Learn Cloud Security
Page 7 of 13
Allowing non AWS workloads to access AWS services using AWS IAM Roles Anywhere
AWS IAM Roles Anywhere is a feature that allows non AWS workloads (servers, containers, apps etc.) to obtain temporary security credentials in IAM. These workloads can use the same IAM policies and IAM roles that AWS compute resources use with AWS applications to access AWS cloud.
How to update IMDSv1 to more secure IMDSv2 on AWS
Having IMDSv1 enabled on your instances allows attackers to use vulnerabilities like SSRF to gain access to sensitive information of your instances. In this article we will walk through the steps to update an EC2 instance from IMDSv1 to IMDSv2 using AWS CLI.
How to Enable MFA for AWS Root User (Console + CLI)
Step-by-step guide to enabling multi-factor authentication on your AWS root account. Covers virtual MFA device setup, hardware keys, and why root MFA is the
How to remove AWS Root user access keys
Having an access key for the Root user poses the risk of being misused or stolen, since this user has unrestricted access in the account. If your Root user also has access keys that you would like to remove, here is a step-by-step guide to do so.
Restricting access to Elasticsearch/Opensearch service
Elasticsearch/OpenSearch domains that are not required to be openly accessible should be created without a public endpoint to prevent arbitrary public access to the domain.
Enforce SSL/TLS for all incoming connections on CloudSQL Database Instances
Unencrypted database connections allow attackers on the network to perform man-in-the-middle attacks that can be used to steal information and even modify data. In this article we will take a quick look at how to enable encryption for incoming connections on CloudSQL databases.
How to enable Prevent Password Reuse policy in AWS
Prevent password reuse policy can be easily enabled in AWS. This helps in preventing users from reusing their old passwords after expiry or when password change operations are performed. This article provides a step by step walkthrough of how you can enable Prevent Password Reuse policy on AWS, both in video and text for your preferred medium of learning.
How to restrict access to public Cloud SQL database instances
Publicly exposed database instances can attract a lot of brute force attacks and may lead to a compromise of the database as well. If a database requires a public IP address, then one must make sure to restrict the public access to only trusted IP addresses.
Migrating an unencrypted RDS database to an encrypted one
Encrypting data at rest is a security best practice. RDS instances must also be encrypted. If you have an existing unencrypted RDS instance, this article will guide you on how you can migrate it to an encrypted one.
How to restrict access to your publicly accessible RDS Instance
Exposing AWS RDS database instances to the internet is generally a bad security practice since it contains data meant to be consumed by specific instances only. If that is the case for you as well, follow this article to see how you can restrict access to your RDS Instances.
Restricting access to your RDS snapshots
Public AWS RDS database snapshots are accessible to any AWS user. If you have created a public RDS snapshot that may contain sensitive or private information and would like to change it to a private snapshot, follow this step-by-step guide.
How to Encrypt AWS EBS Volume
EBS volumes are not encrypted by default. Encrypting these adds a layer of security to the data stored on it.