Comments for Elastic Security

Comment on How-To: Copy an EBS-Backed AMI from one region to another one by Anand

Anand — Tue, 14 Feb 2012 00:06:07 +0000

A few small things to keep in mind for others using this outline
1. You can find out the kernel id to use by simply by using the Amazon console in case your base image was one of the standard ones provided by Amazon
2. You may see a few tar warnings – keep an eye out to see if there is anything strange there. It may be better to redirect the tar output to a file so that you can look through it later
3. It was (for me) a bit non trivial to determine the file system type. The default at this time appears to be ext3 for Amazon base images
Regards
/anand

Comment on How-To: Copy an EBS-Backed AMI from one region to another one by Anand

Anand — Mon, 13 Feb 2012 16:40:55 +0000

Happy to report that it all worked out – i had screwed up the file system specification (used ext4 instead of ext3)
Many thanks for this writeup.

Comment on AWS Policy Generator by momma mia

momma mia — Mon, 13 Feb 2012 16:16:58 +0000

very, very nice. thanks for all the help-ah. nice spaghetti for you.

Comment on How-To: Copy an EBS-Backed AMI from one region to another one by Anand

Anand — Mon, 13 Feb 2012 04:46:56 +0000

I somehow thought that the *base* AMI should have the same Kernel id initially. Thanks for correcting that point

Comment on How-To: Copy an EBS-Backed AMI from one region to another one by Anand

Anand — Mon, 13 Feb 2012 04:44:35 +0000

Hi Fred,
Thanks for the pointer. Actually, I forgot to mention that I had indeed tried the “Finding the right Kernel ID” step. Using the resultant Kernel id from the target did create the AMI but the instances launched from it failed the accessibility status check and I was unable to connect to it. Just to make sure I hadn’t made a mistake in following the steps outlined, i tried twice more with the same end result.
I will do some more investigation and report back

Comment on How-To: Copy an EBS-Backed AMI from one region to another one by Frederic Donnat

Frederic Donnat — Sun, 12 Feb 2012 17:28:35 +0000

Hi Anand, Thanks for sharing your experience with this procedure.

The above procedure relies on the base AMI having the same kernel id across regions

We apologize if we have not been clear enough, but this is NOT true. The kernel ID are NOT shared between AWS Region. It seems that you missed the part on "Find the right Kernel ID (AKI) for registering your EBS Backed AMI", which explains how to find the new kernel ID (AKI) in the target region. Before registering the new AMI as describe in Step 4, you have to find the right kernel ID in the target region. Hope this helps. /fred

Comment on How-To: Copy an EBS-Backed AMI from one region to another one by Anand

Anand — Sun, 12 Feb 2012 16:30:08 +0000

After spending a couple of days of trying to figure out why I was not able to use this process successfully, I discovered the issue.
Some background – I created an instance in Region A using the Amazon 64 bit Linux AMI. Installed a whole bunch of stuff on it over a couple of months before we decided we wanted to switch to region B. I created an AMI of my instance and I reached Step 4 of the outline above with no problems before i hit a wall
Turns out the base Amazon 64 bit Linux AMI in region A (off of which I had created my AMI) has a different kernel id from the 64 bit Linux AMI in region B. The above procedure relies on the base AMI having the same kernel id across regions …
If it is relevant – Region A above = ap-southeast-1 and region B = us-west-1.
you can do ec2-describe-images |and compare the 2 base images to see what I mean. Sigh – looks like i will have to rebuild from scratch

Comment on Read-Only Credentials For EC2 by momma mia

momma mia — Thu, 09 Feb 2012 18:03:18 +0000

nice, but cert part is missing as per http://giantdorks.org/alain/limited-permissions-for-aws-users-and-groups/

i think

Comment on Monitoring Tool: Amazon EC2 plugins for Nagios by scottwilkerson

scottwilkerson — Sat, 21 Jan 2012 20:43:58 +0000

Or use the new Nagios XI in the cloud
http://labs.nagios.com/2012/01/20/using-nagios-xi-in-amazon-ec2-cloud/

Comment on Most annoying and at the same time most loved feature of Elastic Detector by Elastic Security: Vulnerability Assessment « Elastic Security

Elastic Security: Vulnerability Assessment « Elastic Security — Tue, 22 Nov 2011 16:32:11 +0000

[...] security is considered boring (as shown in one of our previous posts on Open Ports Check), I take this opportunity to give some explanation on the recent Security Features that have been [...]