All Questions
38
questions
1
vote
1
answer
44
views
System architecture for storing sensitive data separately without single point of access
We're building a SaSS platform with support for integrations. Each client has multiple integrations. We'd prefer not to store these integration tokens in a centralized location, where there's a single ...
0
votes
2
answers
73
views
How to track specific logs in Ubuntu? (CPU)
We have this EC2 instance: T2.medium, running apache, with 4 virtual hosts (4 sites).
Sometimes, out of nowhere, the CPU reaches very high levels, maybe an attack.
I've seen some of our wordpress ...
1
vote
1
answer
3k
views
AntiVirus for AWS Linux 2 EC2
Is there antivirus software recommended to install AWS Linux 2 system?what would you recommend we install for that?
In my infra, I'm using the following AWS services:: EC2 (Seoul, Ohio, and Virginia), ...
0
votes
0
answers
177
views
Prevent EC2 User from Seeing AWS Secrets and Credentials
Preface:
I use a windows EC2 instance with a role attached that allows it access to specific AWS Secrets Manager secrets. We never use access keys directly. The app running on the instance needs to be ...
11
votes
2
answers
2k
views
What is a secure and user-friendly way to provide only a few users access to web app on Amazon EC2?
Situation
We have a web app hosted on Amazon EC2. It's intended to be used only by a few users in a company.
How we're dealing with this
We share the (Elastic) IP address of the instance with the ...
0
votes
1
answer
312
views
How to set AWS EC2 security group to allow SSH from all computers connected to 2 different home networks?
I have a Verizon router and a AT&T router at home and multiple computers that are connected to one of the two routers. I just started a free tier AWS EC2 Ubuntu server and would like to set its ...
0
votes
1
answer
1k
views
AWS IAM policy to allow user to edit one specific Security Group only
I'm trying to allow a user to modify inbound rules on one particular security group.
Here's what I tried. I thought it would be straight forward, but this doesn't work. What other permissions do I ...
0
votes
1
answer
403
views
AWS - Unable to access console - Not receiving MFA SMS codes
I am receiving SMS messages from other senders.
However, I am not receiving any SMS codes when I try to login to the AWS console and it indicates that it is sending them to me.
There is no AWS support ...
-2
votes
2
answers
161
views
Securing an AWS ALB
Hi everybody I’m relatively new to AWS web services and I’m struggling to secure an ALB. My web page works in a simple way there’s an api gateway where the methods are defined, then I have a ALB that ...
4
votes
1
answer
1k
views
Is it secure for the path between CloudFront and EC2 to be over HTTP?
I have a CloudFront distribution set up where the user connects to my domain via the CloudFront distribution and it determines if their request goes to my S3 bucket or my EC2 instance.
In this case, ...
6
votes
1
answer
9k
views
How to specify an IP range in a Security Group inbound rule?
How do I specify an address range? I get a cryptic error every time I try to do so.
According to whois, my ISP'S address range is 98.0.0.0 - 98.15.255.255. The error given is: "The source needs to ...
5
votes
2
answers
1k
views
LibSSH authentication bypass
With the recent security announcement by libssh (CVE-2018-10933) I wonder how to find out if any of my running services use the vulnerable library? I will eventually yum upgrade the system but for now ...
3
votes
1
answer
653
views
Is it safe to expose an AWS instance ID?
Context: My company has private API that we only expose to our our employees and vendors who need access to it. That being said there are a few parts of it that don't require login to view, namely the ...
0
votes
2
answers
930
views
AWS EC2 instance access best practices
I created an AWS EC2 instance and shared the .pem (common .pem file for every user) file with multiple employees in the company. Some of them are resigned now. I am afraid that they will access the ...
4
votes
1
answer
3k
views
Putting sensitive credentials into userdata attribute of AWS instance
I'm injecting sensitive credentials into userdata and not sure if this is safe.
I'm using the userdata attribute to run a script that joins the instance to a domain when it comes online
And passing ...