Cloud on zoph.me

AWS CloudFormation Phishing Attack: A Growing Threat

Mon, 10 Feb 2025 13:37:00 +0200

✨ Introduction

It starts with an innocuous-looking email. The sender claims to be AWS Support, warning the recipient about an urgent security issue. A single button labeled “Launch Stack” is prominently placed, urging immediate action. What appears to be a standard security advisory is, in reality, the gateway to a sophisticated AWS account takeover attempt.

Threat actors are exploiting AWS CloudFormation StackSets in phishing campaigns designed to compromise AWS environments. Originally reported by Rami McCarthy back in 2022 and by Scott Piper in this blogpost (2021), this technique continues to evolve, demonstrating how adversaries leverage AWS automation against its own users.

AWS Mixtape: Summer 2024

Sun, 01 Sep 2024 13:37:00 +0200

Busy Holidays? You’ll find below my preferred papers from this summer, 2024 🏖️

Cloud Security

Infrastructure

Engineering

That’s all, folks! 👋🏼

Thoughts on Indie AWS Consulting in 2025

Sun, 25 Aug 2024 13:37:00 +0200

Background

I started my career in the glass industry as a SysAdmin, specifically in a glass factory crafting fragrance bottles and bottles for pharmaceutical industries in the north of France. Since then, I’ve focused on IT security and cloud computing.

After many full-time positions for Microsoft, French Logistic Railroad, and IT Consulting parties, I decided to run my AWS consulting boutique by myself 5 years ago.

Just at the beginning of the pandemic, what a visionary…

Proxy Logs: Preserving Client IPs in AWS PrivateLink

Sun, 18 Aug 2024 13:37:00 +0200

Purpose

Recently, I was working on a centralized explicit proxy service for one of my customers using a well-known Squid Internet proxy.

The infrastructure is built on top of a shared AWS account hosting all standard infrastructure services, such as Internet Proxy, SOCKS5 Proxy, DNS Resolvers, ADDC, Centralized logging, and much more.

Consumers are using the Internet Proxy service from multiple child AWS accounts and regions within the client AWS Organization thanks to AWS PrivateLink.

Over Architecting on Public Cloud

Sun, 04 Aug 2024 13:37:00 +0200

Following a post from my friend Julien Delange (Tech Ramblings) on software over-engineering, I want to share my thoughts about over-architecting in my preferred field of Public Cloud Architecture.

Background

I have been doing Cloud Architecture for more than ten years and have seen many different scenarios and use cases, from startups to GAFAM and multiple company verticals, from TV audience measurement to Gambling and Energy Producers. I also frequently challenge my fellow architects’ decisions.

AWS Starter Kit - 2020 Edition

Fri, 10 Jul 2020 13:37:00 +0200

This post was updated in July 2020. It was originally my first post on this blog in December 2016. 👴

I’m often asked by many colleagues, friends, or Twitter followers where to start with Amazon Web Services (AWS). In this post, I will try to explain where you should start in 2020.

I’ll try to write this post as I wish I had in 2016 when I came into this technology.

[MAMIP] Monitor AWS Managed IAM Policies

Sat, 22 Feb 2020 13:37:00 +0200

This Article was created posted in September 2019. Updated in February 2020.

Disclaimer

Thanks to @0xdabbad00 from SummitRoute for the original idea and jq parsing.

Purpose

When your production workloads rely on AWS IAM Managed Policies (don’t do this), you will need to be notified when changes occur behind the scene. It’s also interesting to monitor new AWS services releases prior announcements to get spoiled.

This pet project automates the retrieval (every 4 hours) of new AWS Managed IAM Policies to make it easier to monitor and get alerted when changes occur (by AWS) using “Watch” feature from Github, RSS or dedicated Twitter Account.

Easily reduce by 70% your AWS Fargate bills

Sun, 16 Feb 2020 13:37:00 +0200

Quick post today about CostSaving on AWS. As you know two of my preferred subjects on Public Cloud are: Security and FinOps !

Recently, AWS introduced a way to reduce by up to 70% AWS bills using Spot instances with AWS Fargate service.

It’s really easy to use, and if your workload is interruption-proof, batch jobs, or CI/CD containers, don’t hesitate to use it to drastically reduce your workloads costs.

Using Terraform, you just have to specify the capacity_providers and/or the default_capacity_provider_strategy on your aws_ecs_cluster resource.

CloudWatch Synthetics - Canary testing

Sun, 02 Feb 2020 13:37:00 +0200

Canary What ?

In software testing, a canary (also called a canary test) is a push of programming code changes to a small number of end-users who have not volunteered to test anything. The goal of a canary test is to make sure code changes are transparent and work in a real-world environment.

Canary tests, which are often automated, are run after testing in a sandbox environment has been completed. Because the canary is only pushed to a small number of users, its impact is relatively small should the new code prove to be buggy and changes can be reversed quickly.

On being Independent

Wed, 01 Jan 2020 13:37:00 +0200

In December 2019, I’ve decided to switch from a long time (15 years) habits of Full-Time Employee (FTE) contracts to run my own business as an Independent AWS Cloud Architect.

This decision came to me after a few deceptions from my past experiences as a traditional employee/consultant, and I was thinking about this switch for several years now.

It was the perfect time for me to start this new challenge:

[FR] Re:Invent 2018

Thu, 27 Dec 2018 22:31:32 +0200

Retour sur une semaine incroyable et riche en annonces comme à l’accoutumée pour cette nouvelle édition du salon annuel Amazon Web Services (AWS) à Las Vegas.

Dans cet article, nous allons revenir sur les principaux lancements de cette année, des plus importants aux plus inattendus.

Quelques chiffres avant de commencer, AWS est un business avec un CA de 27Mds$, avec une croissance de 46-49%. Cette année, le re:Invent c’est 50 000 participants annoncés, répartis sur les 5 principaux casinos de Las Vegas.

Stress website with a Beehive (with machineguns 🔫)

Sun, 18 Mar 2018 22:31:32 +0200

Warning I deny any responsibility for using this article to launch an assault on a website that you don’t own.

TL;DR

In this article, you will find a procedure to launch a distributed load test of ApacheBench (AB) on your website. I will use: BeesWithMachineGuns

Requirements

Boto / awscli
Python 2.6 - 3.6
paramiko

Installation

aws configure with your credentials
sudo pip install https://github.com/newsapps/beeswithmachineguns/archive/master.zip

Launch ssh-agent, add your key:

Copy your EC2 ssh-key pair to your instance, in /home/ec2-user/.ssh/. This key will be used to launch bees.

[FR] Backup Jeedom sur AWS S3

Fri, 12 Jan 2018 22:31:32 +0200

Dans cet article, nous allons voir comment sauvegarder vos backups Jeedom dans le Cloud Amazon.

Ok, mais combien ça coûte Amazon Web Services (AWS) ?

Je pars du principe que vous avez un backup par jour pendant 1 an à sauvegarder, chaque backup fait 100 Mo (le double de ma sauvegarde actuelle)

La première année pendant le FreeTier : 0,74$/mois
La deuxième année après le FreeTier : 0,86$/mois

Evidemment il n’y a aucun intérêt de garder autant de versions, un mois est à mon sens largement suffisant.

AWS Starter Kit

Tue, 13 Dec 2016 13:37:00 +0200

This post was updated on 2020-07-11.

You will find in this post a few links and videos to help you on your journey to AWS Cloud.

Cloud on zoph.me

AWS CloudFormation Phishing Attack: A Growing Threat

✨ Introduction

AWS Mixtape: Summer 2024

Cloud Security

Infrastructure

Engineering

Thoughts on Indie AWS Consulting in 2025

Background

Proxy Logs: Preserving Client IPs in AWS PrivateLink

Purpose

Over Architecting on Public Cloud

Background

AWS Starter Kit - 2020 Edition

[MAMIP] Monitor AWS Managed IAM Policies

Disclaimer

Purpose

Easily reduce by 70% your AWS Fargate bills

CloudWatch Synthetics - Canary testing

Canary What ?

On being Independent

[FR] Re:Invent 2018

Stress website with a Beehive (with machineguns 🔫)

TL;DR

Requirements

Installation

Launch ssh-agent, add your key:

[FR] Backup Jeedom sur AWS S3

AWS Starter Kit

My best

Intro from AWS

E-Learning

Case Studies

VPC

France Events

Useful Twitter accounts

Videos from re:Invent