Fun with Subnets in Terraform (with AWS)

Here’s a quick example of how you can use Terraform’s cidrsubnet function to streamline your use of IP Subnets and calculate a number of different subnets from a single CIDR range (or supernet). https://developer.hashicorp.com/terraform/language/functions/cidrsubnet In this particular example I have a /22 network, 10.192.36.0/22 which I want to split into two /24 subnets, one for … Read more

Storing Values (e.g. Secrets) in Environment Variables with Terraform

Firstly, a disclaimer. Although you can store values, specifically secrets (e.g. passwords) within Environment Variables so that you are not storing them in your Terraform template code there are better ways, for example by use of a formal Secrets Management solution. However, this article will show you how you can use Environment Variables to “safely” … Read more

AWS Web Application Firewall (WAF) – Reconciling AWS Firewall Manager Applied WebACL to CloudFront Distribution

We use IaC (Infrastructure as Code) for the deployment and management of all cloud (AWS) workloads to ensure we can manage and update infrastructure and applications that are deployed in the cloud rapidily and on an ongoing basis, while maintaining flexibility, security and availability. However issues may occur when changes are made using automated processes, … Read more

AWS EC2 Instance Swap to Password Authentication

Although you should be using a keypair for SSH authentication (and not exposing to the Internet), if you’re working with a throw-away or test instance you might just need password authentication to be enabled. Here’s how! Open the SSH configuration file. Set the line “PasswordAuthentication” to “yes”. Save and close. Restart the SSH daemon with: … Read more

Unable to Remove ProxyAddress from Non-Mail Enabled (Non-Exchange Online) User (in Microsoft 365)

We have a user which has somehow added a proxyAddress (an email address to their account) but they don’t have an Exchange Online mailbox, and seemingly never have. Microsoft says the following about it from this article: An example of the problem can be seen below, as you can see the object on the right has … Read more

AWS CloudFront Security Group for Workload Protection (Terraform)

AWS CloudFront allows you to front your application (be it on EC2 instances or REST API etc.) so you can provide high availability, caching and protection (with WAF) to the workload. When configuring your application, you don’t want the application to be directly accessible without using CloudFront, so therefore you need to add some restrictions, … Read more

Removing AWS Route Table Routes

Here’s a little oddity with AWS Route Tables within Terraform, if you want to remove all of the routes in a route table, you can’t just delete or comment them out, otherwise it treats them as if nothing has changed. See the below example, you comment/remove the routes, then in its place add a blank … Read more

FYDIBOHF23SPDLT

Even after designing, deploying and supporting Microsoft Exchange servers for longer than I choose to remember, I stumbled across something I never knew before yesterday; and that was why something was named the way it was. In Exchange 2007, Microsoft decided to remove the concept of “Administrative Groups”, however they needed to retain administrative groups … Read more