Author Archives: anuj - Page 22
AWS NACLs vs Security Groups
Use Case — A single public subnet, multiple private subnets in AWS Access to all private subnet instances is via instances in the public subnet. Say you have a bastion host in…
VPC Logs in GCP (or AWS) and IP Addresses
This content is password protected. To view it please enter your password below: Password:
Google Cloud KMS FAQ
What is Envelope Encryption? Cloud KMS generates a key called the KEK (key encrypting key). This key DOES NOT encrypt your payload data. It just encrypts the key that is…
Cloud Monitoring on GCP
Also read Logging in GCP Cloud Monitoring collects metrics, events, and metadata from Google Cloud and applications hosted on GCP. GCP provides several built in metrics What about ALERTING and…
Public Access and Cloud Storage
Public Access to Storage Buckets Regardless of the ACL settings (uniform bucket access), disabling public access will disallow content to be READ from the bucket. This means, that no website…
MFA for IAM Users, Service Accounts and CLI Access
Do you need MFA on your IAM User accounts? What about Service Accounts or IAM users used for CLI access only? It depends on what the user account is used…
Metadata Access Disabled
Also read, metadata on GCP Compute Engine and IP Addressing on Compute Engine VMs Overview Metadata (of an EC2 instance) can contain access key and secrets. This is all that…
Why Service Accounts are a superior way to do Firewalls in GCP
Also read NACLS on AWS and GCP Equivalents The Problem Statement Configuring and managing IP-based firewall rules is a complex and manual process that can lead to unauthorized access if…
Redshift Security – Securing Redshift Data Warehouses on AWS ( and some parallels on GCP)
Securing Redshift Clusters on AWS Some common issues around securing redshift clusters are described in this post. 1. Redshift cluster - Is the cluster in a single account or across…
Why use a Customer Managed Key on AWS or GCP?
Why use a CMK on AWS ( a CMEK on GCP) at all, when the Cloud Provider managed keys will perform the same task? That's a question a lot of…