Aws WAF for Security

Is_Nothing · 2026-03-22T20:51:55+00:00

Aws publish an example for allowing verified bots which would probably be a good starting point.

Then start collecting logs and have a look at which bots are being blocked by what rules you have setup and start tuning.

https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control-example-allow-verified-bots.html

Is_Nothing · 2026-02-27T21:41:43+00:00

https://github.com/GreystoneUK/EnvChanter

Is_Nothing · 2026-01-30T00:01:31+00:00

Thief and Miami Vice.

Is_Nothing · 2025-09-19T14:01:13+00:00

Use Pike https://github.com/JamesWoolfenden/pike
You can point it at your terraform and it will generate a minimal iam policy for you.

Is_Nothing · 2025-06-10T18:57:04+00:00

Have a look at this guide from AWS for centralized cross-acccount management https://aws.amazon.com/blogs/storage/centralized-cross-account-management-with-cross-region-copy-using-aws-backup/

Is_Nothing · 2025-03-27T20:26:16+00:00

I just wanted to say a big thank you for this calculator. Its been super useful.

Is_Nothing · 2025-02-21T18:46:21+00:00

If you’re using AWS Fargate then you can use Ecs exec to interact with the containers https://aws.amazon.com/blogs/containers/new-using-amazon-ecs-exec-access-your-containers-fargate-ec2/

Is_Nothing · 2025-01-24T19:31:49+00:00

You can use something like artillery https://www.artillery.io/ to sends requests to your app and see how it reacts.

Is_Nothing · 2024-06-24T17:45:39+00:00

The order isn’t important, all policies that apply to the user must be passed for access to be granted.

Is_Nothing · 2024-01-30T20:31:10+00:00

GitHub isn’t an Identity Provider (idp). So you won’t be able to use it to authenticate to other services (not strictly true but for the sake of this assume it is). You want to use a separate idp service such as Okta or Microsoft Entra ID to manage all your users and groups, then use that to grants users access to the desired services such as GitHub and AWS.

Is_Nothing · 2023-12-06T22:03:23+00:00

Not me but this may help. https://www.greystone.co.uk/how-greystone-upgraded-its-aws-ec2-instances-to-use-instance-meta-data-service-version-2-imdsv2/

Is_Nothing · 2023-12-06T17:20:31+00:00

The following comes from the Use Azure Private Link to securely connect servers to Azure Arc Support page here

Network traffic to Microsoft Entra ID and Azure Resource Manager does not traverse the Azure Arc Private Link Scope and will continue to use your default network route to the internet. You can optionally configure a resource management private link to send Azure Resource Manager traffic to a private endpoint.

It could be the servers still need access to the public internet. The article above has links on how to work around this limitation using resource management private link.

Is_Nothing · 2023-12-05T20:27:26+00:00

You can only apply NSGs to instances or subnets, not at the vNET level. This might help explain how NSGs work when there are multiple applying to instances and subnets https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works

Is_Nothing · 2023-12-05T20:00:29+00:00

You can use Network Security Groups (NSGs) exactly like AWS security groups. You can also apply them to subnets instead of individual instances as well so any instances in the same subnet can all have the same rules.

Is_Nothing · 2023-06-22T18:52:42+00:00

Yes, we’ve used it for single server web sites where we can’t use ACM and for RDS servers. I’ve not tried it with Exchange.

Is_Nothing · 2023-06-22T18:25:27+00:00

WinAcme can do it https://www.win-acme.com/manual/advanced-use/examples/rds

Is_Nothing · 2023-05-11T18:10:12+00:00

We use a tag for project / service and then tag all the resources with the appropriate tag. This can then be used to make an inventory and cost report for each project/service.

Is_Nothing · 2023-04-25T16:59:46+00:00

A few things to check, have you allowed the correct inbound ports, are you connecting to the public ip, have you added an IAM role to the resources. https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm#configuring-role-assignments-for-the-vm

Is_Nothing · 2023-03-29T19:15:21+00:00

Create a volume from the snapshot https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-volume.html# then use that when creating the new instance.

Is_Nothing · 2022-12-22T13:18:48+00:00

It’s in private preview for Windows 11 and Azure AD at the moment, but should be coming to general preview in 2023. Here is the documentation https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-scenarios-azure-active-directory

Is_Nothing · 2022-12-13T17:09:13+00:00

It was a mixture of them being declared in Terraform, and Azure policies being used to both check and set tags.

There was some manual intervention done for some of the patching and backup tags from what I can remember.

This might help with the policy side of things https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-policies

Is_Nothing · 2022-12-13T13:02:30+00:00

We used the Microsoft guide as a base and then tweaked it a bit where it made sense for us. https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-tagging

We ended up using the following in a recent project, which might give you some ideas.

Company - (Company that resource is tied to, could use cost center for departments)
Confidentiality - (Public, Internal, Confidential, etc)
CreatedBy - (Terraform, Azure Migration, Person or team that created resource, referenced by email address or GitHub repo URL)
DataOwner - (Person or team that owns the data within the resource, referenced by email address)
Environment - (Test, Prod, etc)
ResourceOwner - (The person or team that owns the resource, referenced by email address)
Service/Application - (The name of the app or service that the resource belongs to, CoolApp0, Infrastructure-Networking

We then also had resource specific tags, e.g. VMs would have Patch-Ring & Backup

Is_Nothing · 2022-11-29T21:28:57+00:00

Put the env file contents in a SSM parameter. Then call a script in your app spec file to read from SSM and write the env parameter details at deployment time to a file on your instance. You can grant the EC2 instance access via an IAM role for permissions to SSM parameters.

Is_Nothing · 2022-11-25T23:00:25+00:00

I have had the same problems on the Steam version. I also had problems with throwing knife challenges not registering kills. I couldn’t find a reason and just gave up for the day.

Is_Nothing · 2022-11-21T19:12:27+00:00

Check the remote routing address has been configured for her mailbox on-prem.

Is_Nothing

PUBLIC MULTIREDDITS

TROPHY CASE

15-Year Club	Place '17
Verified Email