2020-02-18-links
Aug 7, 2020
SSM Session manager for aws
This is a way to access aws things like EC2 instances without the need for having a network ingress to port 22 and ssh. It is manage by IAM and policies. So it is easier to audit than SSH keys It is not as good as ssh for tunneling and scp so Here is a way to use it to connect to ssh
Discussion of VPNs and aws
With all the news of global epidemics, it reminded me that the office I am in at the moment Reddit TIL:
- AWS managed services are expensive. There is angry abusive reddit debate over if it is cheaper to pay engineers to make one on your own ec2 instances, or to pay for a managed VPN. AWS vpn pricing
- If VPN is a critical thing, then there is an advantage to using the ASW service, in terms of avaliability and scaling etc
- there are diferences in the pricing. OpenVPN charges per seat, otehrs might charge for uptime and throughput.
- In a mass-surveilance world, why would I trust AWS VPN not to have a backdoor?
- pritunl is a commercial OpenVPN wrapper
- Pritunl has a free version that’s excellent for simple use cases,
- “would it be cheaper to just make a cloud formation template to spin up my own version of this service on demand?”
- https://github.com/joshmcgrath08/openvpn_on_ec2
- explains how to make an ec2 instance with openVPN, and the template automatees to the extent that you also get a download link for the credentials needed to sign into it.
- https://github.com/hwdsl2/docker-ipsec-vpn-server
- or a docker image for ipsec server
The port-knocking on AWS
the goal would be to keep your logs from being filled with junk noise of auto scans. but still have a service online when you needed it Reddit thread here. I was interested in this because of the idea of having an endpoint that you could call to add your current IP adress to a security group through a lambda function or something .. then let yourself into your ssh port, or what have you. but tunneling through session manager might be another option.
- hole punch seems to do this