In this post, we’ll see how we can update EC2 Launch Template of an autoscaling group to deploy new code. Our application code and deployment playbook will be stored in a CodeCommit repository and any commit in this repo will triger an Image Builder pipeline which will create the new…

In this post, we’ll see how we can block Cross Site Scripting(XSS) attacks with AWS WAF. We’ll use OWASP Juice Shop application which is a vulnerable web applicaton and how we can exploit it and protect it with AWS WAF. Reference: https://medium.com/@neelampawar/tutorial-3-setup-web-application-security-protection-and-detection-lab-in-google-cloud-8d40962dd756 Step 1: Launch an EC2 instance with Amazon…

In this post, we’ll see how we can prevent a resource, conditionally created by Terraform from getting deleted. Step 1: Create 2 files named main.tf and variables.tf with following content: main.tf resource "aws_s3_bucket" "bucket1" { bucket = "test-bucket-19892" count = var.s3 ? 1 : 0 lifecycle { prevent_destroy = true …

In this post, we’ll see how we can setup a multi region internal application using Private ALB and Route53. Prerequisite: You need to have 2 VPCs in 2 different regions with a non-overlapping CIDR range and at least 2 private subnets in each of them. …

In this post, we’ll see how we to setup a Private AWS API Gateway which allows 2 VPCs to access a private ALB running in both the VPCs. Prerequisite: 2 VPCs with at least 2 private subnets in the same region. Step 1: Create 1 instance with Amazon Linux 2…

Recently AWS announced support for Port Forwarding to Remote Hosts using Session Manager. In this post, we’ll see how we can use this feature to connect to a remote host via a Syster manager managed instance. Reference: https://aws.amazon.com/about-aws/whats-new/2022/05/aws-systems-manager-support-port-forwarding-remote-hosts-using-session-manager/ Step 1: Launch an instance with Amazon Linux 2 AMI. System manager…

Recently we had a requirement to allow our developers to query secrets stored in parameter store. Since most of them do not have AWS credentials and we didn’t want to create/manage so many users for such a simple requirement, we decided to create an API endpoint which they can use…

Recently we had a requirement to setup basic auth on one of our public facing URL which was getting served by a Nginx server, running behind an ALB. We also wanted to restrict failed login attempts so we decided to use fail2ban. …

In this post, we’ll see how we can use Transit Gateway as single exit point For internet And VPC endpoints access. Reference: https://aws.amazon.com/blogs/networking-and-content-delivery/creating-a-single-internet-exit-point-from-multiple-vpcs-using-aws-transit-gateway/ Integrating AWS Transit Gateway with AWS PrivateLink and Amazon Route 53 Resolver | Amazon Web… I want to take some time to dive more deeply into a use case outlined in NET301 Best Practices for AWS PrivateLink. The…aws.amazon.com