Accend Networks San Francisco Bay Area Full Service IT Consulting Company

Categories
Blogs

Hosting Static Website Amazon S3

How to Host a Static Website on Amazon S3 Bucket: A Step-by-Step Guide

Hosting Static Website on Amazon S3

In the current digital landscape, having a simple fast, and cost-effective website is essential for showcasing your content, be it running a personal blog, small business, or portfolio. Amazon S3 provides an excellent platform for hosting static websites with its simple storage services.

In this blog, we will guide you through the essential steps to deploy your static website in Amazon S3.

Deploying a static website in s3 is a straightforward and powerful way to leverage cloud infrastructure for your online presence and this article will equip you with everything you need to launch your website effortlessly in amazon s3.

What is Amazon S3?

Amazon S3 is a highly scalable object storage service that offers data availability, security, and performance. It’s suitable for businesses of all sizes and can be used for various use cases such as data lakes, websites, mobile apps, backup and restore archives, and big data analytics.

Let’s dive into the hands-on where we will break down this into a step-by-step guide.

Step 1: Creating an S3 Bucket

Log in to the management console and type S3 on the Search bar then Select S3 under services.

In the s3 console, Click Create Bucket.

Enter the bucket name and choose the region where you want the bucket to be located.

Scroll down and uncheck the Block all public access checkbox to disable Amazon S3’s default setting to block public access to an S3 bucket. A warning will appear beneath this section; click on the checkbox to acknowledge current settings to enable public access to the bucket.

This configuration allows users to access static website pages stored in the S3 bucket.

Leave the rest of the options at their default settings, and click on the Create bucket button.

Step 2: Enable Static Website Hosting

On the resulting page from the successful creation of the bucket, click on the bucket name. Select the Properties tab, scroll down to the Static website hosting section, and click Edit

Once you choose Enable, more configuration options will be made available on the console to enable you to provide the necessary settings and documents for hosting your website.

Leave the Hosting type as the default (Host a static website), and enter the exact name of the Index document that should serve as the file for your static webpage. Do the same for the Error document if you want to have a custom web page for 4XX class errors. This section is case-sensitive, therefore ensure the names you provide are the exact match.

Navigate to the end of the page and click on Save Changes.

When you scroll down the resulting page, you will notice that a bucket endpoint was successfully created.

Step 3: Add a Bucket Policy that Makes an S3 Bucket Content Publicly Available

Here we will add a policy to grant public read-only access to our S3 bucket.

To edit the permissions of your bucket, follow these steps:

On the current page of the console, navigate to the Permissions tab.

To edit the permissions of your bucket, follow these steps:

On the current page of the console, navigate to the Permissions tab.

Scroll down to the Bucket policy section and click on Edit.

Paste the code into the text editor provided in the console.

In the Resource section of the code, replace the unique bucket name with your own. This will ensure that you have the correct permissions for your bucket.

At the bottom of the page, click on Save Changes.

Step 4: Configure an Index Document

The index document is the root file of our static website. Make sure you have your web files ready.

choose the Object tab, and on the resulting page, drag and drop the file (or folders) you want to upload here, or choose Add files (or Add folder). Scroll down and click the Upload button.

After a successful upload, you can view your static website by visiting the Endpoint of your S3 bucket on your web browser.

To get your bucket endpoint, choose the Properties tab and scroll down to the Static website hosting section at the end of the page. Click on it to open your static website on a new tab.

This brings us to the end of this article, pull everything down.

Conclusion

Hosting a static website on Amazon S3 is an efficient and cost-effective solution for delivering web content to a global audience. By leveraging S3’s robust infrastructure, you can ensure high availability, durability, and scalability for your static website.

Thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].

Thank you!

Categories
Blogs

AWS Security Hub

Enhancing Cloud Security with AWS Security Hub

Introduction

In the error of cloud computing, security remains supreme for organizations around the world. With the increasing of sophisticated cyber threats, organizations must adopt robust security measures to safeguard their data and infrastructure. AWS security hub emerges as a comprehensive solution to address these challenges by providing a centralized platform for managing security across the AWS cloud.

What is AWS Security Hub?

AWS Security Hub provides you with a comprehensive view of your security state. It provides a centralized, aggregated, and prioritized overview of security findings and compliance status in a standard format for a single AWS account and multiple AWS accounts. It helps you analyze your security trends and identify the highest-priority security issues.

Key Features of AWS Security Hub

  • Centralized security monitoring
  • Continuous security assessment
  • Prioritized alerting
  • Custom insights and compliance checks: 
  • Integration with third-party security tools
  • Automation
  • Security scores and summary dashboards

Benefits of AWS Security Hub

  • Simplified security operations: It provides a centralized view, simplifying security operations, and enabling faster response to threats.
  • Enhanced threat visibility: By integrating with various AWS security services and third-party tools, it provides a wide range of security insights, ensuring comprehensive visibility into potential threats and vulnerabilities.
  • Proactive risk mitigation: The continuous and automated compliance checks of AWS Security Hub allow organizations to proactively identify and remediate security gaps, reducing the risk of breaches, data leaks, and compliance violations.
  • Simplified compliance management: AWS Security Hub simplifies compliance management by aligning with industry-standard frameworks and providing pre-built compliance checks. It simplifies reporting, and audits, and ensures compliance with regulatory requirements.
  • Efficient collaboration: AWS Security Hub enables seamless collaboration between security teams by providing a centralized and shared view of security findings, allowing them to work together on analysis, remediation, and incident response.

Demo on how to enable AWS Security Hub?

Sign in to the management console and navigate to the security hub console. Then click on Go to security hub.

Before you can enable the security hub, you must first enable recording for the relevant resources in AWS Config.

Then Select the relevant Recording strategy and Recording frequency as per your requirements.

Configure Override settings to override the recording frequency for specific resource types or exclude specific resource types from recording and create a new IAM Role or select the existing IAM Role for AWS Config in Data governance.

Remember AWS Config needs an S3 bucket to store configuration history and configuration snapshots. Configure S3 bucket details, then click on Next.

AWS Config Managed Rules provide a set of predefined rules that you can use to evaluate the compliance of your AWS resources according to best practices and security standards. Select the AWS-managed rules as per your requirements and click on Next.

Review AWS Config details and click on Confirm to finish the AWS Config setup.

Select the Security standards as per your requirement from built-in security standards and click on Enable Security Hub to finish the setup.

Once setup is complete, you’ll be directed to the Security Hub dashboard. Here, you can access a unified view of security findings, compliance status, and actionable insights across your AWS accounts. Explore the dashboard in detail and familiarize yourself with the available features and navigation options.

Once you enable an AWS Security Hub, it will take some time to complete the initial analysis and to appear the results on the dashboard. This is because AWS Security Hub needs to scan your entire AWS environment to identify all the relevant resources to the standard.

After the initial analysis is done, AWS Security Hub will continue to scan your AWS environment regularly to identify any new resources or modifications to existing resources. The results will be posted on the dashboard in real time. You can then check the findings and prioritize the remediation of the threats/vulnerabilities detected.

Below are some sample reports from the AWS Security Hub dashboard.

Security score from AWS Security Hub summary.

Findings from all linked Regions are visible from the aggregation Region

Track New findings over time by severity and the provider, and see the top resources at risk across multiple resource types.

Security score for specific security standards

Conclusion

AWS Security Hub is an essential component in securing AWS cloud infrastructure by providing a comprehensive and centralized view of security posture. As the cloud landscape evolves, AWS Security Hub remains a pivotal tool for enhancing cloud security posture, enabling organizations to proactively identify and mitigate security risks.

This brings us to the end of this blog. Clean up.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].

Thank you!

Categories
Blogs

AWS Firewall Manager

Securing Your Cloud with AWS Firewall Manager

Secure Your Cloud

Introduction

In the rapidly evolving cloud computing landscape, security remains top priorities for businesses of all sizes. With the continuous rise of sophisticated cyber threats and complex network architectures, organizations need robust solutions to safeguard their cloud Environments. One such solutions offered by AWS is the AWS Firewall Manager (or AWS Network Firewall). Which is a tool designed to simplify firewall management and enhance overall security posture.

What Is Firewall Manager?

Firewall Manager is a centralized security management service that allows you to set and administer firewall rules across all of your accounts and applications from a single location. It provides a unified approach to firewall management. Think of AWS firewall Manager as the central command centre of your cloud security. It lets you manage and enforce consistent security policies across multiple AWS accounts and resources, including WAF, Network Firewalls, VPC security groups, and others.

Benefits of AWS Firewall Manager

Simplify management of firewall rules across your accounts: AWS Firewall Manager is linked with AWS Organizations, allowing you to manage your Amazon VPC’s AWS WAF rules, AWS Shield Advanced protections, security groups, AWS Network Firewall rules, and Amazon Route 53 Resolver DNS Firewall rules from a single location.

Ensure compliance of existing and new applications: AWS Firewall Manager applies the mandatory security policies you establish across existing and newly generated resources automatically.

Easily deploy managed rules across accounts: With just a few clicks in the interface, you can select a Managed Rule from an AWS Marketplace Seller and deploy it uniformly throughout your Application Load Balancer, API Gateway, and Amazon CloudFront architecture.

Centrally deploy protections for your VPCs: Security administrators can use Firewall Manager to establish a baseline set of VPC security group rules in Amazon VPCs for EC2 instances, Application Load Balancers (ALBs), and Elastic Network Interfaces (ENIs).

Ensure compliance of existing and new applications: AWS Firewall Manager (AWS Network Firewall) automatically enforces mandatory security policies that you define across and newly created resources.

AWS Firewall Manager Prerequisites

Your account must be a member of AWS Organizations.

Your AWS account must be a member of an organization in the AWS Organizations service, and the organization must have all features enabled.

Your account must be the AWS Firewall Manager administrator

To configure Firewall Manager policies, your account must be set as the AWS Firewall Manager administrator account, in the Settings pane.

You must have AWS Config enabled for your accounts and Regions

You must enable AWS Config for each of your AWS Organizations member accounts and for each AWS Region that contains resources that you want to protect using AWS Firewall Manager.

To manage AWS Network Firewall or Route 53 resolver DNS Firewall, the AWS Organizations management account must enable AWS Resource Access Manager (AWS RAM).

The AWS Organizations management account must enable AWS RAM for all member accounts in your organization.

To use the third-party firewall, subscribe in the AWS Marketplace.

To use the third-party firewall with AWS Firewall Manager, you must first subscribe to the third-party firewall Pay-As-You-Go service in the AWS Marketplace.

AWS Organizations: Your AWS account must be a member of an organization in the AWS Organizations service, and the organization must have all features enabled.

Your account must be the AWS Firewall Manager administrator: To configure Firewall Manager policies, your account must be set as the AWS Firewall Manager administrator.

The Firewall Manager administrator account is the account you use to connect to the Firewall Manager.

AWS Config: You must enable AWS Config for each of your AWS Organizations member accounts and for each AWS Region that contains resources that you want to protect using AWS Firewall Manager.

To manage AWS Network Firewall or Route 53 resolver DNS Firewall, the AWS Organizations management account must enable AWS Resource Access Manager (AWS RAM): The AWS Organizations management account must enable AWS RAM for all member accounts in your organization.

To use the third-party firewall, subscribe in the AWS Marketplace: To use the third-party firewall with AWS Firewall Manager, you must first subscribe to the third-party firewall Pay-As-You-Go service in the AWS Marketplace.

How Firewall Manager works

You manage your Firewall Manager policies with your Firewall Manager administrator account.

Firewall Manager sets the Firewall Manager administrator account as the AWS Organizations Delegated Administrator for Firewall Manager when you create it.

This gives the Firewall Manager access to the organizational units (OUs) you use to define the scope of your Firewall Manager policies.

It generates findings for out-of-compliance resources and detects assaults, which it sends to AWS Security Hub.

Conclusion

AWS Firewall Manager stands out as a robust solution for organizations seeking to streamline and fortify their cloud security. By providing centralized management, automated rule deployment. This brings us to the end of this blog.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].

Thank you!

Categories
Blogs

Slash AWS Expenses

Slash AWS Expenses: Automate EC2 Idle Instance Shutdown with CloudWatch Alarms.

Slash AWS

Introduction

Effective management of cloud resources is important for anyone who uses cloud services, especially when it comes to managing costs. A common issue is that you forget to stop using EC2 instances for purposes such as development, testing, and temporary work, which can lead to unexpectedly high costs.

There are several scenarios in which you might want to automatically stop or terminate your instance. For example, you might have instances dedicated to batch payroll processing jobs or scientific computing tasks that run for some time and then complete their work. Rather than letting those instances sit idle (and accrue charges), you can stop or terminate them, which helps you to save money.

Forgetting to stop an EC2 instance used for brief testing can lead to unnecessary charges. To solve this, create a CloudWatch alarm to automatically shut down the instance after 1 hour of inactivity, ensuring you only pay for what you use. In this article, I’ll share how to set up this solution using the AWS Management Console.

CloudWatch Alarm

Amazon CloudWatch is a monitoring service for AWS. It serves as a centralized repository for metrics and logs that can be collected from AWS services, custom applications, and on-premises applications. One of its important features is CloudWatch Alarms, which allows you to configure alarms based on the collected data.

A CloudWatch alarm checks the value of a single metric, either simple or composite, over some time you specify and launches the actions that you specify once the metric reaches a threshold that you define.

Key Components of CloudWatch Alarms

Metric: A metric is performance data that you monitor over time.

 

Threshold: This is the value against which the metric data is evaluated.

 

Period (in seconds): The period determines the frequency at which the value of the metric is collected.

 

Statistic: This specifies how the metric data is aggregated over each period. Common statistics include Average, Sum, Minimum, and Maximum.

 

Evaluation Periods: The number of recent periods that will be considered to evaluate the state of the alarm, based on the metric values during these periods.

 

Datapoints to Alarm: The number of evaluation periods during which the metric must breach the threshold to trigger the alarm.

 

Alarm Actions: Actions that are taken when the alarm state changes. These can include sending notifications via Amazon SNS, and stopping, terminating, or rebooting an EC2 instance.

Setting Up a CloudWatch Alarm to Automatically Stop Inactive Instances.

Solution with Console

Open the CloudWatch console, In the navigation pane, choose AlarmsAll alarms. Then choose Create alarm.

Choose Select Metric

for AWS namespaces, choose EC2

Choose Per-Instance Metrics

Select the check box in the row with the correct instance and the CPUUtilization metric, and select “select metric”.

For the statistic, choose Average. Choose a period (for example, 1 Hour).

For threshold type select static, then select lower/average. Select threshold value, and data points to alarm then select treat missing data as missing then click next.

The first action is to send a notification to an SNS topic with an email subscription. This ensures that you will be notified when the alarm stops the instance. You can create the SNS topic at this step, or you can reference an existing one if you have already created it. Had already created an SNS topic.

The second action will be to terminate the EC2 instance, under the alarm state trigger, select in alarm then select stop instance, and click next.

Provide a name for the alarm, and you can also add a description then click next.

Review a summary of all your configurations. If everything is correct, confirm the alarm creation.

The alarm was successfully created, and we can see the alarm state is ok.

You can either wait for the alarm state to be in alarm or you can use the below command to set the alarm to alarm state.

Our alarm has gone to an alarm state and if you check the state of the EC2 instance, we can see our objective has been achieved and our EC2 instance is already stopped.

Additionally, a notification has also been sent to my email via SNS.

This brings us to the end of this demo, clean up. Thanks for reading, and stay tuned for more.

Conclusion

Automating idle EC2 instance shutdown with CloudWatch Alarms cuts AWS costs and ensures efficient resource use, preventing unnecessary charges and optimizing cloud spending.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].

Thank you!

Categories
Blogs

AWS CloudHSM

AWS Hardware Security Module: Securing Your Keys in the Cloud

Cloud HSM

Introduction

As organizations increasingly move their operations to the cloud environment, the need for robust security measures becomes equally important. One critical aspect of this cloud security measure is the management and protection of cryptographic keys. This is where the AWS Hardware Security Module or AWS CloudHSM comes in handy. This article explores what CloudHSM is, its use case, and a demo of how to create one.

What is CloudHSM?

AWS CloudHSM is a cryptographic service for creating and maintaining AWS hardware security modules (HSMs) in your AWS environment. HSMs are computing devices that process cryptographic operations and provide secure storage for cryptographic keys. You can use AWS CloudHSM to offload SSL/TLS processing for web servers, protect private keys linked to an issuing certificate authority (CA), or enable Transparent Data Encryption (TDE) for Oracle databases.

When we have the KMS, AWS manages the software for encryption and the encryption keys. But with cloud HSM, AWS only provides us with the encryption hardware. The HSM device is tamper resistant and has FIPS 140-2 Level 3 compliance. CloudHSM supports both symmetric and Asymmetric encryption.

Using AWS CloudHSM you must use CloudHSM client software since there is no API call for this service.

Key Features of Cloud HSM

Hardware-based Security: Keys are stored in hardware, which is inherently more secure than software-based storage.

High Availability and Scalability: Cloud HSM services are typically offered with high availability and can scale to meet the demands of enterprise workloads.

Compliance: Cloud Hardware Security Module is often compliant with industry standards such as FIPS 140-2 Level 3, ensuring they meet regulatory requirements for data protection.

Integration: Cloud HSMs can integrate with various cloud services and on-premises applications, enabling seamless cryptographic operations across different environments.

CloudHSM Backups

Backups are stored in Amazon Simple Storage Service (Amazon S3) within the same Region as the cluster. You can view backups available for your cluster from the CloudHSM console. Backups can only be restored to a genuine HSM running in the AWS Cloud. The restored HSM retains all the configurations and policies you put in place on the original HSM.

Creating a backup CloudHSM triggers backups in the following scenarios:

  • CloudHSM automatically backs up your HSM clusters periodically.
  • When adding an HSM to a cluster, CloudHSM takes a backup from an active HSM in that cluster and restores it to the newly provisioned HSM.
  • When deleting an HSM from a cluster, CloudHSM takes a backup of the HSM before deleting it.

A backup is a unified encrypted object combining certificates, users, keys, and policies. It is created and encrypted as a single, tightly bound object. The individual components are not separable from each other. The key used to encrypt the backup is derived using a combination of persistent and ephemeral secret keys.

Backups are encrypted and decrypted within your HSM only, and can only be restored to a genuine HSM running within the AWS Cloud.

Let’s dive into the practical.

Login to the AWS Management Console then type CloudHSM in the search box then select it under services.

In the CloudHSM dashboard, click Create cluster.

In the create cluster dashboard, click the drop-down button and select your VPC, I will move with the default VPC.

For subnet, you can only select one subnet per AZ, because I selected default VPC, I will move with the default subnet.

We will create a new cluster, so select the radio button on Create a new cluster then click next.

Enter the backup retention period then click next.

We will tag our HSM.

Review page.

For confirmation, make sure to tick the check box, then hit on the Create cluster.

Wait until it gets created complete. And move the status to an uninitialized state.

Select the cluster from the actions drop-down button then select initialize.

We will now create an IAM user, cloudhsmuser with full access.

Take note of the password and download the .csv file

Create HSM in the cluster, select the Availability Zone, and hit on Create.

Wait until the process gets completed.

Download all 4 certificates then hit next.

Configure the HSM user on the EC2 machine using Mobastream.

Make sure Cluster is Active. As per the below screen, the Cluster is in an active state.

That’s it. Thumps up.

Conclusion

AWS Hardware Security Module or Cloud HSM provides a powerful solution for secure key management in the cloud. By leveraging hardware-based security, it offers enhanced protection for cryptographic keys, helping organizations meet stringent compliance requirements and protect sensitive data.

This brings us to the end of this blog.  Thanks for reading, and stay tuned for more. Make sure you clean resources.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].

Thank you!