How Do You Troubleshoot the Error “An error occurred (InvalidParameterException) when calling the CreateNodegroup operation: The provided nodeRole is invalid.”?

0 Comments

Problem scenario
From the AWS CLI you try to create a node group. But you get this error: “An error occurred (InvalidParameterException) when calling the CreateNodegroup operation: The provided nodeRole is invalid.”

Solution
The above can happen when you use a role’s name but not the ARN string (such as arn:aws:iam::123456:role/foobar). Use the ARN string of the role instead of what you were using.

Continue reading “How Do You Troubleshoot the Error “An error occurred (InvalidParameterException) when calling the CreateNodegroup operation: The provided nodeRole is invalid.”?”

How Do You Attach a Lambda Function to a VPC?

0 Comments

Problem scenario
When trying to attach a Lambda function to a VPC, you get an error like this: “The provided execution role does not have permissions to call CreateNetworkInterface on EC2”

What should you do?

Solution
1. Go to IAM and create a policy. Use the JSON editor. Use these settings (taken from StackOverflow):

{
“Version”: “2012-10-17”, …

Continue reading “How Do You Attach a Lambda Function to a VPC?”

How Do You Use the AWS CLI to Return IAM Information with the AssumePolicyDocument Nested JSON?

0 Comments

Problem scenario
You want to craft an AWS CLI command to return the principal services of your IAM roles. You want the name and the ARN values of the roles to be printed along with the principal services. You the principal services data is in the AssumePolicyDocument. Your previous attempts have returned “None” for this value. What do you do?

Solution
Run a command like this:

aws iam list-roles –output text –query ‘Roles[*].[RoleName,Arn,AssumeRolePolicyDocument.Statement[*].Principal]’ …

Continue reading “How Do You Use the AWS CLI to Return IAM Information with the AssumePolicyDocument Nested JSON?”

What Are Eight Ways of Rotating AWS IAM Keys?

0 Comments

Problem scenario
You want to rotate AWS IAM keys across a unique set of different AWS accounts. Regular rotation is a recommended practice for securing your AWS resources (per this Amazon posting). Just as passwords can be brute-forced and defeated through exhaustive attempts, access keys could be randomly generated and attempted via a malicious person or program; rotating the access keys can make hacking your AWS resources tremendously more difficult.

Continue reading “What Are Eight Ways of Rotating AWS IAM Keys?”

How Do You Harden a Website Application?

0 Comments

Problem scenario
You want to ensure you web application is protected from buffer overflows, injection attacks and other vulnerabilities that could reveal sensitive information. How do you harden a website application and follow security recommended practices?

Possible Solution #1
Endeavor to prevent injection attacks. Minify the website application by not allowing file uploads and limit POST requests to 2 MB (page 28 of Node.js Security by Liran Tal).

Continue reading “How Do You Harden a Website Application?”

How Do You Connect over Port 5986 on a Windows Server?

0 Comments

Problem scenario
Port 5986 is blocked from your Linux server to your Windows server. You have used the nmap command and see that it is filtered. You believe there are no intermediate firewalls or OS firewalls blocking this port. What should you do?

Solution
This assumes you have no firewall blocking port 5986 for incoming connections to the Windows server. nmap will report 5986 is filtered despite there being nothing blocking this port if wsman’s listener has not been properly configured.*

  1. Run this script on the Windows server:

$hostName = $env:COMPUTERNAME
$serverCert = New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName $hostName
Export-Certificate -Cert $serverCert -FilePath c:\vagrant\PsRemoting-Cert1.cer
Get-ChildItem c:\vagrant\PsRemoting-Cert1.cer
Enable-PSRemoting -Force
New-Item -Path WSMan:\localhost\Listener\ -Transport HTTPS -Address * -CertificateThumbPrint $serverCert.Thumbprint -Force

  1. That is it.

Continue reading “How Do You Connect over Port 5986 on a Windows Server?”

How Do You Troubleshoot “ssh connect to host x.x.x.x port 22: Connection refused”?

0 Comments

Problem scenario
You get “ssh connect to host x.x.x.x port 22: Connection refused” when trying to SSH. What do you do?

Possible solution #1
Do you have the correct IP address? Can you copy and paste the IP address? Can you run “ip addr show” on different servers? Is the IP addressed used multiple times in different subnets? It could refer to different servers.

Continue reading “How Do You Troubleshoot “ssh connect to host x.x.x.x port 22: Connection refused”?”