AWS Secrets Manager is a service that replaces secret credentials in the code like passwords,
Razorops, Inc.的动态
最相关的动态
-
Signing CSRs with AWS KMS For certain high-security use cases, the strong cryptographic capabilities of AWS Key Management Service (KMS) are required to generate and store asymmetric keys, as well as use them to sign certificate signing requests (CSRs). AWS KMS leverages FIPS 140-2 Level 3 validated hardware security modules (HSMs) to protect the KMS keys. I have open-sourced a utility that enables you to create CSRs signed by AWS KMS asymmetric keys. https://lnkd.in/guWfqqQp
GitHub - aws-samples/csr-signing-using-kms
github.com
-
If you’re using tools like GitHub to interact with your AWS account you should not be storing IAM access keys in your GitHub account. It’s easy to use Open ID Connect (OIDC) and the article below shows how. With OIDC you setup an IAM Role in your AWS account and then setup a trust relationship for it making it work specifically with a GitHub account and repo, or optionally even a branch. When GItHub needs to perform operations in your AWS account it assumes this IAM Role and gets temporary credentials to do its work. If security issues arise you can just get rid of the role in your AWS account and that is all you need to do. This works with other tools that interact with your AWS as well. Here KennyAngJY shows how to set this up. https://lnkd.in/ew-3QQMs
Hard coding your AWS access keys in GitLab or GitHub variables? There’s a better way
medium.com
-
Lead DevOps Specialist at HclTech | Ex Accenture (AWS, Kubernetes-AWS EKS, Jenkins, Terraform, Python3, Boto3, Ansible CICD, CFT, Github)
AWS security group rule creation dynamically by Terraform. Easy to use logic. I've used many application so far and detailed rule creation logs...
Lab : how to create aws security group rule using terraform loop | security group rule by terraform
https://www.youtube.com/
-
DevOps | Kubernetes | Docker | linux |Terraform | Argo cd | Jenkins | Git $ Github | Github actions |Ansible | python | Grafana | AWS | Agile | Jira
WHAT IS STATE FILE IN TERRAFORM AND ITS GOOD PRACTICES >>>A Terraform state file is a JSON-formatted file that stores the current configuration of your infrastructure. It acts as a central source of truth for Terraform, tracking the resources that have been created, their attributes, and their dependencies. (e.g State file can store the all details of aws infrastructure . what we create s3 ,EC2 ip address configuration etc all details about the configurated aws account. ) >>>>By default, Terraform stores the state file in the current working directory as terraform.tfstate. BEST PRACTICE OF TERRAFORM:- >>you should not store the state file in local system because there is high change of data loss and security breach. >>>It is not a good idea to store state file in source control . because its a ricky thing if anybody modified or try to use the state file at a time state file make corrupt or date loss will happen. >>>DO not manipulate the state file manually. because it cannot reflect in actual aws console. >>>the best way to store the state is to isolate and organize the state files to reduce the blast radius . (Store the state file in a remote backend like S3, DynamoDB, or Consul. This centralizes the state and makes it accessible from multiple machines.) using this we can do state file locking and versioning so it is the best and ideal way to store the state file . #STATE FILE #TERRAFORM #DEVOPS
-
-
?? New article on Medium! ?? I'm excited to share my first article: "Securing Credentials in Automatic Deployments to AWS Lambda: Using GitHub Secrets". In this piece, I dive into the importance of managing API keys and other sensitive information securely when deploying applications to AWS Lambda. I also explore how using GitHub Secrets can streamline the deployment process while enhancing security. ?? Whether you're automating deployments with GitHub Actions, this guide offers actionable insights to keep your credentials safe. Thank you! #SpringBoot #AWSLambda #GitHubActions
Securing Credentials in Automatic Deployments to AWS Lambda: Using GitHub Secrets
link.medium.com
-
Managing secure access to AWS resources has always been a major concern in EKS and a headache for cluster administrators. IRSAs (IAM Roles for Service Accounts), which we’ve covered in detail in this blog, have been very useful in facilitating this process since their introduction in 2019, but had many limitations and required significant configuration and maintenance effort. Then, AWS introduced EKS Pod Identity at the end of 2023, which was a major step forward in simplifying and improving this process. This article looks at what EKS Pod Identity is, how it works and why it’s a game-changer for Kubernetes developers and administrators. https://lnkd.in/ebaGsF4S
EKS Pod Identity or IAM Roles for Service Accounts (IRSA)??
awsmorocco.com
-
Just finished the course “AWS for Developers: Identity Access Management (IAM)” #amazonwebservices #identityandaccessmanagement.
Certificate of Completion
linkedin.com
-
How an empty S3 bucket can make your AWS bill explode. A software engineer recently faced a surprising $1,300 AWS bill due to approximately 100 million S3 PUT requests made against their empty S3 bucket within a single day. An investigation uncovered that a widely-used open-source tool had a default configuration which used an identical bucket name as a placeholder. This caused every deployment of the tool to attempt storing backups in the engineer's bucket. AWS charges for unauthorized or failed S3 requests, and requests without a specified region default to us-east-1, leading to additional costs for the bucket owner. Essentially, if a malicious actor can guess or discover a bucket name, even if it's private and set to "requester pays", it's possible to generate a form of "financial DDOS" by spamming the bucket with high-frequency requests that will fail with a 403 error code. However, Chief AWS Evangelist Jeff Barr weighed in: they're aware of the issue and working on a fix. ? https://lnkd.in/gVRhP7Tt
-
