Use AWS Secret Manager to handle credentials


AWS Secret Manager is a great solution for secret management. It is similar to HarshiCorp Vault, but with better integrations with other AWS services, e.g. IAM, RDS, Redshift, DocumentDB. As illustrated above, I created a database in RDS and a credential in Secret Manager, then attached the credential to the database for dynamic reference. The … Continue reading Use AWS Secret Manager to handle credentials

Share encrypted AMI across AWS accounts


AWS has made sharing encrypted AMI cross accounts a bit easier now, check this out - https://aws.amazon.com/about-aws/whats-new/2019/05/share-encrypted-amis-across-accounts-to-launch-instances-in-a-single-step/ Here is a sample of how to share encrypted AMI across accounts and launch an instance from it: https://aws.amazon.com/blogs/security/how-to-share-encrypted-amis-across-accounts-to-launch-encrypted-ec2-instances/ If you need to run autoscaling group from the encrypted AMI, it requires a few extra steps. Mostly it … Continue reading Share encrypted AMI across AWS accounts

Using Comala worflow to classify Confluence page


I was working on a data classification project a few months ago, and one of systems that needs to be classified is Confluence. The data on Confluence can be Public, Internal, Protected and Highly Protected. I designed a solution to use Comala workflow which we have purchased already, so no more extra cost on software. … Continue reading Using Comala worflow to classify Confluence page

iframe shows as blank page in Confluence


If your added iframe macro shows as a blank page in confluence page. I think there are two places you need to check. Ensure the site url (include protocol scheme) has been whitelisted. Check whether the site allows cross origin access. For example, *.sharepoint.com does not cross origin access by setting x-frame-option as SAMEORIGIN. Reference: … Continue reading iframe shows as blank page in Confluence

ERR_CERT_COMMON_NAME_INVALID because of Subject Alternative Name missing


If you are seeing similar errors in Chrome as below, your private cert probably missed the SAN. Starting from Chrome 58, it validates the DNS against the SAN that is in the certificate. Here is the quote that I found "Certificates have two ways to express the domain/IP they're bound to - one which is … Continue reading ERR_CERT_COMMON_NAME_INVALID because of Subject Alternative Name missing