Ayyappu MK

WAF: WAF is a global service like CloudFront, Route 53, SES, IAM.  It’s a Web Application Firewall to protect Web apps/APIs.  You can allow/block requests based on request properties.  WAF can be administered using AWS Firewall Manager (across multiple accounts and resources).  AWS Shield Advanced can be integrated with AWS WAF.  WAF comes free with Shield Advanced.  With WAF + CloudFront, the rules will run in Edge locations (security + performance).  With WAF + regional resources like ALB/APIGW/AppSync/Cognito User Pools, the rules will run in the region (internet-facing/internal resources are protected).  WAF can block XSS and SQL Injection attacks but can’t withstand DDoS attacks (use WAF’s Web ACL rate-based rules + AWS Shield Advanced for DDoS attacks).  WAF can mitigate application layer DDoS attacks.  WAF’s Web ACL has two types of rules – regular and rate-based.  You can’t do rate limit in the regular rule (but can add cond...

Run the following commands (from Ubuntu): 1. Add the following in ~/.aws/config file: [profile sso] sso_start_url = <SSO-Start-URL> sso_region = <AWS-Region> sso_account_id = <12-digit-AWS-Account-Number> sso_role_name = <SSO-Role-Name> 2. Run the following command: aws sso login --profile sso 3. You will be redirected to the browser --> Login --> Allow --> Close the browser 4. Install aws-sso-creds : brew tap jaxxstorm/tap brew install aws-sso-creds 5. Run the following command: eval $(aws-sso-creds export --profile sso) 6. Check the current profile: aws sts get-caller-identity .

Run the following AWS CLI commands: $ aws ec2 run-instances --image-id <Id-of-AMI-with-SSM-Agent-pre-installed> --subnet-id <subnet-id> --instance-type <instance-type> --associate-public-ip-address $ aws iam create-role --role-name <role-name> --assume-role-policy-document '{"Version":"2012-10-17","Statement":{"Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"},"Action":"sts:AssumeRole"}}' Note: The command above has inline JSON. Run such commands only from bash (not from cmd/powershell). $ aws iam attach-role-policy --role-name <role-name> --policy-arn <ARN-of-AmazonSSMManagedInstanceCore-Policy> $ aws iam create-instance-profile --instance-profile-name <instance-profile-name> $ aws iam add-role-to-instance-profile --role-name <role-name> --instance-profile-name <instance-profile-name> $ aws ec2 associate-iam-instanc...