Posts in AWS

Pagerduty Cloudwatch integration

It is possible to send your own custom payload to the Pagerduty Cloudwatch integration from a Lambda (instead of via a Cloudwatch alarm). Pagerduty does not document the internals but if you publish a custom message to the SNS topic that you have a HTTPS subscription to Pager duty following these simple rules you will see the event in Pagerduty.

Read more ...


Send payload to AWS Lambda from Cloudwatch scheduled event

How to send payload to AWS Lambda from Cloudwatch scheduled event.

Read more ...


Demystifying AWS IAM Policies: Unraveling De Morgan’s Laws and S3 Buckets Policy

As of September 2021 You will now get error messages that detail the source of a IAM access block for the following policy types:

Read more ...


Trust on Cloud AWS S3 Threat Model

Trust on Cloud have open sourced their AWS S3 threat model, this release is a great tool to make sense of the “shared responsibility model” and what “responsibility” means for AWS customers.

Read more ...


Monitoring VPN / Direct Connect Connectivity

In an on premise network it is typical to do some type of topology discovery via the MIB-II SNMP tables of all your network gear and then use ICMP to ping each of the discovered routers or switches respective management interfaces to validate connectivity and contribute to intelligence when parts of the network go dark and speed up root cause analysis.

Read more ...


Running Amazon Linux 2 on prem on VMware

There is no default ec2-user or root password set for the Amazon Linux 2 ova. You must use cloud-init via it’s nocloud datasource

Read more ...


Error: The maximum number of rules per security group has been reached

How to deal with the error: “The maximum number of rules per security group has been reached.”

Read more ...


AWS Sagegemaker Jupyter Notebook

I wanted to upgrade the version of pandas that comes with AWS Sagemaker Notebook to > 1.1 because this simplify handling of group by with null or NaN values.

Read more ...


OSS logstash with AWS Opendistro for Elasticsearch

To get logstash talking to the Open Distro Elasticsearch the first thing that should be understood is that open distro only works with the OSS (Apache 2.0 Licensed) edition of the Elastic tools and not the Elastic licensed edition (Xpack).

Read more ...


SES Email client for S3

You can conveniently browse the SES mail in S3 using this tool

Read more ...


Logstash ingestion of AWS billing customer usage reports

To get the CUR reports into elastic search:

Read more ...


IAM resource based policy implicit allow

Resource policy are typically used to allow cross account access for resources where it is supported some of which include:

Read more ...


AWS Boto KeyError endpoint_resolver in session.py when using multithreading

When using multithreading in Python with AWS boto to get a session I was randomly hitting this error:

Read more ...


Route 53 Associate multiple private hosted zones with same name

Can I associate multiple private hosted zones with the same domain name to the same VPC?

Read more ...


CloudTrail and VPC Endpoints Logging

Today I learnt that AWS CloudTrail does not log requests that are denied by VPC endpoint policy. The reason for this is that it would allow an attacker to exfiltrate data via CloudTrail and the VPC endpoint outside of the VPC! (For example by sending lots of requests with data you want to extract in the request fields)

Read more ...


Cloudwatch Loginsights handy queries

Find all requests matching URL

Read more ...


Cloudformation: Provided Load Balancers may not be valid. Please ensure they exist and try again

Spent too much time troubleshooting the following error but I happy to find the solution for this error:

Read more ...


Introducing X-ENI or Cross Account ENI

Stumbled on an interesting new feature based on a commit in the AWS .net SDK which may have been released early.

Read more ...