Security on Tibor Hercz - Writing about Cloud, architecture, AWS, GCP and software engineering. https://tiborhercz.com/tags/security/ Recent content in Security on Tibor Hercz - Writing about Cloud, architecture, AWS, GCP and software engineering. Hugo en Wed, 05 Jul 2023 00:00:00 +0000 Golang JWT authorizer for AWS API Gateway https://tiborhercz.com/golang-jwt-authorizer-for-aws-api-gateway/ Wed, 05 Jul 2023 00:00:00 +0000 https://tiborhercz.com/golang-jwt-authorizer-for-aws-api-gateway/ <p>When using AWS API Gateway you can use the AWS Lambda authorizer for HTTP APIs to authorize the requests. In this blog I will show you how to validate a JWT token signed with KMS in a Lambda using the Golang runtime. For the examples I am using API Gateway V2 with HTTP APIs with the <code>v2</code> authorizer payload format version and for the resources I am using Terraform.</p> How to: Deploy Terraform to AWS with GitHub Actions authenticated with OpenID Connect https://tiborhercz.com/how-to-deploy-terraform-to-aws-with-github-actions-authenticated-with-openid-connect/ Sun, 14 May 2023 00:00:00 +0000 https://tiborhercz.com/how-to-deploy-terraform-to-aws-with-github-actions-authenticated-with-openid-connect/ <p>In the past it was very common to use AWS credentials (access token and secret) in your GitHub actions pipeline. This poses a security risk because most of the time these AWS credentials are long-lived credentials with a lot of permissions. If these credentials get leaked or misused the damage done could be huge.</p> Improve your AWS user management and security with AWS IAM Identity Center (SSO) https://tiborhercz.com/improve-your-aws-user-management-and-security-with-aws-iam-identity-center-sso/ Tue, 02 May 2023 00:00:00 +0000 https://tiborhercz.com/improve-your-aws-user-management-and-security-with-aws-iam-identity-center-sso/ <p>I have seen a lot AWS environments and noticed that it is very common that companies use AWS IAM users to log in and access the API. This can cause security issues and is time-consuming to manage but is very easy to improve by setting up AWS IAM Identity Center (Successor to AWS Single Sign-On).</p> Steps to take after leaking AWS credentials https://tiborhercz.com/steps-to-take-after-leaking-aws-credentials/ Wed, 26 Apr 2023 00:00:00 +0000 https://tiborhercz.com/steps-to-take-after-leaking-aws-credentials/ <p>So you leaked your AWS credentials onto the world wide web, and you are wondering what to do to minimize the damage. There are multiple steps that should be taken, but I do think that the order of these steps matter.</p> What happens when you leak AWS credentials and how AWS minimizes the damage https://tiborhercz.com/what-happens-when-you-leak-aws-credentials-and-how-aws-minimizes-the-damage/ Wed, 05 Apr 2023 00:00:00 +0000 https://tiborhercz.com/what-happens-when-you-leak-aws-credentials-and-how-aws-minimizes-the-damage/ <p>I heard multiple times that AWS scans public GitHub repositories for AWS credentials and informs its users of the leaked credentials.</p> <p>So I am curious to see this for myself, so I decided to intentionally leak AWS credentials to a Public GitHub repository. And show you the steps I took and how I got informed about the leaked credentials.</p>