Automate-it-logo
C'est parti

Landing Zone Accelerator on AWS (LZA) vs. Customizations for AWS Control Tower (CfCT)

blog image

In the previous four posts, I explained AWS Landing Zone in general, the structure of AWS organization, and basic security configurations: Building a Landing zone with AWS Control Tower (part 1) Building a Landing zone with AWS Control Tower (part 2) Building a Landing zone with AWS Control Tower (part 3) Control Tower Guardrails overview […]

Benchmarking Amazon EC2 Instances: The Newer the Type, the Better?

Automat-it branded element design

AWS continuously updates its cloud services and releases new instance types, and this leads to the following questions from customers: Which instance type is better for my needs? Which instance type is cheaper? How does CPU/Networking performance differ between instance types? In this article, I have compared different generations for general-purpose EC2 instances of “M” […]

Hack the OWASP Juice Shop Application and Protect it with AWS WAF (Part 2)

image header

In the previous post, we started exploring the OWASP Juice Shop vulnerable web application and how we can use AWS WAF to protect against some hacking techniques (scanning, brute-forcing). In part 2, we will look at SQL Injections (SQLi), Cross-Site Scripting (XSS), and other well-known attacks and vulnerabilities. SQL Injections According to The Open Worldwide Application […]

Hack the OWASP Juice Shop Application and Protect It with AWS WAF (Part 1)

Automat-it branded element design

This is the first post in this series about the penetration test of the vulnerable web application, OWASP Juice Shop, and how we can utilize AWS WAF to protect against some hacking techniques. Problem statement Nowadays, most software products have web applications, and developing a secure application is challenging. There are many ways to hack […]

Centralizing Health Event Reporting for AWS Organizations at Scale

AWS Health provides ongoing visibility into your resource performance and the availability of your AWS services and accounts. You can use AWS Health events to learn how service and resource changes might affect your applications running on AWS. AWS Health provides relevant and timely information to help you manage events in progress. It also helps […]

Capabilities and limitations of Palo Alto Firewall in AWS

In the previous post, we looked at how we can analyze and filter egress traffic via the dedicated central appliance (Palo Alto Firewall). A set of Firewall VMs was deployed behind the AWS Gateway Load Balancer. The Palo Alto Firewall was intended to solve many different problems for the organization. In the process of the […]

Control Tower Guardrails overview (Preventive, Detective and Proactive)

A Guardrail (or Control) is a high-level rule that provides ongoing governance for your overall AWS environment. It’s expressed in plain language. AWS Control Tower implements preventive, detective, and proactive controls that help you govern your resources and monitor compliance across groups of AWS accounts. A control applies to an entire organizational unit (OU), and […]

GitOps for AWS Cloudformation

What is GitOps GitOps is an operational framework that uses DevOps best practices for application development, such as version control, collaboration, compliance, and CI/CD, and applies them to infrastructure automation. In the GitOps approach, we use a Git repository as the single source of truth for infrastructure definitions. Git is an open-source version control system […]

Moving to AWS Graviton. Why and How?

headline image

AWS continuously improves cloud services and introduces new hardware for processing power, but customers usually do not rush to move to newer instance generations. AWS documents state that newer generations are more powerful and cheaper, but what is the difference in numbers? In this post, I researched and compared four generations of the instance type […]