Automate Starting and Stopping EC2's using Lambda and Cloudwatch

For on-demand EC2's that are not required during certain hours that are essentially wasting money running when not in use it is worth setting up a Lambda function that can stop and start the EC2's as per your requirements. This guide configures an IAM policy/role then uses a Lambda function to start/stop the EC2 during the business hours of 9am to 5pm.

Startup your EC2's via Powershell

For EC2's that are started up infrequently it can be time consuming to go through the AWS Management login with MFA just to start them up, this powershell script uses the AWSPowerShell module along with API keys to startup the specified EC2 instance.

Configure SNMPv3 on Cisco Catalyst switching

SNMPv3 is the most advanced and secure version of SNMP yet, with features like user authentication and encryption greatly enhancing the protocol.

The following instructions will guide you through configuring SNMP v3 with authentication and privacy on Cisco switching using MD5 and DES;

Permanently Remove Deleted Users from Office 365

When a user is deleted from Office 365 the account is moved into a recycle bin where it is held for 30 days before being purged, this is very useful should users be accidentally deleted and can be easily recovered however this can still cause issues with Azure Active Directory Connect (AADC - used for syncing users from on-premise to Office365) when you have duplicated users/errors when trying to link up accounts for the first time when the first sync may have been done incorrectly, this guide shows you how to permanently delete the problematic deleted item therefore allowing you to redo the AADC sync as if for the first time.

AWS - Connecting to an S3 Bucket using WinSCP

Connecting to the Amazon S3 protocol is now natively supported as of WinSCP version 5.13, WinSCP uses the REST interface to interact with S3.

This guide creates an S3 bucket, an IAM user, an IAM access policy with least priviledge, then generating access and secret keys for API access to allow WinSCP to seamlessy migrate files over.

Firefox Monitor

Firefox Monitor

Firefox have teamed up with "Have I Been Pwned" to offer a service that allows you to check your email address against a database that serves as a library of data breaches. It will let you know if your email address and/or personal info was involved in a publicly known past data breach. Once you know where your email address was compromised you should at the very least change that system password and any other place where you’ve used that password.

This guide shows you how to check if your details have been compromised.

Tightening up Apache SSL security

At the very least modern websites should be using HTTPS by default with any traffic on HTTP redirected to HTTPS, this ensures traffic in transit is encrypted from 3rd parties prying eyes. The next step is ensuring that the SSL certificate along with the web server it sits on is configured correctly from a security perspective ensuring any well known backdoors are addressed.

The Qualys SSL Server tool is an excellent free tool that grades the quality of your SSL configuration that also identifies any areas that need to be addressed.

Secure Apache with an SSL certificate and force all traffic to use HTTPS

Using an SSL certificate is a must for ensuring your website is protected and meets the demands of today's modern sites/browsers. Customers and visitors to your site will know that their browsing session is safe, and that payment details and personal information is secure and encrypted in transit.

The following guide creates a certificate through Apache and a trusted certificate authority, applying the certificate to your website then forcing all traffic to use HTTPS rather than HTTP.

AWS - Using Gmail with your domain utilising SES & Lambda

When working with certain domains there may not be a requirement to have a full blown email system running but there may be a requirement to forward emails to another system and therefore it is important to have a reliable, functional, serverless and ideally free or very minimal cost email system available. I use this for my own purpose to verify infra.engineer via email for proof of ownership for the SSL Certificate and renewal emails without having to have a full blown dedicated mailbox attached to the domain.

This guide utilises AWS SES and Lambda, building a mail system that integrates seamlessly with your Gmail account, at the same time allowing you to send and receive mail from multiple mailboxes within your own domain, although this guide focuses on Gmail other email systems can be used such as Office365 and iCloud Mail.