AWS: Boto3 & Documentions




There are more than 200 services provided by AWS and they have very user friendly interface. Due to this reason the outreach of these technologies were increasing Day by day. AWS works on a shared responsibility model. As the name suggests that both AWS and the customer or client are responsible for the service they use in organization or individual or enterprise accounts. While initiating the service they ask the customer for the configuration changes and any third party involvement. Let me clear up what this means AWS is responsible for the physical and also environmental status of their data center where our data is stored and the various services around the world. And the customers are responsible for the configuration of the service which they are using.

--Hence the security within the cloud infrastructure is customer or client responsibility and outside the cloud infrastructure like servers, data center they AWS's responsible for AWS.


--While enabling various configurations in the custom service customer sometimes makes errors of judgment. Like not enabling deletion protection in ELBv2 - Elastic load balancer v2 is not protected with accidental deletion.

So for that various guidelines are created by the organization or enterprise to follow. Those guidelines were called configuration or the cloud security guidelines. The Cyber cloud security engineer or SecOps engineer reviews and makes it official in the guidelines to follow the procedure while using a particular service like EC2. 

DevSecOps is the term used for a person who is using programmatic language for automation or automatic remediation,  Legacy reviews, NTI reviews etc.



Case study : Config Rule Service and Boto3

Configuration rule or config rule

Config rule is one the AWS services which are provided for the proper identification for the complaint and non compliant resources. Config rules are of two types: Managed config rule and Custom config rule.

Managed config rule is the rule which is provided by the AWS and the custom one is the one we are scripting it.

For example Managed config rule

— alb-http-to-https-redirection-check

https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html

It will check if HTTP to HTTPS redirection is configured on all HTTP listeners of Application Load Balancers. The rule is non compliant if one or more HTTP listeners of Application Load Balancer do not have HTTP to HTTPS redirection configured. The rule is also non-compliant if one or more HTTP listeners have forwarding to an HTTP listener instead of redirection.

For this we just require the name for the implementation and formatting it in json format

  • {

"Version":"1.0",

"Parameters":{

"Rulename":<<Config Rule name>>,

"SourceRunTime":null,

"CodeKey":null,

"Inputparameters":{}

"OptionParameter":{},

"SourcePeriodic":24,

//We write the config rule name here//

"SourceIdentified": "alb-http-to-https-redirection-check',

"RuleSets"[]

},

"Tags":[]

}

Example Custom config rule

  • In this case the config rule is not provided by AWS. Instead of the Managed documentation we look at the Boto3 documentations

Boto3 documentations 

– Link- https://boto3.amazonaws.com/v1/documentation/api/latest/index.html

AWS provide API reference Id to create our own config rule or auto remediation scripts

For ELBv2 service

import boto3

client = boto3.client('elbv2')

Python script is required to access the resources configurations and other functionalities

Client the object which is used to retrieve the data and invoking the methods present in the ELBv2 class

 

Will discuss the EC2 case study with require tags example and continue boto3 documentation and how to implement the Python Script auto remediation next week's Blog.


Thank You


Comments

Post a Comment

Popular posts from this blog

Data analysis with R

Image
Data analysis with R is a powerful approach, making it a popular choice among statisticians and data scientists. Example of data analysis using R, utilizing a dataset of student exam scores. Firstly, we need to import the dataset into R. Assuming our dataset is in a CSV file named "scores.csv," we can use the `read.csv` function: # Read the dataset data <- read.csv("exam_scores.csv") # Display the first few rows of the dataset head(data) # Summarize the dataset summary(data) # Calculate the average score average_score <- mean(data$Score) To visualize the distribution of scores, we can create a histogram: # Create a histogram hist(data$Score, main = "Exam Score Distribution", xlab = "Score") We can create a scatter plot: # Create a scatter plot plot(data$StudyHours, data$Score, main = "Study Hours vs. Exam Score", xlab = "Study Hours", ylab = "Score") These are just the basics; R offers a wide range of packages
Read more

Machine learning in Python

Image
Python has become a cornerstone in the field of machine learning due to its simplicity, versatility, and extensive ecosystem of libraries and frameworks. Python's syntax is easy to understand, making it accessible for beginners while powerful enough for experts. Key libraries like NumPy, pandas, and SciPy provide robust tools for data manipulation and analysis, which are crucial in preparing datasets for machine learning tasks. Frameworks such as TensorFlow, PyTorch, and scikit-learn simplify the implementation of machine learning algorithms. TensorFlow and PyTorch are particularly popular for deep learning applications, offering extensive support for building and training neural networks. Scikit-learn is widely used for more traditional machine learning methods, providing a user-friendly interface for implementing a range of algorithms from regression to clustering. Moreover, Python’s integration with Jupyter Notebooks facilitates interactive coding, visualization, and documentati
Read more

AWS: Config Rule & Compliance Check

Image
What is Config Rule? -- A config rule, also known as an AWS Config rule, is a customizable, automated process that evaluates the configuration of resources within an Amazon Web Services (AWS) account. The rule checks whether the resources conform to the desired configuration, and reports back on any discrepancies. Config rules can be used to ensure compliance with industry standards, security best practices, and company policies. -- To create a config rule, the user defines a set of conditions or constraints that must be met for the resource to be considered compliant. These conditions are specified using AWS Lambda functions, which can be written in Python. -- The Lambda function is triggered by the AWS Config service, which calls the function whenever a new resource is created, modified, or deleted. The function then performs the necessary checks, and returns a response indicating whether the resource is compliant or not. What are the functionality of the Config Rule? -- Config rules
Read more