VM-Series Firewall SSH To use WebUI, we need to set an administrator password, for this, need to connect via SSH. After creating instances, it takes 10-15 minutes before the Firewall is initialized and will be available via SSH Connect to the first instance, SSH user – "admin" And execute the following commands: Enter the …
Continue reading "Palo Alto VM-Series Firewall: AWS HA Multi AZ для GlobalProtect – Part 2"
The Palo Alto VM-Series Firewall uses an active/passive configuration for high availability. In which the active firewall constantly synchronizes its configuration and information about active sessions with a similarly configured passive firewall. There are two options for achieving HA on AWS: "Secondary IP Move" and "Dataplane Interface Move". Secondary IP Move If the active …
Continue reading "Palo Alto VM-Series Firewall: AWS HA Multi AZ for GlobalProtect – Part 1"
In order to mount an S3 Bucket as a file system, you need to install s3fs Create a directory to mount: And add the following to "/etc/fstab": Where: "artem-service-bucket:/upload/" – S3 bucket name and the directory inside the bucket to mount "url=https://s3.eu-central-1.amazonaws.com,endpoint=eu-central-1" – the region where the S3 bucket is located "iam_role" – …
Continue reading " S3 – Mounting in Linux"
Goal: Allow public read access for all objects in the S3 bucket only using a VPN connection, objects must be non-public to connect from the world. OpenVPN is used as a VPN service, which can be deployed anywhere, so we will build an allow a rule to check the IP address. First you need …
Continue reading " AWS – S3: Allow public access to objects over VPN"
This script looks for an EBS in the region "eu-west-1" with a tag whose key is "Application" and the value is passed as an argument, creating a snapshot of this EBS. In the same way, it searches for a snapshot by tag and deletes everything except the last one. An example of running to create …
Continue reading " Python – AWS EBS creating snapshots based on a tag and keeping only one latest version"
This script gets a list of all directories in the bucket and deletes all objects in each directory, except for the last "N" specified. To run the script, you need to pass two arguments: Bucket name Number of last stored objects How to use it: main.py:
The answer was taken from gitmemory In order to encrypt an already created EBS Volume, you need to take a snapshot of it. Then, from the created snapshot, create a disk in the same region as the original one, and also specify the KMS key for encryption. Then we save the manifest of the current …
Continue reading " EKS – Encrypt current PV (EBS Volume)"
To automatically generate a "Sign-in URL" to a newly added Control Tower account, you will need the following: create a Lambda function on the master account (the region must be us-east-1 – Virginia, so we will use CloudTrail as a trigger); create a policy that allows you to assign a role and attach it to …
Continue reading " AWS Organization – Automatic adding Sign-in URL for new accounts"
In order to allow read access from the S3 Bucket for all members included in the organization, the following policy must be applied to the S3 Bucket: Where "stackset-lambdas" is the S3 Bucket name and "o-xxxxxxxxxx" is your Organization ID.
This Python script gets a list of all regions, finds EC2 instances, RDS instances and ASG in them, and if there is no "prevent_stop" tag equal to "true" on the resource, then it stops this resource, and in the case of ASG it scaledown it to 0. main.py: List of required permissions to run …
Continue reading "Lambda – For stopping EC2 instances, RDS instances and ASG downscale in all regions"