcPort > 1024 and srcAddr != "

Studying for the AWS Certified Solutions Architect: Associate Exam (SAA-C01)

Study Guides The AWS Certified Solutions Architect Study Guide: Associate SAA-C01 Exam 2nd Edition ($30) by David Clinton and myself covers more than you need to know to pass the exam. If you don’t believe me, just click the link and look at the reviews on Amazon. If you are fairly new to AWS, you’re better off starting with the AWS Certified Cloud Practitioner Study Guide: CLF-C01 Exam, also by David Clinton and yours truly.

Operational Excellence Means Automation

People use the term “operational excellence” in a lot of different ways. In its vaguest sense, it means continuous improvement as applied to operations. But you’re interested in what it means in the context of technology operations. And I’m here to tell you that it means automation. Operational Excellence is one of the five pillars of the AWS Well-architected Framework. The AWS whitepaper lists six design principles for achieving operational excellence.

Using AWS Systems Manager to Upgrade WordPress

After years of manually upgrading my self-hosted WordPress installation, I decided it was finally time to apply some devops principles (namely automation) to this process. This site runs on an EC2 instance on AWS, so I decided to use AWS Systems Manager (aka SSM). I started out by creating the following Command Document (which happens to be in YAML format because JSON is ugly): --- schemaVersion: "2.2" description: "Download and install WordPress"

Architecting for Security on AWS

My latest course “Architecting for Security on AWS” is now available on Pluralsight! You’ll learn how to secure your data and AWS services using a defense-in-depth approach, including: Protecting your AWS credentials using identity and access management Capturing and analyze logs using CloudTrail, CloudWatch, and Athena Implementing network and instance security Encrypting data at rest and in-transit Setting up data backup, replication, and recovery Go check it out!