느리지만 꾸준히 하는 나는 거부기

1. AWS 설정 2. 서버배포 3. 사용자 4. 어디와 통신을 하는가? 5. 왜 SUDO를 통해 관리하는가? 6. 편리함 외에 보안적인 이점이 있는지? 7. 추가로 있어야 하는 것들(이지만 당장 불가능... 공부도 해야되는데 ㅠ) 서버 배포 테라폼코드 GitHub - cjsrkd3321/cloud-security-platform-web-with-steampipe: cloud-security-platform-web-with-steampipe cloud-security-platform-web-with-steampipe. Contribute to cjsrkd3321/cloud-security-platform-web-with-steampipe development by creating an account on..

IAM을 만들기 특히나 어려운 상황중 하나가 바로 "콘솔"로 접근을 허가해줘할때이다. 예를들면 logs:DescribeLogGroups를 보자. 우리가 아래와 같은 정책에 기대하는건 "특정 로그그룹이 아니면 deny 해주세요." 이다. { "Effect": "Deny", "Action": [ "logs:DescribeLogStreams" ], "NotResource": [ "arn:aws:logs:ap-northeast-2:*:log-group:specific-log-group" ] }, 하지만 콘솔에서의 현실은? User: arn:aws:iam::*:user/1234 is not authorized to perform: logs:DescribeLogGroups on resource: arn:aws:lo..

배경 시작은 오류 메세지였다. Some controls have been disabled because you are missing the correct permission(s). The missing permission(s) are: aws-marketplace:ViewSubscriptions, aws-marketplace:Subscribe. 1. AWS MarketPlace에서 특정 제품을 구독하기 위해 'Continue to Subscribe' 버튼을 눌렀더니 아래와 같이 메세지가 나왔다. 2. 그 동안 클라우드 경험상 이건 분명 저 권한이 없기 때문에 뜬건 아닌 것 같다는 느낌이 들었고, 역시나 난 Administrator였다. 3. cloudtrail도 찾아보고(해당 리전에서 안나오면 글로벌 서..

aws를 feedly를 통해서 다양한 소식들을 보곤하는데 엄청난걸 봐버렸다. https://aws.amazon.com/ko/blogs/security/how-to-enable-secure-seamless-single-sign-on-to-amazon-ec2-windows-instances-with-aws-sso/ How to enable secure seamless single sign-on to Amazon EC2 Windows instances with AWS SSO | Amazon Web Services Today, we’re launching new functionality that simplifies the experience to securely access your AWS compute ins..

1. Guardrail : Disallow deletion of log archive { "Version": "2012-10-17", "Statement": [ { "Sid": "GRAUDITBUCKETDELETIONPROHIBITED", "Effect": "Deny", "Action": [ "s3:DeleteBucket" ], "Resource": [ "arn:aws:s3:::aws-controltower*" ], "Condition": { "ArnNotLike": { "aws:PrincipalARN":"arn:aws:iam::*:role/AWSControlTowerExecution" } } } ] } 2. Guardrail : Disallow Changes to Encryption Configurat..

에드센스에서 위에 계속 같은 내용을 붙여놓으니까 통과가 안되는 것 같아 없애버렸습니다 흑.. 1.14 Ensure access keys are rotated every 90 days or less

aws cli 버전 : aws-cli/2.1.11 Python/3.7.9 Windows/10 exe/AMD64 prompt/off python 버전 : 3.8.5 CIS Benchmark 다운로드 링크 : www.cisecurity.org/blog/foundational-cloud-security-with-cis-benchmarks/ Blog | Foundational Cloud Security with CIS Benchmarks Implementiong foundational cloud security systems to harden environments protect against cyber-attacks and misconfiguration. www.cisecurity.org 에드센스가 안붙네요...

aws cli 버전 : aws-cli/2.1.11 Python/3.7.9 Windows/10 exe/AMD64 prompt/off python 버전 : 3.8.5 CIS Benchmark 다운로드 링크 : www.cisecurity.org/blog/foundational-cloud-security-with-cis-benchmarks/ Blog | Foundational Cloud Security with CIS Benchmarks Implementiong foundational cloud security systems to harden environments protect against cyber-attacks and misconfiguration. www.cisecurity.org 실수로 1.12를 건..

aws cli 버전 : aws-cli/2.1.11 Python/3.7.9 Windows/10 exe/AMD64 prompt/off python 버전 : 3.8.5 CIS Benchmark 다운로드 링크 : www.cisecurity.org/blog/foundational-cloud-security-with-cis-benchmarks/ Blog | Foundational Cloud Security with CIS Benchmarks Implementiong foundational cloud security systems to harden environments protect against cyber-attacks and misconfiguration. www.cisecurity.org IAM 유저가 콘솔 ..

aws cli 버전 : aws-cli/2.1.11 Python/3.7.9 Windows/10 exe/AMD64 prompt/off python 버전 : 3.8.5 CIS Benchmark 다운로드 링크 : www.cisecurity.org/blog/foundational-cloud-security-with-cis-benchmarks/ Blog | Foundational Cloud Security with CIS Benchmarks Implementiong foundational cloud security systems to harden environments protect against cyber-attacks and misconfiguration. www.cisecurity.org IAM(Identit..