After much research, I have realized that there isn't really a concise, straight to the point guide on designing replication in S3, using SSE-KMS, and cross-account ownership. So, a quick guide on what has worked for me: In your ORIGIN ACCOUNT Create origin BucketCreate origin IAM roleCreate origin IAM PolicyCreate origin KMS keySet up origin … Continue reading S3 Replication with KMS
Multiple KMS Principals in Terraform
CORRECTION: You can actually implement policies through the normal procedure, example below: principals { type = "AWS" identifiers = [ "ARN", "ARN" } However - You must verify that your Roles are already created! Otherwise you will get what appears to be a generic failure. It was just a coincidence for me that I deployed … Continue reading Multiple KMS Principals in Terraform
Another Cloud Forensics Workshop
Pulling an image for forensic analysis is not the hardest thing in the world, and thinks to Kenneth Hartmann anyone can quickly learn how! I have long admired Ken since sitting his SANS SEC545 training. When he announced that he was working on a workshop/tutorial on how to perform forensics on EC2, I was pretty … Continue reading Another Cloud Forensics Workshop
The Damn Vulnerable Serverless Application
Serverless is coming, and the basics never really go away! Lambda, automation, and the no infra future In five to ten years virtual machines will be as much relics as mainframes are today. Forrest Brazeal recently wrote an article detailing a coming IT job apocalypse, and how the only way to avoid your job becoming redundant was to develop … Continue reading The Damn Vulnerable Serverless Application
Guided Security 