Azure - Setup Sentinel Alerts into a Teams Channel

When using Azure Sentinel as your security information and event manager (SIEM) platform, you do not always wanting to be having to check the incident dashboard for any incidents or have lots of emails clogging up your inbox.

Fortunately you can now configure a Sentinel Playbook which utilises a Logic App to trigger an alert into a Microsoft Teams channel of your choice.

Azure - Stop and Deallocate a Windows VM using a Managed Identity

A simple and costly mistake which can often catch Azure administrators out is the 2 states a VM can be in when powered off, it will either be in a costly Stopped state or Stopped (deallocated) state, the difference is that when a VM is shutdown using the normal operating system method it goes into a Stopped state but although shut down the resources are still allocated to it and therefore the full costs are incurred as if the VM was powered on.

Learn how to initiate a shut down and deallocate from within the guest operating system using a system-assigned managed identity.

AWS - Port forwarding via an SSH tunnel to an EC2 using systems manager

AWS Systems Manager Agent is a software agent that can be installed and configured on public or private EC2 instances, on-premise servers or virtual machines. The agent makes it possible for Systems Manager to update, manage, and configure these resources. The following guide shows you how to securely use the SSM agent along with the Systems Manager API to use port forwarding via a tunnel to connect into your private EC2 without running bastion hosts/jump boxes and without opening inbound ports to the instance.

Site to Site VPN between AWS and Azure

Multi-cloud architectures are an ever-increasing common design in the IT world and there will likely become a point when you want to setup a fast-direct resilient VPN connection between your public cloud providers such as Azure and AWS.

This article shows you how to configure a site to site VPN between AWS and Azure utilising the Internet Key Exchange version 2 (IKEv2) for the tunnel setup.

AWS - Dynamically visualise, audit and document your AWS environment for free

As AWS estates grow over time with expansions and adjustments it gradually becomes harder to understand, audit for security, visualise, document and analyse your environment.

Duo Security (now owned by Cisco) have developed and released an excellent Open source graphical tool called CloudMapper which allows you to achieve all the above within your AWS environment as well as a recent feature that allows it to be a continuous monitoring and auditing solution. Furthermore providing you comply with their licence, it is free. 

This guide shows you how to setup the Duo CloudMapper with the demo data then link it into your AWS environment.

AWS - Correct process to migrate to M5/C5 instance types

Often when resizing instance types it just a simple case of shutting the EC2 down, changing the type then starting it up but when changing to an M5 or C5 type the EC2 may not boot up which is normally because it does not have either the enhanced networking module installed, the NVMe module installed or you may have block devices mounted using the device names, fortunately there is an AWS script that can be used to run the pre-requisite tests to ensure these are identified and rectified before attempting the resizing of the instance.

This guide shows you how to run the pre-requisite script to give you the best chance of a successful instance resizing.

Firefox - Configuring DNS over HTTPS (DoH)

Firefox have recently launched a feature that allows you to encrypt your DNS traffic, historically DNS uses a combination of UDP and/or TCP on port 53 which has always been available to see in plain text. This controversial feature moves DNS away from the network OS level to the application level.

With this setting enabled the domain name you typed is sent to a DNS-over-HTTPS (DoH) compatible server using an encrypted HTTPS connection instead of a plain text one. This prevents third parties (malicious or not) from observing your DNS traffic.

This article shows you how to enable the setting in Firefox and show the setting in action within Wireshark.

Azure - NAT and PAT through an Azure Load Balancer

Azure load balancers act as a highly available single point of contact that evenly distributes traffic to hosts in a backend pool, they can be utilised with health probes to ensure layer 4 traffic (TCP/UDP) is consistently and evenly distributed to healthy VM's.

This article shows you how to build an Azure load balancer then configure Network Address Translation (NAT) and Port Address Translation (PAT) rules for SSH traffic through for support or monitoring purposes, then lock it down through a network security group. This can easily be adapted for many other types of traffic.

Azure - Control costs by configuring a budget and alerting

Cloud costs can easily spiral out of control with simple administrative mistakes with temporary VM's being left on, misunderstanding storage costs, over provisioning and many more which can present serious problems when the Azure billing is invoiced. Azure budgets can be easily utilised at a subscription level to bring an element of cost control to your Azure estate, they can be scoped so they can be based on subscription, resource groups or a collection of resources and can be configured to trigger numerous types of alerts so you can address a small issue before it becomes a large issue with financial consequences.

This article shows you how to look at your monthly projected forecast, set a budget then setup a trigger to send an email based on a percentage of the budget.