Questions tagged with Security

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Perhaps we grossly misunderstood the documentation at [https://docs.aws.amazon.com/singlesignon/latest/userguide/how-to-register-device.html ]() This is the issue we are confronted with: [https://1password.community/discussion/comment/671435#Comment_671435]() Can't seem to be able to get this completed for me or users. Will appreciate any insight that I might be missing. Thanks
1
answers
0
votes
15
views
profile picture
asked 15 days ago
Hi team, I want to create a Red Hat OpenShift Service on AWS (ROSA) cluster and I'm not sure if I should give - Machine CIDR: - Pod CIDR: the same IP CIDR range which is the subnet CIDR, since machines and pods are running inside the same VPC, inside the same subnets. or those values should be different? my understanding is that machines and pods are running inside the same subnet so - Machine CIDR: - Pod CIDR: logically have the same IP range which is the IP range of the subnet in which they are running. for service CIDR can use always this value? - Service CIDR: 172.30.0.0/16 is there a specific workshop that walkthrough detailed steps on how to create a ROSA cluster inside **private VPC** with a **private link** thank you!
1
answers
1
votes
28
views
Jess
asked 17 days ago
I'm trying to block Tor only connections against my aws resource using the AWS WAF rule group managed by AWS called AWS-AWSManagedRulesAnonymousIpList (https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-ip-rep.html ) At the the top they say "These include requests from VPNs, proxies, Tor nodes, and hosting providers" but when descreibing AnonymousIPList labels you said "Inspects for a list of IP addresses of sources known to anonymize client information, like TOR nodes, temporary proxies, and other masking services." so its not clear if VPN is a masking service or not for me since the description is seems pretty broad and non specific
1
answers
0
votes
28
views
asked 17 days ago
Hi! I'm looking to implement the aws-sdk on my web application with 2 layers of security. 1. Some images should be publicly accessible (For example company logos). This is to prevent needing to re-authorise images constantly on each page load 2. Some images should be private and only shown if authorised (e.g more confidential images relating to a company) Is there a better way for me to do this? If not, with my current setup it appears that even when I set CannedACL to private it always has the object set to public when in S3. I've attached my configuration and usage below, any help would be really appreciated! ![Bucket Settings](/media/postImages/original/IMIRW_qXm4S6apbkGuA5PuOw) ![Bucket Policy](/media/postImages/original/IMQ5cLs69FRVWxlPT2XRe72Q) ![CORS Config](/media/postImages/original/IMAlDGKUvFS9Klf1B6U9ui8Q) ![Usage in code](/media/postImages/original/IMuZC_bhO-TZG4D5kDVPveiw) Thanks!
1
answers
0
votes
21
views
asked 18 days ago
Hi all. Seeing that EKS no longer supports docker from version 1.24, is it advisable to use cri-dockerd? How does one go a bout configuring it in EKS? and are the any other alternatives for this? Thanks in advance.
0
answers
0
votes
20
views
asked 18 days ago
What security group inbound rule do I need to add that will allow AWS Systems Manager State Manager to run the AWS-RunPowerShellScript document on an association of EC2 Windows instances?
2
answers
0
votes
45
views
asked 19 days ago
Hi, when trying to delte my hosted zones, i get this error "Error occurred Bad request. (InvalidKeySigningKeyStatus 400: Key Signing Key with name datalabsai cannot be deleted because current status is not INACTIVE. You can use DeactivateKeySigningKey to deactivate the Key Signing Key before you delete it.)" I followed each step in the documentation but I am still not able to delete the hosted zone. Any solution???
1
answers
0
votes
20
views
asked 20 days ago
Hi All. Does anyone know how to configure private registry in EKS(1.24) which uses containerd? we previously used to set this up using a node template which would add the private registry into the daemon.json file during creation, is the a similar way we could achieve this?
1
answers
0
votes
27
views
asked 22 days ago
Hi, I am running `yum --security update-minimal` daily on an EC2 instance powered by Amazon Linux 2. That keeps returning `No package matched to upgrade: python2-rsa-0:3.4.2-3.el7` for a few days now. Based on [Amazon Linux 2 FAQ](https://aws.amazon.com/amazon-linux-2/faqs/) "There are no plans to change the default Python interpreter. It is our intention to retain Python 2.7 as the default for the lifetime of Amazon Linux 2. We will backport security fixes to our Python 2.7 packages as needed." I assume that the security fixes from `python2-rsa-0:3.4.2-3` have been backported to the newest available package (also included in the [latest AMI release](https://docs.aws.amazon.com/AL2/latest/relnotes/relnotes-20221216.html) = python2-rsa-3.4.1-1.amzn2.0.3.noarch). However yum does not seem to be happy about it. I could disable `yum priority plugin` (in `/etc/yum/pluginconf.d/priorities.conf`) and install `python2-rsa-0:3.4.2-3.el7` from `EPEL` but I would like to know whether there is another solution. Thanks!
1
answers
0
votes
38
views
asked 23 days ago
I would like to enable Amazon CloudWatch to monitor web requests ,web ACLS and rules but the documentation does not say if there is an additional charges for that. I know there is charges for using CloudWatch for WAF logs. Please if anyone could clarify if there is an additional charges to my question. Here is the link below https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html
1
answers
0
votes
46
views
bibi143
asked 24 days ago
Hi, i have been trying security lake from few days, after dealing with lots of erros and all i was finally able to activate security lake in my account but further i wanted to ingest that data into splunk , i refer the following offical document to connect my AWS to splunk, https://github.com/splunk/splunk-add-on-for-amazon-security-lake/blob/main/Splunk%20Add-on%20for%20Amazon%20Security%20Lake.pdf it may seems for me that AWS account is connected but there is some permission issue regarding sqs, when i am trying to configure input i am getting error for Access denied to listqueues. i checked for permissions but it is already being given for role. Requesting you to please help me with that as this security lake completely new in AWS and there are not much resources available to look for. Hope you understand and proceed to help me with my concern on live call. i am attaching screenshot of error in Splunk![Enter image description here](/media/postImages/original/IMfr1KzRrIQ-WyfobbUXsxQg)
0
answers
0
votes
17
views
asked 24 days ago
HI, I have a lambda that retrieves data from the web and save it to an RDS. The lambda and the RDS are part of the same VPC. In order to allow access to the web i had to create an elastic IP and NAT gateway both are not in the free tier. Is there any way to do this with in the free tier ? Support told me I need to associate the elastic ip to the lambda to include it in the free tier but i dont see how can i do that. Can i simply remove the lambda and RDS from the VPC to solve this ? Thanks
2
answers
0
votes
76
views
asked a month ago