AMI security considerations

-


Disable unsecure applications:-

Disable services and protocols that use clear text authentication.


Minimize exposure:-

Disable non-essential network services on startup.

Disable default services like file sharing, print spooler, and RPC if not needed.


Protect credentials when baking AMIs :-

Delete all AWS and third-party credentials from disk and configuration files.

Delete all user SSH public and private key pairs.

Remove and disable passwords for all user accounts.

Comments

Post a Comment

Popular posts from this blog

How to upload bulk Email alias in Google Workspace

-
Image
  Prerequisites-  1) You should have superadmin privilege 2) GAM tool download it from below link https://github.com/GAM-team/GAM/releases After configuration GAM tool (Followed the screen instructions ). Prepare your data sheet and upload file with 1 or 2 records. if this goes success then you can upload whole data. gam csv raghvendra.csv gam create alias ~alias user ~user  (user- primary email id) field will be like this user- xyz.com and in alias -second second email ids
Read more

Deploying App through AWS EKS by using ingress and fargate

-
Image
 1.Create cluster Command-  eksctl create cluster --name demo-cluster --region us-east-1 --fargate (15 to 20 min) 2. Once cluster is ready check if it is visible in EKS 3. aws eks update-kubeconfig --name demo-cluster --region us-east-1 output- Added new context arn:aws:eks:us-east-1:533267033126:cluster/demo-cluster to C:\Users\Raghvendra Singh\.kube\config 4. creating fargate profile Command (linux)- eksctl create fargateprofile \          --cluster demo-cluster \          --region us-east-1 \          --name alb-sample-app \          --namespace game-2048 windows- eksctl create fargateprofile --cluster demo-cluster --region us-east-1 --name alb-sample-app --namespace game-2048 5. Application deployment- kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/examples/2048/2048_full.yaml 6. After deploying this app, run few c...
Read more

How to save git token key to avoid again and again put manually

-
  To avoid entering your Git token key manually every time, you can use Git's credential helper to save and cache your credentials. The following steps outline how to set it up: 1.Open a terminal or command prompt. 2. Set up the Git credential helper by running the following command: git config --global credential.helper cache This command configures Git to use the cache credential helper, which will store your credentials in memory for a certain period of time. 3.Set the cache timeout (optional): git config --global credential.helper 'cache --timeout=3600' This command sets the cache timeout to 3600 seconds (1 hour). After this period of inactivity, Git will prompt you to enter your credentials again. 4.The next time you interact with a remote Git repository that requires authentication, enter your username and password (or token) as you normally would. Git will cache these credentials for the specified timeout period. From now on, you won't have to enter your Git toke...
Read more