The Open Policy Agent (OPA) is an open source high-level declarative language that let’s you specify policy as code and simple APIs to offload policy decision-making from your software. In this article we are going to review s3 opa terraform example OPA can be used during deployment of your IaC code or CICD pipeline. refer […]
Category: AWS
AWS general solutions
Create IAM policies using AWS Lambda
In this article let’s look into how we can Create IAM policies using AWS Lambda and attach it to an existing IAM role during deployment using terraform. Imagine a scenario where you are working in a multi AWS account environment and the lambda in the main account needs permissions on other accounts ( for assuming […]
Don’t miss CloudWatch log group permissions
CloudWatch log group permissions are required in order for the log groups to receive events from a sources such as Cloud Watch Event rule. these permissions are added automatically when you create log groups using AWS Console. However when we use terraform to automate the process, these permissions should be added separately otherwise your log […]
AWS Lambda to update SES bounce notification Topics
AWS Lambda to update SES bounce notification : If you are using AWS SES ( Simple Email Service ) to send out emails to your customers, partners through your cloud applications, over the time you may come across bounce email issue which need to be resolved immediately. I advise you to prepare for the worst […]
Security Hub findings – fake EC2 instance i-99999999
If you ever come across a findings as shown below in your Security Hub console with random EC2 instance i-99999999, read on. This is how Security Hub shows the sample findings which could be misleading if you are not aware of Guard Duty sample findings that are generated from your account. the instance id EC2 […]
AWS Security Hub overview
AWS Security Hub gives you a comprehensive view of your high-priority security alerts and security posture across your AWS accounts, refer to this Amazon documentation to understand more about the service. From my general understanding and experience and what I have gathered from different sources of Amazon documentation, here is main points to remember. Pre-requisite […]
Multiple Terraform providers and dynamic lookup
Multiple Terraform providers are helpful when you are working with multiple accounts (AWS) or working on a solution that spans across multiple accounts. You need an efficient way of defining Multiple Terraform providers to be able to lookup each provider dynamically. Following example uses terraform modules , refer to this article to understand how terraform […]
COVID tracking API in AWS using AWS Lambda.
COVID tracking API in AWS : One of the common use cases you would come across as an AWS developer very often is consuming data from an API ( external / internal ) from a Lambda and then save the data into either a S3 bucket or one of the AWS data stores. In this […]
Amazon GuardDuty multi account threat detection solution.
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads, read more about the service on Amazon documentation . we are going to look into how to implement Amazon GuardDuty multi account solution using terraform scripts. Let’s look into a read world […]
Terraform providers and modules
When we are working with terraform to create cloud infrastructure, one of the common use case is dealing with multiple terraform providers ( accounts, or entirely different providers). For example it may be a simple case of creating a S3 bucket in account A with cross account permissions and create the IAM role in account […]