Thoughts on AWS GuardDuty

I recently deployed AWS GuardDuty for a client and wanted to share some thoughts on the services at a high level. If unfamiliar, GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior by evaluating VPC Flow Logs, CloudTrail and DNS Logs (if using AWS DNS). The Good A single click … Continue reading Thoughts on AWS GuardDuty

An update on Windows EC2 Instance Snapshotting with Powershell

A while back, I did a post on creating snapshots of EC2 instances with Powershell here. Well, in November, AWS released an option to do VSS-aware snapshots via SSM.  You'll find AWS' post about that here. From the AWS post... To create VSS-enabled EBS snapshots by using AWS Tools for Windows PowerShell: Send-SSMCommand -DocumentName AWSEC2-CreateVssSnapshots … Continue reading An update on Windows EC2 Instance Snapshotting with Powershell

What To Do If You Lose Your EC2 Private Key

This hasn't happened to me, but knowing that it could encourages me to take note of how to address the scenario if it occurs. I came across a great example here (great step-by-step instructions). To sum up: Shutdown your instance Create an AMI Launch an instance from an AMI where you can create/choose a private … Continue reading What To Do If You Lose Your EC2 Private Key

Resetting the password on your Windows EC2 instance via SSM

I came across and interesting approach recently for resetting a misplaced/undocumented Windows administrator passwords in a reddit post.  This technique is only valid for instances with SSM installed. "SSM Agent is installed by default on Windows Server 2016 instances and instances created from Windows Server 2003-2012 R2 AMIs published in November 2016 or later." As … Continue reading Resetting the password on your Windows EC2 instance via SSM

Snapshotting Windows EC2 Instances with Powershell – Part 2

In Part 1, we successfully initiated a snapshot with Powershell.  Here we'll continue building out the script.   Cleaning Up Old Snapshots Anyone who's ever worked with regularly scheduled snapshots knows you need regularly scheduled cleanup or your AWS invoices will slowly creep up over time. I'll be filtering by Description to determine which snapshots do … Continue reading Snapshotting Windows EC2 Instances with Powershell – Part 2

Snapshotting Windows EC2 Instances with Powershell – Part 1

As you likely already know, there's isn't an option to schedule EC2 instance snapshots within the AWS console. A popular way to address this would be to use Boto3, AWS' SDK for Python.  However, it is also possible to initiate EC2 snapshots with Powershell. Why would you want to do this with Powershell?   Let's say … Continue reading Snapshotting Windows EC2 Instances with Powershell – Part 1