Leveraging Terraform and AWS VPC Flow Logs with Meta Fields for Enhanced Monitoring

Posted on by DruidSecurity

Terraform is an open-source Infrastructure as Code (IaC) tool that enables you to automate and manage your cloud infrastructure using a declarative configuration language. One of the many services that Terraform can manage is Amazon Web Services (AWS) Virtual Private Cloud (VPC) Flow Logs. VPC Flow Logs provide valuable insights into your network traffic, allowing … Continue reading Leveraging Terraform and AWS VPC Flow Logs with Meta Fields for Enhanced Monitoring

Advertisement

S3 Replication with KMS

Posted on by DruidSecurity

After much research, I have realized that there isn't really a concise, straight to the point guide on designing replication in S3, using SSE-KMS, and cross-account ownership. So, a quick guide on what has worked for me: In your ORIGIN ACCOUNT Create origin BucketCreate origin IAM roleCreate origin IAM PolicyCreate origin KMS keySet up origin … Continue reading S3 Replication with KMS

Multiple KMS Principals in Terraform

Posted on by DruidSecurity

CORRECTION: You can actually implement policies through the normal procedure, example below: principals { type = "AWS" identifiers = [ "ARN", "ARN" } However - You must verify that your Roles are already created! Otherwise you will get what appears to be a generic failure. It was just a coincidence for me that I deployed … Continue reading Multiple KMS Principals in Terraform

The Damn Vulnerable Serverless Application

Posted on by DruidSecurity

Serverless is coming, and the basics never really go away! Lambda, automation, and the no infra future In five to ten years virtual machines will be as much relics as mainframes are today. Forrest Brazeal recently wrote an article detailing a coming IT job apocalypse, and how the only way to avoid your job becoming redundant was to develop … Continue reading The Damn Vulnerable Serverless Application