AWS GuardDuty – MultiAccount

GuardDuty is a very solid service but it can give you some challenges when you have several AWS accounts spanning several regions. So here’s a way to manage all the findings from several accounts and regions. This how-to summarizes the steps and will provide links to already published ones from AWS.

1) — Pick a Master Account where you can manage/view all the findings for all your accounts. This is a quick how-to: https://aws.amazon.com/blogs/security/how-to-manage-amazon-guardduty-security-findings-across-multiple-accounts/


Continue reading!

Favorite AWS Cli command(s)

  • This will copy all the objects from one S3 bucket to another —

aws s3 cp s3://bucket1 s3://bucket2  –recursive   –grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers full=emailaddress=awsaccountemailaddress

*if bucket2 is in a different AWS account, it will need a bucket policy allowing bucket1 user to write to it.

  • This will list running instances’ instanceID, privateIP, and Tag=Name —

    aws ec2 describe-instances –filters “Name=instance-state-code”,”Values=16″ –query “Reservations[*].Instances[*].[InstanceId, PrivateIpAddress, Tags[?Key==’Name’].Value | [0]]” –output table –region us-east-1 –profile production

  • This will export running instances’  InstanceID, InstanceType, Tag=Name, Tag=Project to a .tsv file (linux) which Excel will be able to open —

aws ec2 describe-instances –output text –filters “Name=instance-state-code”,”Values=16″ –query ‘Reservations[*].Instances[*].[InstanceId, InstanceType,  [Tags[?Key==`Name`].Value] [0][0], [Tags[?Key==`Project`].Value] [0][0]]’ > test.tsv

Continue reading “Favorite AWS Cli command(s)”

GCP – Install a VPN server (for client access) on Google Compute Engine

** This needs to be updated. Stay tuned…

REQUIREMENTS:

  • You know how to spin up a Compute Engine instance
  • You are familiar with linux
  • You have no time to read lengthy how-tos – this build took me 15 minutes

USE CASE:

  • I like taking advantage of free wifi (sbux, friends, etc) but want to keep my traffic encrypted.
  • I prefer to use the native mac vpn client

Continue reading “GCP – Install a VPN server (for client access) on Google Compute Engine”