pkazi

AbortDocumentVersionUpload
AbortEnvironmentUpdate
AbortMultipartUpload
AbortVaultLock
AcceptAccountMapping
AcceptCertificateTransfer
AcceptDelegate
AcceptDirectConnectGatewayAssociationProposal
AcceptFxPaymentCurrencyTermsAndConditions
AcceptHandshake

jiehan1029

This is the note for AWS course 1 on edX. List selected AWS services in alphabetic order. Course link is here.

Workflow

Building on AWS --

• Create VPC which simulates a local network that contains all your servers and databases.
• Create IAM policy, user/role which has permission to specific AWS services, but not all -- this adds security overall.
• Create S3 bucket (login as specific IAM user) which will be used to store assets.
• Create RDS database instance (login as specific IAM user) as database server.
• Create Cloud9 environment (login as specific IAM user) which is an online IDE that you can build & save your project.
• Create EC2 instance (login as specific IAM user) and deploy the application via user data. This EC2 instance should have corresponding IAM role (to allow EC2 instance to call AWS service) and security group (to allow web t

fntlnz

[[constraint]]
  name = "k8s.io/api"
  version = "kubernetes-1.11.0"

[[constraint]]
  name = "k8s.io/apimachinery"
  version = "kubernetes-1.11.0"

[[constraint]]
  name = "k8s.io/client-go"

hoangtrvu

{
    "options": {
        "domains": [],
        "inputIDs": [],
        "limit": []
    },
    "templates": [
        {
            "issuetype-field": "",
            "name": "DEFAULT TEMPLATE",

seansummers

---
AWSTemplateFormatVersion: '2010-09-09'


Description: Global assets needed for Inventory Discovery


Metadata:

  AWS::CloudFormation::Interface:

pbarker

# currently synced from the GKE profile:
# https://github.com/kubernetes/kubernetes/blob/master/cluster/gce/gci/configure-helper.sh#L735
apiVersion: audit.k8s.io/v1beta1
kind: Policy
rules:
  # The following requests were manually identified as high-volume and low-risk,
  # so drop them.
  - level: None
    users: ["system:kube-proxy"]
    verbs: ["watch"]

tirumaraiselvan

This gist gives instructions to setup a Validating Admission Webhook or Mutating Admission Webhook in Kubernetes.

Heavy credits to

1. https://coreos.com/os/docs/latest/generate-self-signed-certificates.html
2. https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/master/docs/04-certificate-authority.md

Install cfssl PKI

OS X

mateobur

- macro: nginx_consider_syscalls
  condition: (evt.num < 0)

- macro: app_nginx
  condition: container and container.image contains "nginx"

# Any outbound traffic raises a WARNING

- rule: Unauthorized process opened an outbound connection (nginx)
  desc: A nginx process tried to open an outbound connection and is not whitelisted

jhaddix

## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

shortjared

a4b.amazonaws.com
access-analyzer.amazonaws.com
account.amazonaws.com
acm-pca.amazonaws.com
acm.amazonaws.com
airflow-env.amazonaws.com
airflow.amazonaws.com
alexa-appkit.amazon.com
alexa-connectedhome.amazon.com
amazonmq.amazonaws.com