Aws

Secrets management is a constant topic for debate in tech and security circles, even more so for users of cloud providers. There are solutions like Hashicorp Vault, Sneaker, and Credstash (even a locked down S3 bucket) that we have looked at using at Unbounce. Each solution has its own level of complexity to setup and maintain. All of these solutions suffer from the same problem, which I like to call “Step 0” or, how the heck do I manage the master key that unlocks everything? At some point in the encryption process, trust has to be established and that is the point where encryption cannot be used (Step 0). ...

This article demonstrates how you can quickly rotate your AWS keys in 2 minutes. Anything longer and I’m certain that nobody will do it. This is important as you should be in the habit of rotating these credentials often. Personally, I set reminders to change my keys every 30 days. Caveats You must have only one set of access keys created. Your IAM policy must allow you to manage your own keys. You must know where you store your AWS credentials (everyone is a bit different here). Key Rotation Process The process is thus: ...

Update 2016-09-27: The AWS CloudFormation team has just released a new feature that allows you to write your templates in YAML. They even improved on the problems I outlined in this article by allowing shorthand versions of the intrinsic functions. I now suggest everyone to move to YAML as it is the clear winner. Working with CloudFormation is great once it finally clicks in your brain that you can create many AWS resources and then delete all of them to make cleaning up super easy. Other than the steep learning curve when a person first learn CloudFormation, the next annoyance people have is that they have to write in JSON. ...

🎵… sitting in a tree…🎵 For both my personal projects, and projects at Unbounce, I use Ansible to create CloudFormation stacks. This brings some amazing user experience improvements for people not used to working with CloudFormation and its asynchronous behaviour. Before I show some of the benefits, I will explain what each piece of the technology is doing. What is Ansible? Ansible is a configuration and orchestration tool for servers and services. People primarily use Ansible to configure packages, libraries, and services on Linux machines (though other operating systems are supported). It is focused on idempotency, which is to ensure that running the Ansible playbook once will change the system, but subsequent runs will not effect any change. ...