Лекторите на #AWS Community Day Bulgaria 2024! https://lnkd.in/dWCyRUKe Sheen Brisals - The Enterprise Serverless Scale Of Measure! Ben Kehoe - Where does Serverless go from here? Monica Colangelo - Enabling Zero-Downtime Service Delivery with Automatic Testing in Blue/Green Deployments Aleksey Divarov - AWS Networking: Connect To Your Cloud in 2024 Miglen Evlogiev - Security Incident Response in AWS Yavor Ivanov - Deep dive into the OLA data lake Jordan Ilchev - Are Your Cloud Solutions Well-Architected? Roman Boiko - Serverless Applications Cost and Performance Optimization Kristiyan Nikolov - Cloud Quest: Resurrecting Diablo II on MacOS M1 with AWS Anton Stamenov - Cloud infra - the long run Martin Nanchev - Securing VPC from data exfiltration Rosen Rankov - How to build a LakeHouse with Databricks Maurice Borgmeier - Finding and using undocumented AWS APIs Detelina Vassileva - Rightsizing your proposal Kamen S. - The Modern Developer’s Toolkit - Live Coding AI-Powered Applications with Amazon Q + очакваме потвърждение от още двама лектори. Мисля, че комитета по програмата успяхме да изберем супер силни сесии! Билетите за конференцията са в Early Bird до края на месеца - https://lnkd.in/edZ9yj2c
Daniel Rankov’s Post
More Relevant Posts
-
Freelance DevOps Engineer AWS, Terraform & Kubernetes; I automate efficiency and security
How to avoid using AWS credentials in GitHub Actions? If you want your GitHub Actions pipeline to perform some actions in AWS, the usual way is to create an IAM user with some keys, and then to store those keys as secrets in GitHub. This is not ideal because those long-lived secrets have to be copy/pasted and can potentially be leaked. A more modern, better way is to configure your AWS account to accept GitHub as an identity provider. First, navigate to the IAM console on your browser, and click “Add provider”, and fill in the form like so: - “Provider type”: “OpenID connect” - “Provider URL”: https:// token dot actions dot githubusercontent dot com - “Audience”: sts.amazonaws.com You now need to create an IAM role for your GitHub pipeline. Create an IAM policy allowing your pipeline to perform the required actions. Ideally, follow the principle of least privilege. Then create an IAM role. AWS makes it easy for you to configure that role to be used by GitHub: - “Trusted entity type”: “Web identity” - “Identity provider”: Select the identity provider you created before - “Audience”: sts.amazonaws.com - “GitHub organization”: Type in the name of your GitHub organization - “GitHub repository”: Optionally type in the name of the GitHub repo that will run that particular pipeline - “GitHub branch”: You can restrict the role to specific branches Attach the policy you previously created and give the role a good, descriptive name. Note down the role ARN. Finally, you can configure your GitHub pipeline to use this IAM role. Here is an example of what such a pipeline would look like: ```yaml name: Pipeline doing stuff in AWS on: push permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout jobs: myjob: name: My awesome job runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::258302884997:role/RoleForGithubActionsCmsRepo role-session-name: github-cms-pipeline aws-region: eu-west-1 - name: Do stuff in AWS run: aws sts get-caller-identity ``` Both GitHub and AWS make it very easy to use this method, so make sure you stop copy/pasting those AWS keys moving forward!
Access Management- AWS Identity and Access Management (IAM) - AWS
aws.amazon.com
-
Methods to Backdoor an AWS Account We have already explored some methods of privilege escalation in AWS. One of the next goals of an adversary would be to create backdoors in their target AWS account to have long-term access. In this blog post, we walk through some of the techniques that can allow persistence in any AWS environment. While exploring resources to find out different methods of persistence in AWS, a blog post from Daniel Grzelak was a goldmine! A huge shoutout to him for sharing this information. Make sure to check his article as well, as he has mentioned more details, scripts to automate some techniques, and information for blue teams to improve their detection. https://lnkd.in/dnNeRdeN Daniel's Article: https://lnkd.in/djFwJKwp #aws #awssecurity #cloudsecurity
Methods to Backdoor an AWS Account
mystic0x1.github.io
-
Using multiple AWS accounts with the CLI can be difficult. Try https://lnkd.in/dn9rGkuE. By using your AWS credentials, this tool generates short-lived tokens and securely stores plaintext AWS credentials.
GitHub - 99designs/aws-vault: A vault for securely storing and accessing AWS credentials in development environments
github.com
-
Providing Governance, Guidance and Guardrails for teams working and creating in the cloud
Confidently Access Simple and Secure CloudDB (Mongo) in AWS
Confidently Access Simple and Secure CloudDB (Mongo) in AWS
https://www.accuweaver.com
-
Site Reliability Engineer | DevOps | LinkedIn Learning Instructor | YouTuber | CKA | CKAD
👨💻Best Way to Host a Secured & Highly Available Website in #AWS New video alert 🚨 Discover the ultimate guide to maximizing security and availability while hosting your website in AWS 🔔 https://lnkd.in/gupakBjN 🚀 When you learn by doing, you stand a high chance of acing that #interview and performing better in your #job. Kindly repost if you find it useful 🙏 #techwithhelen
Host a Secured & Highly Available Website in AWS || AWS Hands-on Project
https://www.youtube.com/
-
Create Hosted Zone in AWS Route 53 https://lnkd.in/d_BGnE3D
Aws Route 53 Create Hosted Zone
abhijeetpratap.com
-
Are you a fan of the AWS IAM Role concept? I certainly am, as it shields you from managing AWS credentials, thereby minimising significant security risks. The only situation where individuals are compelled to use AWS credentials is when operating outside the AWS infrastructure, as IAM roles can exclusively be linked to AWS instances. After going through this blog, you won't have to worry about as IAM anywhere can take your IAM roles beyond AWS boundary. #opstree #iam #security #buildpiper #iamroles
AWS IAM Roles are crucial for access management within the AWS ecosystem, but what about resources outside AWS? IAM Roles Anywhere simplifies the enablement of secure access beyond AWS. Here in this blog, we'll discuss the core idea behind IAM Roles Anywhere and how it streamlines access management. Read more: https://lnkd.in/dn7E8t3b BuildPiper - By OpsTree Shankar Prasad Jha Sandeep Rawat Arpit Jain Yogesh Batish Sajal Jain RAJAT VATS Alok Upadhyay Abhishek Dubey Ashwani Singh Sandeep Mahto #iam #techforgood #techblogs #devops #engineeringcommunity #engineers #aws
Exploring the Power of IAM Roles Anywhere
http://blog.opstree.com
-
Support for AWS PrivateLink is now available for #ApacheCassandra on the Instaclustr Managed Platform! To learn more about this announcement and the effort our team put into making this integration possible, read our blog for more details. Access it here: https://lnkd.in/gG7JYXf3 #OpenSource #Instaclustr
Support for AWS PrivateLink On Instaclustr for Apache Cassandra® is now GA
instaclustr.com
-
🔐 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐭𝐢𝐩 🔐 How many of you on Amazon Web Services (AWS) #ECS have set secrets directly as environment variables, either manually or picking them from a secret manager? Come on, don’t lie! You there, in the back row, why are you hiding? 🤣 On AWS it’s possible to set an environment variable in the Task Definition as an ARN that references a value in the AWS Secret Manager. This way, no secrets are exposed in plain text anywhere. 🚀 #security #securitytip #devops #aws #ecs #terraform #secretmanager
