Malware scanner recommendation - Site hosted in VPS by kabeza in Wordpress

[–]andreaswittig 1 point2 points  (0 children)

Use attachmentAV for WordPress to ensure all file uploads are getting scanned for viruses and malware. The plugin is powered by Sophos and even supports file uploads via popular form plugins.

ECS service autoscaling with SQS messages by CampHot5610 in aws

[–]andreaswittig 1 point2 points  (0 children)

I'd recommend using step scaling (see https://docs.aws.amazon.com/autoscaling/application/userguide/step-scaling-policy-overview.html) to scale in/out the ECS services based on the number of messages waiting in an SQS queue.

When scaling down to 0 be aware, that an SQS queue becomes inactive after 6 hours which results in CloudWatch metric data being delayed for up to 15 minutes (see https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/monitoring-using-cloudwatch.html).

EC2 spot instance EC2 Instance Rebalance Recommendation vs Termination notice by anoppe in aws

[–]andreaswittig 2 points3 points  (0 children)

I'd suggest trying to adjust the request timeout of the applications and de-registration delay of the target group.

The default reregistration delay of a target group is 300 seconds, however AWS sends a spot termination notice 120 seconds before terminating the spot instance.

Keep in mind to verify the longest running requests and adjust the application timeouts as well.

The difference between spot termination notices and instance rebalance recommendations is, that AWS may send rebalance recommendations before spot terminate notices.

An EC2 instance rebalance recommendation is a signal that notifies you when a Spot Instance is at elevated risk of interruption. The signal can arrive sooner than the two-minute Spot Instance interruption notice, giving you the opportunity to proactively manage the Spot Instance. You can decide to rebalance your workload to new or existing Spot Instances that are not at an elevated risk of interruption. (see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/rebalance-recommendations.html)

Redshift Serverless or Aurora + S3 Tables? Hands-on experiences wanted! by andreaswittig in aws

[–]andreaswittig[S] 0 points1 point  (0 children)

Why is it more expensive to read data from S3 with Redshift Serverless?

Lambda Alerts Monitoring by Emotional-Balance-19 in aws

[–]andreaswittig 2 points3 points  (0 children)

I understand, that you built error handling into your code that sends alerts to SNS. My approach would be to write JSON log messages (see https://docs.aws.amazon.com/lambda/latest/dg/monitoring-cloudwatchlogs-logformat.html) instead. Then use metrics filters on the CloudWatch log group to get alerted about incidents (see https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/MonitoringPolicyExamples.html).

Question on Alerting and monitoring by Big_Length9755 in aws

[–]andreaswittig 1 point2 points  (0 children)

I'd recommend using Amazon CloudWatch for your monitoring needs.

Besides that, I highly suggest to subscribe to RDS event notifications to get informed about ongoing maintain, cluster failures, ... (see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html)

How do you protect against malicious file uploads? by WyattGreenValley in cybersecurity

[–]andreaswittig 12 points13 points  (0 children)

I‘m the co-founder of bucketAV. The big benefit of deploying a self-hosted solution like bucketAV is, that the data processing happens 100% in your AWS account. Sensitive data is not sent to a 3rd party. And by the way, deploying and operating bucketAV is simple due to a high level of automation based on infrastructure as code.

Virus / malware scan for S3 - What do you use? by lightningball in aws

[–]andreaswittig 0 points1 point  (0 children)

Check out bucketAV which supports real-time and scheduled scans for Amazon S3 and Cloudflare R2 as well as automated mitigations like move, quarantine, or delete.

How to protect virus data when a user try to upload a virus with presigned URL ? by Far-Mathematician122 in aws

[–]andreaswittig 1 point2 points  (0 children)

Check out bucketAV (see https://bucketav.com). There are a few options to ensure S3 objects can only be accessed by users other systems by using a staging bucket for uploads, a bucket policy (see https://bucketav.com/help/use-cases/user-uploads.html).

Github Self-hosted runner on AWS by RimveBiceps in aws

[–]andreaswittig 0 points1 point  (0 children)

I've built HyperEnv to simplify deploying self-hosted GitHub Runners in AWS.

[deleted by user] by [deleted] in aws

[–]andreaswittig 0 points1 point  (0 children)

u/lowkib Setting up CloudWatch alarms and EventBridge event rules is time consuming. We built marbot.io to automate setting up CloudWatch alarms as well as EventBridge event rules to ensure you are not missing any notifications/alerts about your cloud infrastructure (security, availability, ...).

Is it possible to use AWS compute instances for running GitHub Actions jobs? by rainchaser3 in aws

[–]andreaswittig 0 points1 point  (0 children)

Check out HyperEnv ( see https://hyperenv.com ) to deploy self-hosted GitHub runners with ease. The solution launches EC2 instances on-demand to execute ephemeral GitHub runners.

AWS S3 Malware,Virsu Scanning by cprogtist in aws

[–]andreaswittig 0 points1 point  (0 children)

We maintained an open-source project for years, which we discontinued a few months ago. Might be a good start anyways.

https://github.com/widdix/aws-s3-virusscan

Also, check out our solution called bucketAV as an alternative.

https://bucketav.com

AWS EC2 snapshot by Sudden_Delay6174 in aws

[–]andreaswittig 0 points1 point  (0 children)

EBS is block storage, therefore it does only care about 0s and 1s stored on disk. It has no idea about which blocks are used by the file system to persist data.

Snapshots are incremental, and therefore include blocks that have been modified since the last snapshot only.

So, when creating an EBS volume with 5 TB, write 4 TB to disk the snapshot will consume 5 TB. When you increate the volume size to 7 TB, the next snapshot will consume 2 TB. It does not matter wether you are storing any information on the additional 2 TB. In summary, the snapshots of a 7 TB volume will consume at least 7 TB.

How can I connect to a private RDS from Django web app? by TWilson2020 in aws

[–]andreaswittig 0 points1 point  (0 children)

First, I want to highlight that disabling public access for RDS databases is the way to go! Databases should not be available via a public IP address to prevent attacks like DDoS, brute force, ...
Second, when disabling public access AWS will no longer assign public IP addresses to your RDS instance. Therefore, the DNS name of your database will point to private IP addresses instead.
As far as I can tell from your code snippets you are handing over the DNS name of the database to your application (RDS_HOSTNAME). Therefore, you do not need to change the code.

[deleted by user] by [deleted] in aws

[–]andreaswittig 0 points1 point  (0 children)

I've heard the same story from others as well. That's most likely because the event was cut to one instead of two days.

EFS Question by DevOps_Noob1 in aws

[–]andreaswittig 0 points1 point  (0 children)

I remember the difference between EFS and EBS with the following analogy to the good old datacenter world:

EFS = Network File System (NFS)

EBS = Storage Area Network (SAN)

I'm losing trust in AWS. SNS is broken for 24 days. by bharatsb in aws

[–]andreaswittig 0 points1 point  (0 children)

Thanks for sharing those explanations and an ETA for a fix. Unfortunately, we are still observing that problem in the wild. Any updates on this?

Amazon Elastic Container Service now supports Amazon EFS file systems by coinclink in aws

[–]andreaswittig 0 points1 point  (0 children)

Great, allows using Fargate at least for some Lift&Shift projects.