Open Policy Agent policies -s3 opa terraform example

The Open Policy Agent (OPA) is an open source high-level declarative language that let’s you specify policy as code and simple APIs to offload policy decision-making from your software. In this article we are going to review s3 opa terraform example OPA can be used during deployment of your IaC code or CICD pipeline. refer […]

Create IAM policies using AWS Lambda

In this article let’s look into how we can Create IAM policies using AWS Lambda and attach it to an existing IAM role during deployment using terraform. Imagine a scenario where you are working in a multi AWS account environment and the lambda in the main account needs permissions on other accounts ( for assuming […]

Don’t miss CloudWatch log group permissions

CloudWatch log group permissions are required in order for the log groups to receive events from a sources such as Cloud Watch Event rule. these permissions are added automatically when you create log groups using AWS Console. However when we use terraform to automate the process, these permissions should be added separately otherwise your log […]

AWS Lambda to update SES bounce notification Topics

AWS Lambda to update SES bounce notification : If you are using AWS SES ( Simple Email Service ) to send out emails to your customers, partners through your cloud applications, over the time you may come across bounce email issue which need to be resolved immediately. I advise you to prepare for the worst […]

Security Hub findings – fake EC2 instance i-99999999

If you ever come across a findings as shown below in your Security Hub console with random EC2 instance i-99999999, read on. This is how Security Hub shows the sample findings which could be misleading if you are not aware of Guard Duty sample findings that are generated from your account. the instance id EC2 […]

AWS Security Hub overview

AWS Security Hub gives you a comprehensive view of your high-priority security alerts and security posture across your AWS accounts, refer to this Amazon documentation to understand more about the service. From my general understanding and experience and what I have gathered from different sources of Amazon documentation, here is main points to remember. Pre-requisite […]

Multiple Terraform providers and dynamic lookup

Multiple Terraform providers are helpful when you are working with multiple accounts (AWS) or working on a solution that spans across multiple accounts. You need an efficient way of defining Multiple Terraform providers to be able to lookup each provider dynamically. Following example uses terraform modules , refer to this article to understand how terraform […]

Amazon GuardDuty multi account threat detection solution.

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads, read more about the service on Amazon documentation . we are going to look into how to implement Amazon GuardDuty multi account solution using terraform scripts. Let’s look into a read world […]