Review: Amazon GuardDuty Malware Protection for S3
cloudonaut | Launchpad for Amazon Web Services
by
3w ago
Imagine users uploading attachments directly to S3 to share them with other users. Or partners uploading data to your S3 bucket to trigger business processes that download directly from S3. What could go wrong? A file uploaded to S3 could be infected. Malware, like a virus or ransomware is a cyber security threat first seen in 1971. Since then, the number of different types of malware has exploded. It is common practice to scan all files that enter (and sometimes leave) your security perimeter, usually your corporate network, by inspecting network traffic. Additionally, many corporations insta ..read more
Visit website
How to write unit tests when using the AWS JavaScript SDK v3?
cloudonaut | Launchpad for Amazon Web Services
by
1M ago
Writing unit tests for code that interacts with the AWS JavaScript SDK v3 comes with two major benefits. Obviously, writing unit tests ensures you catch bugs early and therefore increase the quality of your code. Also, writing unit tests enables you to run your code locally without the need to reach out to the AWS service APIs. But how do you write unit tests for code interacting with the AWS JavaScript SDK v3? In the following, I will share my learnings from writing unit tests by using aws-sdk-client-mock by Maciej Radzikowski. aws-sdk-client-mock is simple to use! Let’s start with a simple ..read more
Visit website
Tidying up after failed Terraform tests
cloudonaut | Launchpad for Amazon Web Services
by
2M ago
Automated tests are making their way into Infrastructure as Code projects. Recently, I’ve implemented tests with Terraform’s test framework which was released in October 2023. However, I ran into the issue that Terraform could not remove all AWS resources at the end of the test under rare circumstances. The problem and solution discussed in the following also apply to OpenTofu. Here is the typical message that terraform test will print out in case cleaning up all the resources fails. Terraform left the following resources in state after executingtests/default.tftest.hcl/execute, and the ..read more
Visit website
How to monetize an API on AWS?
cloudonaut | Launchpad for Amazon Web Services
by
2M ago
Did you develop an API and want to sell access? Here is how I combined Amazon’s API Gateway (REST APIs) and FastSpring, a payment and subscription platform, to monetize our API for malware scanning. Luckily, you can apply the pattern to any REST API. The problem: payments, subscription, and access control I’m building a WordPress plugin to protect blogs from malware. Whenever an editor uploads a new attachment, the plugin sends the file to our API, which scans it for malware. The infrastructure consists of an Application Load Balancer (ALB) and EC2 instances running the malware engine. So, ho ..read more
Visit website
Cleaning up AMIs
cloudonaut | Launchpad for Amazon Web Services
by
2M ago
Costs are like fingernails. You have to cut them constantly. When working with AWS, cleaning up unused resources is crucial. Otherwise, you will end up with a steadily growing AWS bill and waste money. Do you build AMIs automatically, for example, with Packer? Learn how to automatically clean up unused AMIs to reduce EBS storage consumption and costs. About a year ago, the tool we used to remove unused AMIs stopped working. As we could not find a working alternative, we started the project aws-amicleaner. How does the aws-amicleaner command line tool work? Include AMIs by name or tag. Exclud ..read more
Visit website
How to reduce costs for GitHub Actions?
cloudonaut | Launchpad for Amazon Web Services
by
5M ago
GitHub Actions is my favorite CI/CD solution. Over the past year, I gradually switched all projects from CodePipeline to GitHub Actions. To this day, I enjoy the smooth user experience. However, GitHub-hosted runners quickly become a big item on GitHub’s monthly bill. That’s why I will share how to reduce costs for GitHub Actions with Octolense by Sandro Volpicella and HyperEnv for GitHub Actions Runner made by Michael and me in the following. Do you prefer watching a video instead of reading? Here you go! JavaScript is disabled. Please visit YouTube.com to watch the video. Get insights in ..read more
Visit website
KMS Key Policy Privilege Escalation
cloudonaut | Launchpad for Amazon Web Services
by
6M ago
Encrypting data at rest is a widespread best practice on AWS. In 2019, Werner Vogels set the tone with his motivational slogan, “Dance like nobody’s watching. Encrypt like everyone is!”. AWS shipped the ability to encrypt data at rest for almost all its services. Many services use the AWS Key Management Service (KMS) to handle the keys for server-side encryption. KMS provides default keys, which are very simple to use, and customer-managed keys with an extra authorization layer. Are you defining key policies to strictly restrict access to customer-managed keys? Then, the following will blow yo ..read more
Visit website
Connect GitHub Actions with AWS VPC
cloudonaut | Launchpad for Amazon Web Services
by
6M ago
GitHub Actions is my preferred CI/CD solution. I’m using GitHub Actions to build and deploy applications on AWS. However, GitHub Actions does not have access to private subnets, which is required in the following scenarios: Execute database migrations for RDS (Relational Database Service). Run load or integration tests against internal ALBs or NLBs (Elastic Load Balancing). Seed ElasticSearch, OpenSearch, or ElastiCache with data. In the following, I will demonstrate how to access a VPC (Virtual Private Cloud) from GitHub Actions with the help of HyperEnv for GitHub Actions Runner, a soluti ..read more
Visit website
Protect Amazon Connect from viruses and malware by scanning attachments
cloudonaut | Launchpad for Amazon Web Services
by
8M ago
Four years ago, we stumbled into Amazon Connect. In essence, Amazon Connect allows your users to reach your organization represented by agents via phone or chat. While chatting, Amazon Connect allows users and agents to upload attachments. For many years, there was no good solution to ensure those files were malware-free. Given that anonymous users can start Amazon Connect chats, that’s quite scary. Lucky us, Amazon Connect just released a feature that enables scanning of attachments for malware. You might think: “Great, Amazon Connect scans all files from now on”. But no, Amazon Connect enabl ..read more
Visit website
Worldwide availability of EC2 instance types
cloudonaut | Launchpad for Amazon Web Services
by
8M ago
The promise sounds tempting; with AWS, you can roll out your infrastructure in 28 regions worldwide. Indeed, it is an eye-opening moment when rolling out the same infrastructure into multiple regions to serve users in different parts of the world. However, a few stumbling blocks exist when rolling out an application to every available region. I’ve recently stumbled upon one of them when working on bucketAV. Currently, EC2 provides 761 instance types grouped into 116 instance families. But not all of these instance families are available in every region. Here are some interesting facts. 4 Thin ..read more
Visit website

Follow cloudonaut | Launchpad for Amazon Web Services on FeedSpot

Continue with Google
Continue with Apple
OR