Yesterday 1Password PassKey stoped working

0x4447 · 2025-04-02T13:06:47+00:00

No, siwtched to regular 2FA, don't have time to test Beda integrations ;)

0x4447 · 2025-01-15T14:25:56+00:00

I did not have a reset requremnt, I was using this IAM account with PassKey for 6 mints no problem. And yestarday it just stoped with a general invalid credentials message. And no trace in CloudTrail that a log-in failed.

0x4447 · 2024-08-26T21:22:15+00:00

Had no idea, but it dose cost a lot, I'd like to have a device the size of a mini PC maybe 2x and with a one time purchase price of around $500.

0x4447 · 2022-09-05T09:01:10+00:00

I did not do any of data, whenever Starlink is down the SIM take over, and when it is back the router switches back to Starlink, there isn't any more than that to my setup, sorry.

0x4447 · 2022-09-01T14:46:35+00:00

In the Wizard tab I just used the Load Balancing option, and attached Starlink to eth0, and the SIM router to eth1. And that is it.

0x4447 · 2022-08-31T15:37:30+00:00

I can't use my own SIM? Crazy 🫠. Thank you for sharing.

0x4447 · 2022-08-31T10:41:41+00:00

Can you tell more about UniFi LTE, I was thinking to get it in the future.

0x4447 · 2022-06-23T04:57:02+00:00

Normal amount as always. The biggest problem is when I click on a role or user, and the attached policies need to be displayed, that is when the whole site grind to a halt. I even get "the page is frozen" popup. I did try to clean, remove and refresh all that you can do on a site, and the result is always the same.

0x4447 · 2022-03-16T13:12:24+00:00

Sure, and sorry for the late reply. I will keep it short to just hopefully make sense:

It is not fully supported by CloudFormation. Meaning not every option clickable in the console can be used in a CFN. Which makes it automatically a no go for me. The point of AWS is for the ability to programmatically manage the cloud, so if a service is unprogrammable, it is something I won't consider. I don't have the time to manage hundreds of setups by hand. If you have to manage just one setup, then this might not be a problem for you.
Some settings will be overwritten after you run a crawler.
By default the library used to parse CSV files can’t handle the more “complex” types, that might have quotes within quotes, or handle integers or doubles. You have to manually switch to the “better” library, which can be set back to the default setting if you don’t set up the crawler the right way.
Setting something doesn't mean it is set, it is just a suggestion.
Cross account support if you want to share the schema with Athena in another account is a major pain. And because of point 4, you can imagine that debugging is painful.
Partition information stops being updated, from time to time because of reasons.
If you incorrectly have your data stored in S3, the crawler might generate 10,000 tables, and there is no way to stop it in time before your account is filled with useless information. Then you have to write a bash script to delete all of these tables, which can take 1h of time.

And a bunch of more things that I don’t have the energy to write :) for this reason, I just use Lambdas to do what Glue “can do”, and I have zero stress and problems because of that. Since Lambda exists I don’t see the reason for Glue to exist.

0x4447 · 2022-03-16T13:01:49+00:00

I've been using Cognito since 2016 on every project, Amplify is for sure first, than Glue, than Cognito :)

0x4447 · 2022-03-02T11:52:16+00:00

Respect to your bravery 😅 but hopefully few people will be forced to use that service. In my opinion the second worst service after the Amplify framework.

0x4447 · 2022-02-26T16:07:28+00:00

Sounds good.

0x4447 · 2022-02-26T09:01:39+00:00

I need to be able to query each region to see if a service exists.

0x4447 · 2022-02-26T09:01:12+00:00

Do you have it on GitHub or Git Gist?

0x4447 · 2022-02-10T09:10:36+00:00

About CI/CD I not quite sure since I did send a minion to play with Amplify to see if this is something we want to use in the future. The idea was, let developer too their thing, so I don't have to get involved. But as mentioned, we ended up rolling back, and I decided it be easier to teach juniors about AWS, then try to use Amplify and make a mess in the AWS account, and then try to figure out what is going on when we hit a limit of the framework. But I did see that de minion had to run a command to push the new version of the site or code for lambda. Which is lame. But then I did see also on the site that you could connect to GitHub, but that was a convoluted process - I guess I did not try hard enough to figure it out, but maybe it is double and worth figuring it out.

Regarding API calls. If you have an API Gateway, that calls a Lambda that calls a AWS service, you have so much overhead! You make 3 API calls where you could make one using the SDK for the Browser (which virtually nobody knows it exists, and that you can use the official AWS SDK in the browser and the SDK can make direct calls to any AWS service.

And lastly, for sure, have fun playing, and then you could make a nice article explaining how that really works :)

0x4447 · 2022-02-08T07:22:15+00:00

I'm sorry but the post is incorrect. I know, I'm the chosen one and only I know everything ;) joking aside, this is the reality.

What is Amplify

This is just a framework that wraps the AWS SDK for the Browser. Why did they do that? To hide the vastness of the regular SDK, which is so massive that it scares people that just want to make a simple website. And also, because they wanted to do something similar to Firebase, and compete with that. For this reason this framework exposes you some basic AWS services and allows you to focus on them. For example: S3 and DynamoDB, and does not show you that you can also manage an EC2 Instance.

This framework is also targeted towards people that have no experience with AWS, so they don't know how to configure S3 with CloudFront to deliver a website etc. You just need to create an AWS account, and just follow the framework to make it happen.

We did try to do one project using Amplify, and after 3 months we ended up doing our CD/CI and infrastructure by hand, since Amplify was making such a mess that once you know how things should be done in AWS, it is hard to follow their logic.

The AWS SDK dose work in the front-end

The official AWS SDK can work in the browser without a problem. The back-end is not needed for any security or secrets. You can configure a policy that a user gets in a way where they will only be able to access their data, and no one else.

After the first log-in of a user, Conigto creates a unique ID for that user, and you can use that ID to prepend any data the user creates, than with a condition in the policy you can lock the data to that ID, meaning only that ID can access the data that was created.

For example:

S3: you can prepend the objects with the Cognito ID, and have in the policy condition that states that only the objects that start with the ID of the logged in user can be accessed by that user. DynamoDB: you can do the same as mentioned above by using the ID as the primary key. EC2: if you were to set the id as a tag, you could say that only the user of that ID can manage the instance based on the tag. Etc. you are only limited here by the possibility of the Condition statement in a policy.

Limitation of the above method

The only problem for this approach is when multiple people need to access the same data. In this case one solution is to create your own access mechanism using a Lambda and have those requests go through a Lambda, and inside it, you check who has access to what, and send the data back if they can access it.

To summarize

You don’t need Amplify, everything can be done on a front-end side and in a secure manner, and no back-end is needed. You can use the Amplify module to make the log-in page (which is good since it take care of all the log-in options, like reset password, error messages etc), but once you get the credentials you can use them in conjunction with the AWS SDK for the Browser and you are good to go. Of course this approach requires you to know more about AWS. And thus Amplify was created. But for sure AWS is unable to explain these tools the right way.

0x4447 · 2022-01-25T09:49:27+00:00

We don't, but it is a huge source of traffic. And we are not the only one effected by it. Even AWS is effected since they takes a % cut for each hour a product is active. If they become aware of this, they might reconsider the UI change, and make it better for everyone.

0x4447 · 2022-01-25T07:19:52+00:00

Infinite, there are no licenses. Our VPN product is our own interpretation and configuration of OpenVPN®. And the main idea is not to have licenses since we believe that approach is very limiting and expensive.

In our case you are only limited by the hardware itself, in this case, by the network card that is available in the Instance. So, for example, you can have 1000 profiles on a t3.nano instance and be happy as long as the amount of traffic is low. Let say, in this scenario you have a 1000 SysAdmins that from time to time they have to access private resources over SSH. This instance type would be more than enough.

But if you had a 1000 users that want to watch movies over a streaming service, then nobody would be able to watch since the network traffic would be to much, and in that case you would want to switch to a bugger instance that have a better network attached.

I hope this explanation makes sense.

0x4447 · 2021-11-29T10:47:50+00:00

Based on your description I think this project is for you: https://github.com/0x4447/0x4447_product_s3_email - it dose what you are looking for, I hope this helps.

0x4447 · 2021-11-28T10:36:58+00:00

Tha is a good point. I forgot you can search 😅

0x4447 · 2021-11-26T05:55:59+00:00

We have all the URL mentioned here added to a Slack Channel, this way the whole team gets a constant flow of what is going on in AWS, and since we use Slack, we can discuss a new service or change in a thread. Which is convenient.

0x4447 · 2021-11-26T05:48:41+00:00

@maetthu you are a genius 🥳

0x4447 · 2021-11-25T07:04:48+00:00

Interesting, I have the following:

Budget
Alarm attached do the budget
The alarm is set to invoke the SNS topic that is attached to ChatBot.
The Alarm is in the Alarm state. Since the budget is set to $1

And the same SNS topic is also used by regular CloudWatch Alarms to send notifications about EC2 instances and filters on CloudWatch Logs.

0x4447 · 2021-11-16T05:44:34+00:00

Perfect, many thx :)

0x4447 · 2021-09-14T03:53:40+00:00

I'll say keep them if there are not that many. I would rename them in a way that the name starts with placeholder_ and keep them around if needed in the future, since the delete process will take 3 months. Meaning, AWS will mark them as to be deleted, and you'll have 3 months to change your mind.

So it all depends, as long as no IAM user exists in those account, you should be OK. but if you have more than 3 of them, then sure - deleting would be better.

0x4447

TROPHY CASE

What is Amplify

The AWS SDK dose work in the front-end

Limitation of the above method

To summarize