AWS

Amazon Web Services (AWS), is a collection of remote computing services, also called web services, that make up a cloud-computing platform  operated from 11 geographical regions across the world. The most central and well-known of these services include Amazon Elastic Compute Cloud, also known as "EC2", and Amazon Simple Storage Service, also known as "S3". Other services include Elastic MapReduce (EMR), Route 53 (a DNS web service),  provides a highly available and scalable Domain Name System (DNS) web service, Virtual Private Cloud (VPC), storage, database, deployment and application services.

Share tech news, updates, or what's on your mind.

Sign up to Post

In AWS we have Lambda code and rest of the project is using AWS Glue code. Now, I need to have 2 Jenkins configurations in one yaml file one is for lambda and one is rest of the project. How can i achieve this?

Deployment script for Serverless and rest of the project in single yaml file with two different Jenkins configurations.

Thanks in advance.
0
OWASP: Forgery and Phishing
LVL 13
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

I have a three hosts on a private IP space and I want to have a 1:1 NAT to present each to the Internet. I'm familiar with PAN and Cisco firewalls, but the AWS lingo I find confusing for what should be such a simple thing. I've been settup up NATs forever. Anyhow.. since the VPC and the hosts are already setup in AWS, at this point do I just need to create the NAT gateway? And then do I need to add routes to the subnets outside? If someone could explain in terms a traditional network person would understand - I'd much appreciate it.
0
Hello EE,

I wish to redirect TCP port 1414 traffic ( websphere mq) from one external hosting environment, to one aws account in ca-central-1 , then onto another account in ap-southeast-1, and back again. The reason I am doing it this way,  is to hopefully utilize amazon's priority traffic link between aws Canada and aws Singapore as opposed to routing over the traditional public internet route and improve qos. There is a vpn established beween hosting location1and aws central canada already .So the route would generally look like this ;

Outbound . mq server in hosting location1 ===> proxy , instance or other sys object  in aws central canada ===> mq server in aws Singapore .

then return on ;

Inbound. . mq server in aws Singapore ===> proxy , instance or other sys object  in aws central canada ===> mq server in hosting location1

I thought about using a preexisting linux instance in aws central canada and using the iptables to route out that way or perhaps there is a better approach using route 53 or other aws service . Your recommendations are appreciated.
0
Im creating a set of instances using terraform with a security group. In the security group i need to mention the private Ip address as ingress rule in the security group . I need to attach the same security group to all the instances. Can somebody give any suggestion to help me on this
0
Hello Expert

I got a customer that have an AWS environment.
I have never work with AWS before and i am trying to connect to the VM. But i cant because to connect it require a SSH key, but i dont have that and also the previous tech dont have that either.

What is the best way for me to gain access to the VM

Thanks in Advance
0
I have a Windows Server 2016 hosted on AWS EC2 using Plesk Onyx as a hosting control panel. It is a shared server and hosts multiple websites.

We have a requirement for one of our shared hosting clients to make their website and therefore our server PCI compliant in order to host a credit card payment page. One of the requirements is to disable the following outdated or vulnerable ciphers:

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)
It is also a requirement to disable TLS 1.1.

However, I have the following concerns if the above changes are applied:

1. Disabling 3DES will create an issue accessing my server via remote desktop (RDP)
2. Disabling TLS 1.1 will break Plesk (latest version) Admin interface
3. Disabling the ciphers and TLS 1.1 will cause issues for visitors using Windows XP or outdated browsers.

I'm not too concerned about the last issue but am very concerned about not being able to access RDP and Plesk. Indeed applying these changes will likely lock me out of my server completely which can only be resolved through direct physical server access.

Is anyone aware of a workaround to resolve these issues? If need be we will consider a dedicated server just to satisfy our PCI compliant websites.
0
Hi Windows and Powershell experts, please help!


Scenario:
I create 30+ servers (AWS EC2 Windows).
I have a windows jumpbox, where I RDP to this jumpbox first.
Then, after above servers are up and running.
I would like to test connectivity with two credentials
      1. With local windows user
      2. LDAP user
This is just to avoid manually login and validate each user login

Can we use powershell from the jumpbox to these 30+ servers from commandline? how to automate these two login check

please help
0
Hi,

Am trying to create a solution to convert spring boot microservices to AWS Lambda. Am getting mixed opinions on if spring boots should even be considered suitable for aws lambda.
Under what circumstances would it make sense for me to go ahead with the conversion?
What type of assessment checks should I do before I try to re-write a Java based microservice to a serverless function?
0
We are looking for a way to re-route some public IP addresses.

Currently, we are using a datacenter that has a public cloud environment where we have a handful of virtual machines. We rely on some of the public IP addresses inside that cloud. We are looking at moving some of our servers to AWS due to the outages we have had with our current datacenter. Some of our systems rely on these public IP addresses.

I am looking for a way to deploy some type VM that can proxy those IP addresses to a new public IP address. Is this possible?
0
Hello everyone,

 

I have a weird issue that I can't seem to figure out.

 

I have 2 MySQL instances on AWS that, while testing, are accepting requests from anywhere (0.0.0.0/0) on port 33061 and 3306 respectively. That is to say MySQL# 1 is using port 33061 and MySQL# 2 is using port 3306 from anywhere.

 

From behind my USG Pro I can only access MySQL# 2 port 3306. MySQL# 1 port 33061 returns this error "Could not open connection to the host, on port 33061: Connect failed"

 

From other machines outside of my network, I can access both the MySQL#1 and #2 instances. This leads me to believe that something is blocking outbound accessing on port 33061 on my USG Pro. But looking at all of the configs I can't seem to figure out what is causing this. I have no outbound firewall rules in place AFAIK, everything is open outbound. What else might be going on?

IPS/IDS is not turned on. Only DPI is turned on.



Thanks in advance.
0
Become a Certified Penetration Testing Engineer
LVL 13
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Wanted to get some assistance with O365 security.  How can I do so and maybe with the help of some CBT's?  Any recommendations?  
I'd like to be able to analyze a file/attachment, how do I do so?
I'd like to be able to verify the alerts and so forth, in general.
0
I wanted to learn more about Azure and more specifically, Azure security and wanted to know what tools are available for this?  More in the CBT area...

I also wanted to know the best practices as far as creating or bringing in playbooks with regards to security.  Looking at the recommendations section, within Azure,  we seem to need a lot of help.  The recommendations are as follows...

Enable MFA for accounts with owner permissions on your...

Install monitoring agent on your VM.

apply a just-in-time network access control
provision an azure AD administrator for SQL server

and so and so forth.  I has thinking that I could possible take care of most of these alerts/suggestions by having a playbook.  I'm not very familiar with Azure so any recommendations would help.

Thanks
0
what we would like to see to assess the security implications of  proposed  use services that are available in Azure/AWS but not yet included in the FedRAMP authorization boundary?
0
How to write application event logs in individual (not centralised) docker container for windows that has been deployed in Azure service fabric via AWS cicd . what configuration is needed if any ? if it is being logged then  what will be the file path.  ?
0
I have a very well developed site on GoDaddy that has CPanel and MySql backend. My customer is wanting it all on AWS and it seems as though this is not a learning curve, but more of a mountain to climb. If anyone knows how to do this, we would be looking at partnering to learn how to do this. All my web pages are also PHP if that helps.
0
We are unable to find a common cause of these CPUs maxing out.  Seemingly random users utilizing multiple and single Remote Desktop instances, some have been idle and some lock up while working.  Once ending task/process, CPU returns to normal and the connection can be re-established with no issues.  Until it happens again.

Servers are hosted in AWS using EC2 instance.  
15+/- concurrent sessions on server at once.
Applications vary but mostly DocStar, Chrome and Outlook.
All workstations are on latest WIn10 Pro version and updates are current.
Sophos Endpoing on server and workstations

We've checked system/application logs on both server and workstation but no warnings, errors or log entries appear at the time of freeze up.
0
I have a AWS S3 path that contains files in .tsv format. Now i need to get metrics for that file like how many rows, columns are there, start_time and end_time, table name etc.,.
0
I need to be able to receive faxes + metadata from and AWS EC2 platform running linux (1st choice).  I want to recieve the faxes in a folder (automated) or in S3 (pref), and I want to use the metadata to alert our system that the fax has arrived (the information will be put into a database).  Can you recommend a solution that you know will work?  I keep coming up with solutions that will put the information into an email only
0
I Need to Automate the creation EC2 Centos7 instances (50 of them)  with two private IP address. I am familiar with Ansible or AWS Cloudformation so I can use either tool. Here are my requirements

- Eth0 needs to be on the 172.30.0.x subnet (Pre-existing subnetA)
- Eh1 needs to be on the 172.20.1.x subnet.  (Pre-existing subnetB)
- The IP address need to be private and controlled for each instance for example for Node 90 The IP for Eth0 is 172.30.0.78 and for Eth1 it is 172.30.1.78.
- The Hostname needs to be changed Node {90 - 140}

The challenge that I am running into is that it is hard to find example  where someone has done something similar. For example I don't know how to

1. Assign a Subnet / Private to one NIC
2. Assign a different Subnet / Private IP to a different NIC --most docs just show support for one NIC
3. Change the Hostname during time of EC2 instance Creation


Most of the stuff I want to is static. Most of the documentation only shows how to create dynamically assigned attribute. Or leverage VPC / Subnets that Cloudformation created and is already aware of (e.g. !REF)

Does anyone know a good article suggestions such that shows how to do this or a good Github example I can use as a template?
0
Expert Spotlight: Joe Anderson (DatabaseMX)
LVL 13
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

I recently migrated a Windows Server 2008 R2 Terminal Server to AWS.

Everything seems to be working properly except for printer redirection.  I've tried from numerous clients such as Windows 7, 10 and another Server 2008 R2 machine and printers will not redirect from the local client.

RDS role is installed, licensing is configured properly and I've tried to enable / disable Easy Print to no avail.

It seems like a number of other people have experienced issue on AWS, but there doesn't seem to be a clearly defined solution.

Any assistance or ideas would be appreciated.
0
Regarding in AWS, Security group rule issue,

We have created security group and associated with EC2 Instance. In that security group rule we mentioned source as another security group(for example SG-12345) however the access it is not working but in that rule if we add source as particular IP Address or subnet it is working. We do not know what is the issue and why it is not working if we add source as another security group.

Please help me to suggest and fix the issue. Please do the needful.

Thank You
0
Is there a S3 API that can help me measure the time it takes for replication across two data centers?

I am trying to read the metadata (REPLICATED, PENDING, etc) to measure  the time. But the status always returns null to me.

Does this work only with CRR?
0
I have a Windows Server 2008 R2 server that is configured as an RDS server.  It was a physical box on site and we recently migrated it to AWS.

Everything seems to work fine since the migration to AWS aside from printer redirection.  

I have confirmed that printing is configured properly on the RDP configuration, the spooler is running and the server has the correct drivers installed for each printer.  I have confirmed Easy Print is turned on and that redirection is configured in the RDP client.  The server is joined to the domain and has a secure connection to AD.  Easy Print is enabled, but I have tried disabling it to no avail.

I've read about other people having issues with printer redirection on AWS.  Any help or suggestions would be greatly appreciated.
0
AWS - two questions pertaining to AWS, or hosted services.  First off, I am trying to get an idea if AWS is a cost effective hosting replacement solution for small business where in house they have anywhere from 1-6 servers, from a cost perspective.  I took a peak at some of the sizing tools for AWS, but not clear on how I would assess throughput, if all daily functions were moved to AWS.  Would you also move all infrastructure servers and clients would authenticate to DCs in the cloud?  I am not sold on this at all, but it makes absolute sense to know the pros and cons.  From a control and cost and security perspective it probably still makes more sense to go with in-house servers for small business, but need to confirm.


Secondly - what is the best way to get familiar with AWS, for small Windows environments, trying to see if it makes sense from a business continuity stand point. For example, currently using Veeam to replicate all VMs to another remote host, so if we lose site A, we can spin everything up within minutes.  Any thoughts on best way, to get a good understanding of AWS?

Thanks guys!!!
Licompguy
0
Hi,

I am looking into purchasing AWS dedicated hosts for licensing reasons. I am assuming that when the hardware running a Dedicated Host fails, all instance hosted on it also fail. Does anyone know what happens in this event?

Thanks,
Adrian
0

AWS

Amazon Web Services (AWS), is a collection of remote computing services, also called web services, that make up a cloud-computing platform  operated from 11 geographical regions across the world. The most central and well-known of these services include Amazon Elastic Compute Cloud, also known as "EC2", and Amazon Simple Storage Service, also known as "S3". Other services include Elastic MapReduce (EMR), Route 53 (a DNS web service),  provides a highly available and scalable Domain Name System (DNS) web service, Virtual Private Cloud (VPC), storage, database, deployment and application services.