Problem scenario
You are now an AWS administrator for an existing company. You want to find out what the password requirements are (e.g., minimum length, maximum duration, complexity requirements etc.) for IAM users. What do you do to find the minimum length?
Solution
Log into the AWS console. Go to IAM -Account Settings.
…
Continue reading “How Do You Find the Minimum Password Length in AWS?”
Problem scenario
You are now administering an AWS account. You have the AWS CLI installed and configured. How do you find out what Security Group IDs there are?
Solution
Run this command:
aws ec2 describe-security-groups | grep -i groupid
…
Continue reading “What is the AWS CLI Command to Show the Security Group IDs?”
Problem scenario
You want to create a CMK in Amazon web servers. What do you do?
Solution
Use Secrets Manager with Amazon’s Key Management Service.
1. Log into the AWS console.
2. Go to “Key Management Service”
3. Click on “Create key”
4. Enter an “Alias”. Normally you won’t click on the “Advanced options” unless you have a special reason.
…
Continue reading “How Do You Create a Customer Master Key in AWS?”
Question
A CMK is an encryption key. In Amazon Web Services, for CMKs (Customer Master Keys) in KMS (Key Management Service), what is the difference between administrative permissions and key usage permissions?
Answer
Usage permissions enable (either IAM users or roles) to encrypt and decrypt data with the AWS KMS API.
Administrative permissions for a CMK allows either an IAM user or role to give usage permissions to other IAM users or roles through the API (and sometimes the web console).
…
Problem scenario
You try to store a secret, but you see this message:
“Your secret was created successfully but configuring rotation has failed
Secrets Manager cannot invoke the specified Lambda function. Ensure that the function policy grants access to the principal secretsmanager.amazonaws.com. “
What do you do?
Solution
Try this posting.
…
Problem scenario
You try to use PuTTY to connect to a Linux CentOS 6.x server. You get the message “Network error: Connection refused.” What should you do?
Solution
Prerequisite
This assumes that there is no software or hardware firewall blocking port 22. You may want to use nmap or a Windows PowerShell port tester to verify port 22 is open.
…
Continue reading “How Do You Configure Linux CentOS 6.x to Accept SSH Connections?”
Problem scenario
In AWS you manually added a Security Group rule for the source of a given IP address. This IP address is either the internal or external IP address. You can ping one of them (either the internal or external IP address). Why cannot you ping each IP address?
Solution
Check to see if a firewall is running on the Linux server.
…
Problem scenario
You want to create and save an application-level secret in AWS. What do you do?
Solution
Use Secrets Manager.
Procedures
- Log into the AWS console.
- Go to “Secrets Manager”
- Click “Store a new secret”
- For the secret type choose “Other type of secrets”.
- For the left-most field,
…
Continue reading “How Do You Create and Store an Application-Level Secret on the AWS Cloud?”
Problem scenario
You have a server that has run SSH to connect to other servers. You want to remove the fingerprints so the ECDSA key fingerprint will challenge a user to continue connecting. What do you do?
Solution
Run this command where x.x.x.x is the IP address or hostname of the server whose finger print should be removed: ssh-keygen -R x.x.x.x
If you used a hostname with the SSH comands,
…