I am currently working on a Cloud migragion project. The goal is to move the on-premise applications (mostly are Atlassian tools) to AWS. And we need to build everything from scratch. I take it as a good opportunity to refresh what I learned in the past a few years, and also implement the best practices … Continue reading SAML-Based Federation for AWS Access
Starting April 28, 2018, AWS will start to support Certificate Transparency. I am new to this, here are somethings that I learned so far. What exactly is certificate transparency? Certificate Transparency framework is a project that is initially launched by Google. What problems does certificate transparency solve? It is designed to solved some flaws in the … Continue reading Certificate Transparency
As mentioned in my previous blog New to AWS GuardDuty? I have been working on open sourcing the tool that I wrote for internal use. Now it is public available on my GitHub: AWS GuardDuty Manager Description AWS GuardDuty Manager (GDM) is a tool that allows you to perform some common GuardDuty tasks (start, stop and … Continue reading AWS GuardDuty Manager
If you are new to AWS GuardDuty, FAQ is the best place to start from. I am currently working on a GuardDuty relevant project, and here are some bullets that I quickly summarised. Hope it is useful to you. GuardDuty is AWS managed continuous thread detection service. It detects the threads by analysing the VPC Flow … Continue reading New to AWS GuardDuty?
Do you know how many Amazon issued certificates (ACM) or user uploaded certificates (IAM) in your AWS accounts? How many certificates have been deployed to production in your Akamai contracts? Not sure about you, but I don't know the answer. So I wrote a tool called CertStuff to get all those information (common name, SAN, … Continue reading CertStuff
I guess you have heard the name of Meltdown and Spectre already. If not, check out this site https://meltdownattack.com/. Definitely, it is not a good start of a New Year. All Cloud providers are busy with patching the kernel of their underlying systems. AWS Elastic cache (Redis) is one of them. Due to its single threaded nature, … Continue reading Redis CPU Usage Ramps Up after Kernel Patching
Domain Validation (DV): This is a lower level of validation. The CA validates that you have control of the domain. A DV certificate expires in 90 days. Organization Validation (OV): A higher level of validation. The CA validates whether or not the company is valid, if it is registered, and if the business contact legitimately … Continue reading Three types of CA Validation Certificate