Python library for managing AWS logs
In Amazon Web Services it’s possible to enable logging for the whole VPC (CloudTrail) or for various services provided by Amazon, like S3. These logs get stored in S3 buckets. They are generated every...
View ArticleAWS permissions – S3
A set of permissions to be used on Amazon Web Services Simple Storage Service (AWS S3) buckets. Each of them should be attached to a different group. The set imitates the Unix permissions model (rwx),...
View ArticleAWS permissions – own MFA
AWS IAM permissions to allow users to set up MFA devices for themselves. ${aws:username} restricts access to the logged on user only. “iam:ListUsers” allows them to navigate to their own user in...
View ArticleAWS permissions – monitoring services
AWS permissions intended for a group containing users that will monitor the environment, but should not have access to data and are not allowed to make any changes. Should allow members to check the...
View ArticleAWS permissions – restrict access to S3 bucket based on IP
A bucket policy that will deny access to anyone not coming from the specified IP addresses. Used in combination with IAM groups that allow access to S3, the net result will be that users will be...
View Articletcpdump – dump raw packets to file while also following on screen
The following will create a dump of raw network packets to a file, while continuously reading that file and displaying the packets on screen in human-readable format:/bin/sh -c "tcpdump -i any -w...
View Articleemrer – Python script to create EMR clusters as code
Emrer is a Python script that reads a YAML file and starts an EMR cluster as specified in that file. The main advantage over other EMR automation solutions is that it will take care of uploading the...
View ArticlePython module search order (Ansible 2.1 on El Capitan error)
Upgraded Ansible to version 2.1 on OS X El Capitan. First run, I get this error: AttributeError: 'EntryPoint' object has no attribute 'resolve' Googling for it, it seems like the cause is setuptools...
View ArticleAWS Encryption types
This post is mainly about SSE – Server Side Encryption. It was hard for me to understand, got quite confused along the way. The fact that the documentation on it is somewhat spread over several...
View ArticleGenerate self-signed TLS certificates – ECDSA edition
TL;DR:openssl ecparam -name secp521r1 -genkey -noout -out server.key openssl req -new -x509 -key server.key -out server.crt -days 730 Longer version First line generates an eliptic curve key, using the...
View Article