hyperbo.la :: lifestream
permalink

with the lopopolo IAM user gone, the only ones left were the IAM users in the #artichoke and #hypstatic GitHub organizations used for terraform CI in the project-infrastructure repos. I used the new GitHub Actions OpenID Connect provider to wire up AWS identity federation following this guide – https://scalesec.com/blog/identity-federation-for-github-actions-on-aws/ #security #github #aws #win

permalink

With AWS SSO in place, I started using aws-vault locally for #terraform and AWS CLI. I learned about this tool at work. No IAM access keys with inline IAM policies! SSO + assume role for administrator access! #security #win

permalink

In #aws things, I migrated both hyperbola and #artichoke infra to separate AWS organizations and set them up with AWS Control Tower's account vending machine. Audit logs! AWS Config! SCPs! AWS Cost and Usage Reports! AWS SSO! #win #security #cost

Photo for post 471.
permalink

Found this in the nginx logs of my wiki in ec2. hackers. #security