DEV Community: Victor GRENU

AWS Security Survival Kit

Victor GRENU — Thu, 17 Aug 2023 08:41:10 +0000

🚑 AWS Security Survival Kit

🧠 Rationale

This AWS Security Survival Kit (ASSK) sets up a basic proactive monitoring and alerting environment on common suspicious activities in your AWS Account.

We know that CloudTrail is the bare minimum service to activate on a newly created AWS Account to track all activities on your AWS account. It helps, but this will not alert you to suspicious activities by itself. You still have to check periodically if something has gone wrong in multiple services and the console.

With these CloudFormation templates, you will bring proactive security monitoring and alerting to your AWS account. It's complementary to the GuardDuty service as there are no built-in alerts on GuardDuty.

💾 Suspicious Activities

Using this kit, you will deploy EventBridge (CloudWatch Event) Rules and CloudWatch Metric Filters and Alarms on select suspicious activities. It comes with a CloudWatch Dashboard to give you more insights about what is ringing 🔔

The following suspicious activities are currently supported:

Root User activities
CloudTrail changes (StopLogging, DeleteTrail, UpdateTrail)
AWS Personal Health Dashboard Events
IAM Users Changes (Create, Delete, Update, CreateAccessKey, etc..)
MFA Monitoring (CreateVirtualMFADevice DeactivateMFADevice DeleteVirtualMFADevice, etc..)
Unauthorized Operations (Access Denied, UnauthorizedOperation)
Failed AWS Console login authentication (ConsoleLoginFailures)
EBS Snapshots Exfiltration (ModifySnapshotAttribute, SharedSnapshotCopyInitiated SharedSnapshotVolumeCreated)
AMI Exfiltration (ModifyImageAttribute)
Who Am I Calls (GetCallerIdentity)
IMDSv1 RunInstances (RunInstances && optional http tokens)

🤖 ChatOps

Setup AWS Chatbot for best experience to get notified directly on Slack and MS Teams.

📈 Dashboard

ASSK comes with a CloudWatch Dashboard, please don't hesitate to adjust to your needs.

🎖️ Credits

AWS Security Boutique: zoph.io
💌 AWS Security Digest Newsletter
Twitter: zoph

AWS Security Digest

Victor GRENU — Wed, 27 Oct 2021 09:07:33 +0000

Folks,

📬 Issue #42 of my low-volume (once a week) newsletter “AWS Security Digest” is out.

What you will find:

Highlight of the week 🔦
Change since last week on AWS Managed IAM Policies 🕵🏻‍♂️
Curated Cloud Security Newsletters 💌
AWS API changes 👀
IAM Permissions changes 🔒
Most upvoted posts on r/AWS 🆙
Top shared links on Twitter (by cloudsec folks) 🔗
Most engaged Tweets from the community 🐦

Adopt a slow-tech 🐌 approach by reading only essential, digest summary of what is going on in the AWS Security landscape.

With already 300+ subscribers with famous folks from @netflix and @amazon, you can’t go wrong :)

https://app.mailbrew.com/zoph/aws-security-digest-HrkhwqNrwBBk

AWS Re:Invent Con - One-Pagers

Victor GRENU — Sat, 21 Nov 2020 08:10:14 +0000

Like every year, I will publish my "One-Pager" recap of all pre / re:Invent launches and announcements.

This year will be more collaborative as the Markdown files are on GitHub. Any volunteers to help me to catch them all?

https://github.com/zoph-io/awscon-onepager/blob/master/reinvent/reinvent-2020.md

Build a Serverless Twitter Dashboard using DynamoDB, APIGW, and Highcharts

Victor GRENU — Sun, 25 Oct 2020 18:57:21 +0000

TL;DR

HighCharts -> APIGW -> DynamoDB + Lambda function 🎉 cockpit.zoph.io

Introduction

Lately, I was working on a new version, API Based, for my Twitter Cockpit. In the previous version, Highcharts was loading data from some flat csv files.

The goal of this cockpit is to retrieve and store unlimited history of specific Twitter Accounts based on a Twitter List. It means that you can control it from Twitter which accounts you want to graph the follower/following history. When you are using Twitter Analytics, the history only compares followers (not following) to the previous 28 days period, and the graph is in fact a non-clickable thumbnail image, a very poor experience for free users.

It was for me an opportunity to work on a DynamoDB data modeling, and craft an API Gateway from scratch. 🧑‍🏭

Technical Stack

CloudFront + S3 Origin + ACM Certificate
API Gateway
DynamoDB Tables
IAM Roles
Github Actions as CI/CD Pipeline

Architecture Schema

DynamoDB Tables

You will need to prepare carefully your data model here, and understand clearly how DynamoDB is working under the hood.

For my use-case, I've decided to use two DynamoDB tables, one for users statistics, and another one for user-list, used later for the <select> on the webapp.

Stats table

The data model for this table is pretty simple, I'm using the following attributes:

scan_date as the hash key
screen_name as the range (sort) key

As my scan_date is not unique, I was needed to select a range key as well.

Beware of the reserved words on DynamoDB.

Now, I need to query the table by the user, because my graph is on a per user basis. To do so, I've used a Global Secondary Index (GSI):

screen_name as the hash key
scan_date as the sort key, as my data needs to be ordered by date for HighCharts

The advantage of the index, is that you only need to specify one attribute when you are querying this index, in my case, it was screen_name.

Users table

The goal of this table is to store for later expose the list of current lambda crawled users (from the Twitter list)

The data model for this table is pretty straightforward: screen_name only, as this attribute will be unique. That's all.

At this stage, for users table, I'm using a Scan on DynamoDB to retrieve the full list of users.

API Gateway

To get data from DynamoDB, we will need to create a GET API method, and apply some transformation using Apache's Velocity Templating Language (VTL). Warning the AWS Service Method to interact with DynamoDB is a POST Method.

Integrated Request - Mapping Template

In this mapping, we are passing the input param to the KeyConditionExpression, and we query the index (GSI).

{
    "TableName": "twitter-cockpit-sandbox",
    "IndexName": "screen_name-index",
    "KeyConditionExpression": "screen_name = :v1",
    "ExpressionAttributeValues": {
        ":v1": {
            "S": "$input.params('user')"
        }
    }
}

Integrated Response

For each Item I need to format the response from the API Gateway in DynamoDB Format, using Integrated Response, to format as you want the expected result to fit with the requirements of Highcharts.

#set($inputRoot = $input.path('$'))
{
    "cockpit": [
        #foreach($elem in $inputRoot.Items) {
            "scan_date": "$elem.scan_date.S",
            "screen_name": "$elem.screen_name.S",
            "followers": "$elem.followers.N",
            "following": "$elem.following.N"
        }#if($foreach.hasNext),#end
    #end
    ]
}

FrontEnd

This part was the hardest part for me, as I'm more the backend / infrastructure guys...

I'm only using some HTML and Javascript (jQuery) + CSS.

Conclusion

The integration between API Gateway and DynamoDB is pretty cool and easy to manipulate, you don't need to use a proxy Lambda function for every use-cases. This architecture is scalable, managed, and cost-efficient.

The source code for this workload is not yet open-sourced, as some elements are not yet fully-automated, please tell me if you are interested to get early access.

That's all folks! Don't hesitate to Ask Me Anything (AMA) on comments or on Twitter.

zoph.

Update on being Independent [6 months later]

Victor GRENU — Thu, 11 Jun 2020 20:16:40 +0000

This post is the second part of a series about my journey as an Independent AWS Cloud Architect.

Status

As I've already told you in the first part, I've started my own business in early January 2020.

After the first 6 months of being an Independent AWS Architect in France, I'm very happy with this move, no regret, and I won't see any upcoming U-turn move to come back as a full-time employee.

Today, I have the chance to work on large scale projects with a broad impact. They have mostly a "sense" (to me) as I'm working for a company that is driving renewable energy adoption world-wide. My mission is a long-term engagement (1 year + 1 year in option) with a room for extra small engagements for other customers.

COVID-19 💉

During this difficult situation of COVID-19 pandemic, I was assigned to home like almost everyone on earth, with my wife (also in work from home), and my three daughters 👸👸👸.

At the beginning, it was difficult to set up a new organization with the girl's homework, meals, occupations, and the rise of numerous meetings that could be an email ;).

But after few weeks, we found the proper schedule thanks to my ~~wife~~ Wonderwoman.

I have the chance to work for a large company during this period who let work continue my engagement naturally from home without any impact. I'm still prudent as this engagement could be cut rapidly due to the current crisis and budgets cut 🤞.

The Good 👍

Freedom:
- No more: manager (only customers), bi-annual reviews, endless HR discussion, asking authorization for whatever you need to get your job done.
- To choose your laptop setup, mobile phone, chair, desk, tooling, ~~high-tech~~ nerd stuff (tax-free) for your business.
- To be able to buy any training or books without asking anyone to ramp-up on some trending new tech.
- To choose my engagements, and say no to missions that are not relevant for your business.
- To select your business model: paid consulting, sell products, offer training, write books, seat consultants, etc...
My compensation is higher (by at least 20%) than in a full-time employee position in consulting firms.
Stop internal promotion run, competition between co-workers, or political aspects.
Feeling to be outside of my comfort zone, which allows me to give even more to my customers.
Lots of days-off. (5 to 9 weeks), this is a great work-life balance.

The Bad 👎

You'll have to justify every cent spent for your business, and it's normal but could be time-consuming and you will need to be very precise and rigorous, keep all receipts and invoices for later controls by the (French) administration.
- With proper automation and good tooling, I'm spending 2 hours a week on administration stuff with a peek at the end of the month: Invoicing & Time tracking period.
As said before, during this difficult period of the pandemic of COVID-19, the first population of IT professionals at risk are freelancers, as we are the adjustment variable for customers, we need to be very careful.

The Ugly 🐵

Time tracking is boring, I need to do this exercise on:
1. Project Level: Time tracking for Projects I'm working on (by hour): > 3 currently for a single customer.
2. Customer Level:
  1. Global time tracking for my customer.
  2. Time Tracking for the intermediate company, used for billing large companies to simplify internal procurement procedures.
Track kilometers spent on the road.

About the loneliness

I don't feel so much lonely, In fact, not more than before. I've created a small Slack Workspace with some friends working on DevOps/AWS stuff, some are freelance as well. I've also joined several well-know platforms with also, a Slack to exchange and get feedback from other independents folks. I also participate in meetups or and talks to DevOps friends regularly on Twitter.

Let me know if you have any questions regarding my journey as Independent/Freelancer.

Interested to talk about automation and AWS security best practices? Hire me on zoph.io.

That's all folks!

zoph.