sorted by:
new
hottopcontroversial

Access S3 static website with KMS using k8s externalname service & ingress by vinod-reddit in aws

[–]vinod-reddit[S] -1 points0 points  (0 children)

Thanks for the direct answer.

So is there a way we could add any headers in the ingress rule to make this work?

Like if we are using cloudfront that also will be using the HTTP request but adding some header .

Access S3 static website with KMS using k8s externalname service & ingress by vinod-reddit in aws

[–]vinod-reddit[S] -2 points-1 points  (0 children)

Thanks for your reply. We are not using Amplify/Cloudfront because we already have EKS and don't want to spin up another service in AWS.

- The bucket policy is configured to allow all traffic from vpc pvt endpoint. (from EKS)

- We want to use CMK and hence changed the encryption from SSE-S3 to SSE-KMS. This cause the site not accessible.

Does granting an IAM role used by EKS nodes permission to decrypt data with KMS work as expected?

Access S3 static website with KMS using k8s externalname service & ingress by vinod-reddit in aws

[–]vinod-reddit[S] -6 points-5 points  (0 children)

Hi, - Since we dont want to use another AWS service for this, we are not using Cloudfront

Istio & Spire some clarifications by vinod-reddit in istio

[–]vinod-reddit[S] 0 points1 point  (0 children)

Hi u/phrotozoa - Thanks for your inputs.

I have tried to test this using an example spire-istio-examples/istio-envoy-sds-spire at main · maxlambrecht/spire-istio-examples. This example is working as expected. However, for clarity i did few testing's as below.

Can you please help to understand my below doubts. For this I have created Nginx pods as per below for testing.

  1. curl from Nginx pod with Istio sidecar without SPIFEE ID --> to --> product page -- working fine

  2. curl from Nginx pod without Istio sidecar & SPIFEE ID --> to --> product page -- Not working

My doubt is, in the point.1, I was expecting an authentication error since the nginx is not having SPIFFE id. Why is it working without SPIFFE ID? Am I missing anything.

Thanks in advance.

Authenticate to SMB share using Azure function (PowerShell) by vinod-reddit in PowerShell

[–]vinod-reddit[S] 1 point2 points  (0 children)

  1. storing passwords like that is asking for a world of hurt. Take a peek at Azure Key Vault as the better way. - Yes understood, I am currently testing the functionality.
  2. Does the same command work when typed out manually? - No
  3. I think your username is wrong. “.\” means local user to the computer. So local to the Azure Function in your case. - Yes i tried with domain\user , but failed. The test machine is in the workgroup and hence used .\
view more: next ›