#TeraTips

Enhance your Kubernetes security by leveraging KubeSec

LEVEL: BASIC Kubesec is an open-source Kubernetes security scanner and analysis tool. It scans your Kubernetes cluster for common exploitable risks such as privileged capabilities and provides a severity score for each found vulnerability. Security risk analysis for Kubernetes resources. • Take in a single YAML file as input. • One YAML can connect multiple Kubernetes resources. Kubesec is available as: • Docker container image at docker.io/kubesec/kubesec:v2 • Linux/MacOS/Wi

Taking advantage of Terraform’s dynamic blocks

When using Terraform to create and maintain our infrastructure, sometimes we need to define different block properties for our environments. For example, let’s say we use the same module for creating AWS Cloudfront Distributions in our environments, but we only want to apply geographic restrictions to the production environment. To solve this problem we can use Terraform dynamic blocks. In order to apply geographic restrictions to an aws_cloudfront_distribution resource we ne

Cost Optimization on AWS: 10 Tips to Save Money

LEVEL: INTERMEDIATE AWS (Amazon Web Services) is a popular cloud computing platform that offers a wide range of services, including computing power, storage, and databases. While AWS can provide a great deal of flexibility and scalability for your business, it can also come with a significant cost if we don't pay attention or if we try to use the cloud like we used to do in the past with on-prem environments. However, there are many ways to reduce costs on AWS. here we have 1

Monitor your website using CloudWatch Synthetics

LEVEL: INTERMEDIATE “You can use Amazon CloudWatch Synthetics to create canaries, configurable scripts that run on a schedule, to monitor your endpoints and APIs. Canaries follow the same routes and perform the same actions as a customer, which makes it possible for you to continually verify your customer experience.” [1] In this TeraTip, we are going to use a canary for monitoring a specific URL in order to know quickly if the website is up. So, let’s go to configure our can

Create custom Metrics for AWS Glue Jobs.

LEVEL: INTERMEDIATE As you know, CloudWatch lets you publish custom metrics from your applications. These are metrics that are not provided by the AWS services themselves. Traditionally, custom metrics were published to CloudWatch by applications by calling CloudWatch’s PutMetricData API, most commonly through the use of AWS SDK for the language of your choice. With the new CloudWatch Embedded Metric Format (EMF), you can simply embed the custom metrics in the logs that your

Two tools for handling obsolete APIs in k8s

LEVEL: INTERMEDIATE When we use Kubernetes to deploy services, we often find ourselves needing to update their APIs or perform a cluster upgrade. As a good practice, before performing any of these actions, we need to know the status of our current and future APIs, to validate if these actions will not affect the normal function of the applications. For this, today we bring you two tools that will facilitate this task: Kube No Trouble (kubent) and Pluto. APIs. Before continuin

Streamlining Security with Amazon Security Hub: A where to start Step-by-Step Guide

LEVEL: INTERMEDIATE Introduction Amazon Security Hub is a security service offered by Amazon Web Services (AWS) that aggregates and prioritizes security findings from multiple AWS services and third-party security tools, making it easier for customers to manage their security posture. One of the key benefits of using Amazon Security Hub is that it provides a centralized view of security findings from multiple sources. This allows customers to quickly identify and prioritize p

Terraform console

LEVEL: BASIC Terraform console is a tool that provides Terraform to evaluate expressions or debug resources in a state in an interactive way. It’s a very useful ally when we are working with Terraform functions and want to test which is the result before applying, or when you are working with resources or modules for which we are not sure which are outputs and you want to debug what is returned. To use Terraform Console we just need to write the command. Terraform console If

ReInforce the power of your AWS scanning with Trivy

LEVEL: BEGGINNER As we already know, AWS counts with a useful tool to scan our images for vulnerabilities when we push them to our registry. On this TeraTip we are going to add an extra security layer: we are going to make use of an open-source tool called Trivy. Trivy is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues and targets where it can find those issues. Targets (what Trivy can scan): Container Image Filesystem Git Repo

Keeping our S3 buckets safe in transit and in rest

When using AWS S3, our favorite AWS service for keeping static files, we have two ways of uploading objects, by HTTP or HTTPS, when we (or our applications) store files using the HTTP endpoint of S3, all the traffic that we send to S3 travels unencrypted. If we use HTTP instead of HTTPS all requests and responses can be read by anyone monitoring the session so that any malicious actor can intercept the data. Never share your personal data on a website that doesn’t show the fo

1

2 3 4 5