Archives for AWS - Page 2
Rubric IAM and AWS IAM
Create a CrossAccount IAM role, with the specific permissions required to protect and recover Amazon EC2 and Amazon EBS, in the specified customer account. Grant the Rubrik AWS account access…
VPC Peering versus Private Service Connect
This content is password protected. To view it please enter your password below: Password:
When multiple direct routes exist
Say we have an ec2 instance within a private subnet on AWS (or GCP). Let us also say that there are two potential ways for it to access an AWS…
Site to Site VPN – Alert on Connection Dropped
To create an alarm for Site-to-Site VPN connection state Open the CloudWatch console at In the navigation pane, choose Alarms, Create alarm. Choose Select metric. Choose VPN, then choose VPN Connection Metrics. Select your Site-to-Site…
AWS NACLs vs Security Groups
Use Case — A single public subnet, multiple private subnets in AWS Access to all private subnet instances is via instances in the public subnet. Say you have a bastion host in…
VPC Logs in GCP (or AWS) and IP Addresses
This content is password protected. To view it please enter your password below: Password:
MFA for IAM Users, Service Accounts and CLI Access
Do you need MFA on your IAM User accounts? What about Service Accounts or IAM users used for CLI access only? It depends on what the user account is used…
Metadata Access Disabled
Also read, metadata on GCP Compute Engine and IP Addressing on Compute Engine VMs Overview Metadata (of an EC2 instance) can contain access key and secrets. This is all that…
Redshift Security – Securing Redshift Data Warehouses on AWS ( and some parallels on GCP)
Securing Redshift Clusters on AWS Some common issues around securing redshift clusters are described in this post. 1. Redshift cluster - Is the cluster in a single account or across…
Why use a Customer Managed Key on AWS or GCP?
Why use a CMK on AWS ( a CMEK on GCP) at all, when the Cloud Provider managed keys will perform the same task? That's a question a lot of…