January 28, 2023

Base Container Image Size and Vulnerabilities

What do you do when there are constantly vulnerabilities in production? Well, if your product runs heavily in containers, trying to deal with them before they make it into production is an option. In this post, I’m going to look at packaging a small Python code base in images of various sizes and how that can affect vulnerability counts in the end “product”. I’m going to use Python for this because it’s a language I’m comfortable with.

June 19, 2021

Part 5 - AWS For Personal Use/Learning: Intelligent Threat Detection

This is the fifth and final post in what is a multi-part series on some suggestions based on AWS Well-Architected Framework best practices focused on setting up an AWS account(s) for personal use and learning. For other parts in the series see: Part 1 - AWS For Personal Use/Learning: Secure Multi-Account Setup Part 2 - AWS For Personal Use/Learning: Identity and Access Management Part 3 - AWS For Personal Use/Learning: Account Level Guardrails Part 4 - AWS For Personal Use/Learning: The Audit Trail If you have IAM identities (users, roles) and compute workloads running in AWS, there is no excuse to not be using Amazon GuardDuty.

June 4, 2021

Part 4 - AWS For Personal Use/Learning: The Audit Trail

This is the fourth post in what is a multi-part series on some suggestions based on AWS Well-Architected Framework best practices focused on setting up an AWS account(s) for personal use and learning. For other parts in the series see: Part 1 - AWS For Personal Use/Learning: Secure Multi-Account Setup Part 2 - AWS For Personal Use/Learning: Identity and Access Management Part 3 - AWS For Personal Use/Learning: Account Level Guardrails Part 5 - AWS For Personal Use/Learning: Intelligent Threat Detection An important part of security is attribution or accountability - who did what (also helpful is when and sometimes from where).

June 1, 2021

Part 3 - AWS For Personal Use/Learning: Account Level Guardrails

This is the third post in what is a multi-part series on some suggestions based on AWS Well-Architected Framework best practices focused on setting up an AWS account(s) for personal use and learning. For other parts in the series see: Part 1 - AWS For Personal Use/Learning: Secure Multi-Account Setup Part 2 - AWS For Personal Use/Learning: Identity and Access Management Part 4 - AWS For Personal Use/Learning: The Audit Trail Part 5 - AWS For Personal Use/Learning: Intelligent Threat Detection So far in this multi-part series, the benefits of multiple AWS accounts has been discussed and AWS Organizations has been configured to enable that approach.

May 28, 2021

Part 2 - AWS For Personal Use/Learning: Identity and Access Management

This is the second post in what is a multi-part series on some suggestions based on AWS Well-Architected Framework best practices focused on setting up an AWS account(s) for personal use and learning. For other parts in the series see: Part 1 - AWS For Personal Use/Learning: Secure Multi-Account Setup Part 3 - AWS For Personal Use/Learning: Account Level Guardrails Part 4 - AWS For Personal Use/Learning: The Audit Trail Part 5 - AWS For Personal Use/Learning: Intelligent Threat Detection With everything locked down in the management account and potentially no AWS Organizations cross account role created, how the heck does the account get used without using the root account!

May 27, 2021

Part 1 - AWS For Personal Use/Learning: Secure Multi-Account Setup

This is the first post in what is a multi-part series on some suggestions based on AWS Well-Architected Framework best practices focused on setting up an AWS account(s) for personal use and learning. For other parts in the series see: Part 2 - AWS For Personal Use/Learning: Identity and Access Management Part 3 - AWS For Personal Use/Learning: Account Level Guardrails Part 4 - AWS For Personal Use/Learning: The Audit Trail Part 5 - AWS For Personal Use/Learning: Intelligent Threat Detection The best way to learn is to do.

March 29, 2021

Configuring the AWS CLI

Every time I set up a fresh install of an operating system as a result of a new computer or messing around with different OSes on existing systems, I end up having to set up the AWS CLI from scratch. I have multiple personal AWS accounts to use for learning and running services that I want on a more resilient platform than running them on a server at home. It’s always a pain to find the right doc pages for setting up the CLI with easy MFA assume role, so it’s time to document that here.