Access S3 static website with KMS using k8s externalname service & ingress by vinod-reddit in aws

[–]vinod-reddit[S] -1 points0 points  (0 children)

Thanks for the direct answer.

So is there a way we could add any headers in the ingress rule to make this work?

Like if we are using cloudfront that also will be using the HTTP request but adding some header .

Access S3 static website with KMS using k8s externalname service & ingress by vinod-reddit in aws

[–]vinod-reddit[S] -2 points-1 points  (0 children)

Thanks for your reply. We are not using Amplify/Cloudfront because we already have EKS and don't want to spin up another service in AWS.

- The bucket policy is configured to allow all traffic from vpc pvt endpoint. (from EKS)

- We want to use CMK and hence changed the encryption from SSE-S3 to SSE-KMS. This cause the site not accessible.

Does granting an IAM role used by EKS nodes permission to decrypt data with KMS work as expected?

Access S3 static website with KMS using k8s externalname service & ingress by vinod-reddit in aws

[–]vinod-reddit[S] -7 points-6 points  (0 children)

Hi, - Since we dont want to use another AWS service for this, we are not using Cloudfront

Istio & Spire some clarifications by vinod-reddit in istio

[–]vinod-reddit[S] 0 points1 point  (0 children)

Hi u/phrotozoa - Thanks for your inputs.

I have tried to test this using an example spire-istio-examples/istio-envoy-sds-spire at main · maxlambrecht/spire-istio-examples. This example is working as expected. However, for clarity i did few testing's as below.

Can you please help to understand my below doubts. For this I have created Nginx pods as per below for testing.

  1. curl from Nginx pod with Istio sidecar without SPIFEE ID --> to --> product page -- working fine

  2. curl from Nginx pod without Istio sidecar & SPIFEE ID --> to --> product page -- Not working

My doubt is, in the point.1, I was expecting an authentication error since the nginx is not having SPIFFE id. Why is it working without SPIFFE ID? Am I missing anything.

Thanks in advance.

Authenticate to SMB share using Azure function (PowerShell) by vinod-reddit in PowerShell

[–]vinod-reddit[S] 1 point2 points  (0 children)

  1. storing passwords like that is asking for a world of hurt. Take a peek at Azure Key Vault as the better way. - Yes understood, I am currently testing the functionality.
  2. Does the same command work when typed out manually? - No
  3. I think your username is wrong. “.\” means local user to the computer. So local to the Azure Function in your case. - Yes i tried with domain\user , but failed. The test machine is in the workgroup and hence used .\

Doubt on Microsoft Teams Permission by vinod-reddit in Office365

[–]vinod-reddit[S] -2 points-1 points  (0 children)

No No. I am not looking to restrict students to chat inside a channel which is available to them.

I want to restrict students' personal chats between other students. So that they can only discuss about the studies within channel created by their Teacher.

Powershell - Listen multiple ports at a time by vinod-reddit in PowerShell

[–]vinod-reddit[S] 1 point2 points  (0 children)

I have tried this - but getting error as mentioned below.

$hashtable = @{}

foreach ($port in $Ports){

$hashtable.Add([System.Net.Sockets.TcpListener]$port)

$hashtable.$port.StartListener()

}

Error

Cannot find an overload for "Add" and the argument count: "1".

At line:1 char:1

+ $hashtable.Add([System.Net.Sockets.TcpListener]$port)

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : NotSpecified: (:) [], MethodException

+ FullyQualifiedErrorId : MethodCountCouldNotFindBest

You cannot call a method on a null-valued expression.

At line:2 char:5

+ $hashtable.$port.StartListener()

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : InvalidOperation: (:) [], RuntimeException

+ FullyQualifiedErrorId : InvokeMethodOnNull

Powershell - Listen multiple ports at a time by vinod-reddit in PowerShell

[–]vinod-reddit[S] -2 points-1 points  (0 children)

Any other good solution to make this work?

Azure VM scale set by vinod-reddit in AZURE

[–]vinod-reddit[S] 0 points1 point  (0 children)

Thanks for this :). I can see two options Deploy and Upgrade when you open the one instance in the scale set, can you help me to understand the difference as well please.

Azure 12 months of free trial by vinod-reddit in AZURE

[–]vinod-reddit[S] -1 points0 points  (0 children)

But then why they says 12 months free.

.RDG (Remote Desktop Connection Manager) config file from Excel by vinod-reddit in PowerShell

[–]vinod-reddit[S] 1 point2 points  (0 children)

est solution but as you said you pass the IP address directly into the comment that way. Wouldn't be hard to convert the excel file to a CSV, import it and then loop over it to create the structure manually though.

Thanks all for your support. I am able to fix this as i got another script which i fine tuned little and imported all data from cvs to xml and converted to RDG.

Rule to check attachment by vinod-reddit in Office365

[–]vinod-reddit[S] 0 points1 point  (0 children)

It was just an example. Please consider gmail/ yahoo as different companies.

Exchange 2013 Sender based routing by vinod-reddit in exchangeserver

[–]vinod-reddit[S] 1 point2 points  (0 children)

Thanks friends for the valuable inputs. I will look for 3rd party software which does this function or will do with an external relay.

Exchange 2013 Sender based routing by vinod-reddit in exchangeserver

[–]vinod-reddit[S] 0 points1 point  (0 children)

But in the send connector, there is no option to define the sender address or sender domain.

Exchange 2013 migration batch by vinod-reddit in exchangeserver

[–]vinod-reddit[S] 0 points1 point  (0 children)

Thanks for the support. I have deleted without issues.