Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I specific where happened TLS v1 traffic at AWS Health Dashboard?

0

I want to specific where happend TLS v1 traffic. I see a below list at AWS Health Dashboard. But I'm not sure the detail. What is this IP? Where is the ARN?

Enter image description here

Topics
Management & GovernanceInternet of Things (IoT)AWS Well-Architected Framework
Tags
AWS HealthTransport Layer Security (TLS)Security
Language
English
asked 2 years ago329 views
1 Answer
0

The screenshot you provided is from the AWS Health Dashboard, showing a notification about deprecated TLSv1 traffic. The listed resources include ARNs and IP addresses. Here’s how you can interpret the information:

Resource Type and ID/ARN:

The resources are "TLS Wrapper SMTP Message" with specific IDs/ARNs. These appear to be related to email or SMTP services that are using TLSv1.

IP Address:

The IP address 103.217.108.28 appears multiple times, indicating that this IP is where the deprecated TLSv1 traffic is originating or being directed to.

Resource ARN:

The ARNs (Amazon Resource Names) provided here are in a specific format that includes the resource type, unique identifiers, and regions. For example:

arn:aws:us-east-1:TLS Wrapper SMTP Message|0100018c0b4f1092-05cc9dfd-5c5c-40d8-bff6-ad4d340b79c5-000000|103.217.108.28|TLSv1

The ARN includes the region (us-east-1), the resource type (TLS Wrapper SMTP Message), the unique identifier, the IP address, and the protocol version (TLSv1). Steps to Identify Details:

Check the AWS Resource:

Use the ARN to identify the specific AWS service or resource by searching for the ARN in the AWS Management Console or via AWS CLI.

For example, you can run:

aws health describe-event-details --event-arns arn:aws:health:us-east-1::event/TLSv1-ARN

This should give you more details about the event and the impacted resources.

Identify the IP Address:

The IP address 103.217.108.28 is likely associated with a service you are running (like an EC2 instance, a Load Balancer, or an email service). You can use the AWS VPC flow logs or CloudTrail logs to trace the traffic originating from or directed to this IP.

**Example for VPC flow logs: **

aws ec2 describe-flow-logs --filter Name=destination-ip-address,Values=103.217.108.28

Update TLS Configuration:

To address the deprecation, ensure your services and clients are using TLSv1.2 or higher.

Update your email server or SMTP configuration to use a higher TLS version.

AWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content