The ramblings of a computer geek
A simple example using AWS CloudFormation that creates an IAM User and then stores the user’s AccessKey and SecretKey within AWS Secrets Manager to get a hold of the value (which otherwise only exists once at creation). Assuming your user account has access to AWS Secrets Manager, you’ll then find it available here: Click “Retrieve … Read more
There is an available Palo Alto firewall NagiosXI check which utilises the REST API to obtain state information from the firewall, this includes things such as PSU and FAN health. The plugin uses an API Key to allow access but to ensure you only allow the minimal privileges’ to get the information you need please … Read more
A plugin has been developed to allow the monitoring of the status of VPN Tunnels on the Palo Alto Firewall. The script uses the Palo Alto Firewall API to access the relevant part of the API “tree” to find the status of the VPN Tunnel(s). You can find the current version of the plugin here: … Read more
When using with Terraform with Keeper Secrets Manager (KSM) a provider is needed to be configured, the Keeper documentation details how this can be configured. Keeper: Terraform Provider Documentation. However, a short version can be found below. https://docs.keeper.io/en/keeperpam/secrets-manager/integrations/terraform You need to have already created a Keeper Secrets Manager (KSM) profile which you can use for authentication, this … Read more
An Autonomous System Number (ASN) uniquely identifies a network or group of IP prefixes under a single administrative control that uses BGP to exchange routing information with other networks. Each ASN is used to tag routes in BGP so that routers can make loop-prevention and policy decisions. When two networks peer, they exchange routes with … Read more
Here’s a quick example of how you can use Terraform’s cidrsubnet function to streamline your use of IP Subnets and calculate a number of different subnets from a single CIDR range (or supernet). https://developer.hashicorp.com/terraform/language/functions/cidrsubnet Explaination The cidrsubnet function can be a bit weird when first looking at it. But we’re going to have an example … Read more
Firstly, a disclaimer. Although you can store values, specifically secrets (e.g. passwords) within Environment Variables so that you are not storing them in your Terraform template code there are better ways, for example by use of a formal Secrets Management solution. However, this article will show you how you can use Environment Variables to “safely” … Read more
We use IaC (Infrastructure as Code) for the deployment and management of all cloud (AWS) workloads to ensure we can manage and update infrastructure and applications that are deployed in the cloud rapidily and on an ongoing basis, while maintaining flexibility, security and availability. However issues may occur when changes are made using automated processes, … Read more
Although you should be using a keypair for SSH authentication (and not exposing to the Internet), if you’re working with a throw-away or test instance you might just need password authentication to be enabled. Here’s how! Open the SSH configuration file. Set the line “PasswordAuthentication” to “yes”. Save and close. Restart the SSH daemon with: … Read more
A potential scenario is to have a single Terraform template repository where you need to manage AWS resources across a number of different AWS Accounts. However, because each AWS Account is the edge of its authentication and authorisation profile, there is a need to be able cross this boundary within your Terraform to be able … Read more