Questions tagged with Security
Content language: English
Sort by most recent
I had two questions about re:Post. 1. What kind of vetting is done in order to remove or update stale questions? 2. Could re:Post be used to answer security questions such as best practices, IT Governance, or even specific use case questions?
Hi Team, i was trying recently launched security lake, I followed the steps mentioned in the following link, ``` https://docs.aws.amazon.com/security-lake/latest/userguide/getting-started.html#enable-service ``` I am currently using this service for only one account and only one region. i have created admin IAM user and through that I am working. i have created a role "AmazonSecurityLakeMetaStoreManager" and attached policy and sts as mentioned in ``` https://docs.aws.amazon.com/security-lake/latest/userguide/manage-regions.html#iam-role-partitions ``` also i have added this role as Data lake administrator in lake formation ![Image showing role added as admin](/media/postImages/original/IMi2-gQZ4LT4auOQGc5Qy5Bw) i am not getting what actual permission i am missing to give ![image showing when trying to enable security lake](/media/postImages/original/IMT5modkeTQfCHikCssOCx-g) i am getting this error when i am trying to enable security lake through AWS console Any help is appreciable.. Thanks in advance.
I run My App in Private Subnet and add Oauth2 Login without NAT Gateway. To do Oauth login, I consider setting proxy server like nginx or squid in Public Subnet. Here, I would like to ask a question because I am confused about the concept of Proxy. 1. Is Oauth2 Login possible with Forward Proxy? Or should I use Reverse Proxy? 2. Can nginx and squid be run as Forward Proxy and Reverse Proxy at the same time? 3. Is there a way to do Oauth2 Login without NAT Gateway instead of Proxy?
I set up a public mwaa environment but i want to limit UI access to only specific IP range I tried to remove everything from the inbound security group that mwaa public environment is using but it is still accessible from the public internet, removing it also caused scheduler to crash but i added 5432 port and it is fixed, that is the only inbound rule that the environment has I am probably missing sth but not sure what Is it possible to limit access to UI ? Thanks
in security hub i have remediated the findings and changed the workflow status as resolved After 24 hrs the score is not increasing kindly help me out
I created a rule Type --> Regular, Field to match --> URI path, Positional constraint --> STARTS_WITH, Search string --> "/test" Action --> allow I'm trying to test the functionality of the rule as : "curl http://test/apache-server-testing-loadbalancer-123456789.af-south-1.elb.amazonaws.com" but it's saying "Could not resolve host: test". please how can i have "/test" at the start of the URL for the functionality test. below is the actual URI of the resource ----"curl http://apache-server-testing-loadbalancer-123456789.af-south-1.elb.amazonaws.com"
In the documentation, it's mentioned that Amazon Cognito supports developer authenticated identities work in addition to web identity federation. I just want to know if this will also work with the native identity federation.
Can Macie consolidate the findings across various regions and report from one central location (like Security Hub), or does it have to be enabled region wise?
We can create an access token and refresh the token using the Cognito user pool (assume the access token timeout is set to 30 Minutes). Usecase: Generated token two times one after another (T1, T2) as per the Cognito user pool system, both are valid for the next 30 minutes from the created time. **Output**: Both tokens are valid for the next 30 minutes. **Expected Behavior**: Once T2 is created, T1 must be an invalid token / expired. Note: You can create T2 from the refresh token or else you can create a new access and refresh token, both having the same result as mentioned above. How we can manage the tokenization approach in Cognito to overcome this issue? Is there any way or feature in Cognito to achieve this feature?
Hi, I'm developping a node js site in EB and inside i use Google API. For this i have a large private key ``` -----BEGIN PRIVATE KEY-----\nihriohioerhfierjfirejfi=\n-----END PRIVATE KEY-----\n ``` I tried to store it inside environment variable but it's limited with 256 characters. EC2 key pair value has the same size limit So my question is: Where do i have to store this key and how can i use it inside my node js app? I found this link but i'm not sure if it's the right way and it's not enough explain (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-storingprivatekeys.html) Thanks for your help
Is there an API for fetching Access Level for the AWS service actions. For Example: iam:ChangePassword has a write Level access. Ref: https://docs.aws.amazon.com/service-authorization/latest/reference/list_identityandaccessmanagement.html
Is there any expiry date of the security token present in the URL which I got through: ``` Amplify.Storage.getUrl( "ExampleKey", result -> Log.i("MyAmplifyApp", "Successfully generated: " + result.getUrl()), error -> Log.e("MyAmplifyApp", "URL generation failure", error) ); ``` I'm asking this because I want to hardcode the URL in my post model of graphql schema Second question: is it good to hardcode the URL? I'm worried because recently the s3 object URL format got deprecated. Update (September 23, 2020) – Over the last year, we’ve heard feedback from many customers who have asked us to extend the deprecation date. Based on this feedback we have decided to delay the deprecation of path-style URLs to ensure that customers have the time that they need to transition to virtual hosted-style URLs. Like this one day, virtual hosted-style URLs might be deprecated