Discover and read the best of Twitter Threads about #vpc

Most recents (3)

Highlights from chasing an attacker in #AWS this week:

Initial lead: custom alert using #CloudTrail
- SSH keygen from weird source
IP enrichment helped
Historical context for IAM user, "this isn't normal"
#GuardDuty was not initial lead
- Did have LOW sev high vol alerts
Attacker tradecraft:
- Made ingress rules on sec groups that allowed any access to anything in VPC
- Interesting API calls: > 300 AuthorizeSecurityGroupIngress calls
- Spun up new ec2 instance likely to persist
- Mostly recon - "What policy permissions does this IAM user have?"
Orchestration was super helpful. We bring our own.

For any AWS alert we auto acquire:
- Interesting API calls (anything that isn't Get*, List*, Describe*)
- List of assumed roles (+ failures)
- AWS services touched user user/role
- Gave us answers, fast
Read 4 tweets
Hey all, I’m doing a weekly twitter standup, mostly for myself. But if you or anyone else would like to join, feel free to ping me. I’m thinking a weekly basis won’t be too time consuming. Pick a day of the week, and I’ll @ you to remind you. #weeklytwitterstandup
Did last week:
✅ finally built script to track usage of my servers. It’s a python script uploaded to AWS lambda. The script pings my half-dozen servers for data usage and writes the data onto 1) a MySQL server hosted on AWS RDS, 2) BigQuery database, and 3) google sheets
✅ built a dashboard on server usage data using Tableau public. I now have the dashboard scrolling on my Life Flips app.
Read 31 tweets
Preparing for AWS exams?
Read this thread:
The user can configure SQS, which will decouple the call between the EC2 application and S3. Thus, the application does not keep waiting for S3 to provide the data.
Auto Scaling enables you to follow the demand curve for your applications closely, reducing the need to manually provision Amazon EC2 capacity in advance.
Read 554 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!