DEV Community: Ariel Coba

Send Event Notifications from MongoDB Trigger to AWS Eventbridge

Ariel Coba — Thu, 12 Jan 2023 06:02:56 +0000

Introduction

What if you want to record any action performed in your database and send an SMS notification to your Smart device? You'll see this great approach that I've performed just for fun :).

MongoDB Side

Create MongoDB Trigger

Go to your MongoDB Atlas Cluster and Add a new Trigger

Select Database as Trigger Type, enter a name for your trigger and link a data source to itP:

Select your Cluster, Database, Collection Names and the operations you want to fire up the trigger:

Select EventBridge as Event Type, Enter your AWS Account ID and Region:

AWS Side

Let's go to Amazon EventBridge>Partner event sources and you'll see the Event Source added after creating the trigger within MongoDB, now we have to associate this event

You can use the default options while associating this event source:

You'll see the event in Active state after this process:

Now, let's go to Rules, Select the Event Bus already created from the drown dop list and create a rule:

Let's put a name to this rule and use the default options in section 1:

Go to Event Pattern in Section 2 and select the options from the image below:

In section 3, use AWS Service as target type, in target you can use any option you want but, in this example, I'll be using SNS Topic:

Open a new tab from your browser for your AWS Console and got to SNS (Simple Notification Service):

Enter a display for this SNS and leave the other options as default:

Now, let's create a subscription:

Select your topic ARN already created SMS as protocol and select your phone number from the list.

After selecting your target and SNS Topic, you can click on Next and Create your Rule:

After creating your rule, we can go back to our MongoDB Atlas Cluster and perform a test by removing a document:

I've got my notification via SMS that a document was deleted, this is working!

I hope you find this information helpful, if you have any issues, comments or feedback shoot me a comment.

Have a good one community!

Amazon S3 now automatically encrypts all new objects!

Ariel Coba — Thu, 12 Jan 2023 05:20:54 +0000

Introduction

What a great news from amazon, now every object you upload to your S3 Bucket will be encrypted by default!! Adding another extra layer of security to your data which is the most important and expense thing in any Information System.

Amazon S3 now automatically applies S3 managed server-side encryption (SSE-S3) as a base level of encryption to all new objects added to S3, at no additional cost and with no impact on performance. SSE-S3 uses 256-bit Advanced Encryption Standard and has been configured for trillions of objects by customers. This new base level of encryption helps customers meet their encryption requirements, with no changes to applications. Alternatively, customers can still choose to update this default configuration using customer-provided encryption keys (SSE-C) or AWS Key Management Service keys (SSE-KMS).

Since 2017, customers have used the S3 Default Encryption feature to apply a base level of encryption for every object added to their buckets. S3 Default Encryption is an optional bucket-level setting that customers use to establish a default level of encryption. With this update, Amazon S3 will automatically apply SSE-S3 as the base level of Default Encryption setting for all new buckets and for existing buckets without any customer configured encryption setting. Existing buckets currently using S3 Default Encryption configuration will not change. Customers can continue to update the Default Encryption configuration but can no longer remove this setting from any S3 bucket to disable automatic encryption on new objects. As a result, all new data uploaded to S3 will be encrypted at rest.

The automatic encryption status for new object uploads and S3 Default Encryption configuration is available in AWS CloudTrail logs. Over the next few weeks, this status will begin to show in the S3 management console, S3 Inventory, S3 Storage Lens, and as an additional S3 API header in the AWS CLI and AWS SDK. We will update the S3 documentation once this additional information is available in all AWS Regions. This update is available in all AWS Regions, including the AWS GovCloud (US) Regions and AWS China Regions. For detailed information on the expected experience, see the AWS News Blog post for this new base level of encryption or visit the Amazon S3 encryption documentation.

References
Amazon S3 now automatically encrypts all new objects

AWS Create Bastion Host to communicate with your Private Subnet

Ariel Coba — Wed, 11 Jan 2023 20:08:11 +0000

Note: This is my first blog post, any recommendations and feedback would be appreciated.

Introduction

Bastion Host - A bastion host is a specialized computer that is deliberately exposed on a public network. From a secured network perspective, it is the only node exposed to the outside world and is therefore very prone to attack.

The bastion host processes and filters all incoming traffic and prevents malicious traffic from entering the network, acting much like a gateway. The most common examples of bastion hosts are mail, domain name system, Web and File Transfer Protocol (FTP) servers.

In this post, I will be demonstrating how to configure a VPC in order to communicate two EC2 Instances (One acting as a bastion host and the other one inside a private network).

Creating VPC

First Let's start Creating a simple VPC:

You can use any name or CIDR you want.

Creating Subnets

Let's select our VPC (Created in last step):

Let's create two subnets, one for the public subnet and the other one for the private subnet.

Let's edit the Public Subnet Already created and Check "Enable auto-assign public IPv4 address"

Creating Routing Tables

Route Table for Public Subnet

Route Table for Private Subnet

Edit route table associations so we can add these route tables already created to our subnets:

Creating Internet Gateway

Now, We need to create an Internet gateway in order to provide internet access to our Bastion Host

Then, we need to attach this Internet Gateway to our VPC (myDemoVpc)

Add a Route to this Internet Gateway already attached

Note: This Route must to be added ONLY to our public subnet route table as we're simulating a connection from our bastion host to a private subnet which can contains a database or a server with sensitive data or any other information that must be remain private and cannot reach the internet.

Creating EC2 Instances

Let's start creating our Bastion Host and test connectivity trough the internet:

Let's go to the Network Settings Section and Click on Edit to select the options marked

Testing Connectivity

Select our instance previously created and click on Connect

We have internet access in our Bastion Host:

Creating EC2 Instance in Private Subnet

Let's go now to the Network Settings Section and Click on Edit to select the options marked

Note: To Add a layer of extra security, I've only provided access through SSH to Bastion Host Security Group as well added ICMP - IPv4 rule to test connectivity.

Testing Final Connectivity

After Created the EC2 Private instance, let's test connectivity through web browser:

As you can see above, we cannot connect through the internet, this is the expected behavior as we haven't assigned a public ip address to this instance since it will remain private.

Let's test connectivity from our Bastion Host

As we can see, we're able to ping our private instance though our Bastion Server

Let's try our final test by connecting through SSH from our Bastion Server

Let's create a file which contains our key pair

vi bastionDemoKey.pem

Copy the content of the key pair created in AWS

Change Permissions to the file created

chmod 400 bastionDemoKey.pem

Now let's try SSH to our EC2 Private Instance

ssh -i bastionDemoKey.pem ec2-user@172.16.2.10

We have connectivity!!

I hope you find this information helpful, if you have any issues, comments or feedback shoot me a comment.

Have a good one community!