Amazon Web Services – Managing AWS Test and Production Environments

What is the best practice for separating production and test environments in AWS?

I can think of 2 options (suppose my website calls: blue-sky.com)

  1. Create 2 AWS accounts: blue-sky and test-blue-sky (Create a test user under a test account and a producing user under a product account).

  2. Create 1 AWS account: blue-sky. Create 2 users, Prod and Test. The test user has access to the test servers and the prod user has access to the production servers.

What is better? An alternative approach?


The two scenarios above have the same drawback. Suppose our release manager has access to both the test and production servers. He wants to blow up a test server, since he has identification information for both environments, he logs in mistakenly with the product identification information and deletes the production server. .

Amazon Web Services – Removing and then reinstalling Anaconda on an AWS Ubuntu Deep Learning EC2 instance and unable to enter in-depth learning environments

I just set up an Ubuntu Deep Learning AMI EC2 instance. I am a beginner on AWS / Packet Processing.

My goal is to use the instance to run a Python deep learning script. This script uses a variety of packages.

When installing some of these packages with conda, an error has occurred indicating inconsistencies in the environment for more than 100 packages. After several attempts to solve this problem, I thought that removing Anaconda and reinstalling it could do the trick. After that, I realized that I had perhaps further spoiled my instance. I can no longer use the predefined deep learning environments for which the AMI has been configured because they have been accessed using conda commands, which seems to have been removed (IMO).

I've tried repeating the commands, but I get an error stating that these environments no longer exist. A tutorial using these commands is mentioned here:
https://docs.aws.amazon.com/dlami/latest/devguide/tutorial-conda.html

active source tensorflow_p36

I was expecting the above to enter the tensorflow_p36 environment. A sin:

(tensorflow_p36) ubuntu @ ip-172-31-45-96: ~ / scripts

However, this gives an error message:

impossible to find the environment: tensorflow_p36

I realize that the uninstallation of conda was a major rookie error that seems to have totally disabled my instance. If anyone has any ideas to get it back, it would be very appreciated!

thank you so much

development process – How to manage environment variables, settings and secrets for local environments, CIs and services deployed?

What do people use to manage environment variables, settings and secrets?
I have a full stack application using terraform. So, I'm dealing with:

  • Build a shadow-cljs project, inject env vars for auth keys, backend, google API,
  • Running a main service that requires API keys and database identification information
  • Management of CIs that need to access parameters and secrets for versions and deployment
  • Terraform management that requires input variables for the configuration of my terraform as well as outputs sent to other services (eg, frontend and backend)
  • Develop locally where I need to access these variables, parameters and secrets to some extent

Right now, I've hacked a combination of:

  • Terraform transmits vars, parameters and secrets to services such as the backend
  • Set env vars in my CI with the help of their environment variables store
  • Extract env de vars terraform outputs when necessary for construction and deployment.

Ideally, I would like to manage all this centrally. What have people used in the past to consolidate all this?

Vulnerability – What intrusion test tools can be used in agile and CI environments?

Since I have different projects, with different development environments, it is obviously important for me to use the penetration tools that I use.

Projects:

Project 1 is a pure Web project that is only used by a client. (vulnerability scanner?)

Project 2 is a pure web project, with Internet connection (vulnerability scanner?)

Project 3 an old "bone" based on Java Swing

It would be important for me:

  • Can be easily integrated into a CI job
  • The tool has a good test environment with many ready-made options (OpenVAS has a database of 25,000 here)
  • Always up to date
  • Open source preference

In particular, the latest project that works in the Java Swing environment requires me to test it also on the Security Crash Test.

Do you have corresponding experiences:

  • opensource solutions
  • Integration into an agile test process
  • Good to very good result in the field of vulnerability analysis

Is there a technical security standard for Internet test environments?

We have a number of test environments continuously connected to the Internet to accommodate external and automated testers with dynamic IP addresses. While we periodically check for server security vulnerabilities, we found that servers were indexed by Google and other search engines. This led to a situation where customers were clicking on search engine links and trying to take advantage of the UAT environment for businesses. We have put in place a few checks now to make sure that this will not happen again, but to avoid future mistakes, I hoped that a complete standard would be available, for example,

  1. Make sure search engines do not visit sites using:
    Robots.txt or other meta tags
  2. Clearly mark UAT environments as different from Prod environments
  3. Etc …

Is there a checklist / standard available for this specific use case?

Exploit development on Windows environments

I have seen many exploits of Poc exploit this line, but I wonder how people use this method with the help of the immunity debugger or do we have to reverse the windows? is there a way to do this using mona or a simple way?

# Return Address for Windows 7 32b SP1
ret = & # 39;  x25  xDF  xB8  x68 & # 39;

vpn – Secure API access with mobile apps in tight environments

In our current project, computer rules prohibit anything that is not PROD from being accessible to the public from the Internet. Access to development and revision environments must be severely limited. That said, the project also includes mobile apps developed with the cloud-hosted API layer.

In a very general way, what are the common approaches to securing DEV / REVIEW APIs with mobile applications? We had the following ideas:

  • IP whitelist on the entry in the API (less safe, but the easiest to use)
  • VPN gateway to the hosting environment, with the corresponding configuration of DEV devices / test
  • TLS mutual authentication (the most difficult to implement and exploit)

There are many issues to be addressed with each of the approaches, but I would like to understand the big picture before diving into these issues.

Thanks in advance!

magento2 – How to restore deleted Magento Cloud environments by GitHub integration?

I followed the instructions to set up a GitHub integration with my Magento Cloud Pro project. This project has not been put into production yet, but has been in development for several months and therefore has 1k + commits. I took a snapshot of my integration environment and ran the command as shown:

magento-cloud integration: add --type = github - project ...

There were additional prompts that appeared after the run, with what appeared to be reasonable flaws, that I accepted.

Build pull requests (--build-pull-request)
Build each extraction request as the environment? [Y|n] 

Build the extraction requests after the merge (--build-pull-requests-after the merge)
Create extraction requests based on their post-merge status? [y|N] 

Clone data for extraction requests (--pull-request-clone-parent-data)
Clone the data from the parent environment for extraction requests? [Y|n] 

Search branches (--fetch-branches)
Extract all the branches of the remote control (as inactive environments)? [Y|n] 

Branches of prunes (--prune-branches)
Delete branches that do not exist on the remote? [Y|n] 

After the last question, he created a web link and created the integration.

Oh, so he removed all my environments outside of Control, Production, and Staging.

Goodbye goodbye

I guess that's the last message that got me messed up --prune-branches. Shame on me for not thinking about what it could do (Note: this option is not documented in the instructions).

What can I do to restore these environments?

Unlike the removal of an environment via the Magento Cloud GUI, it seems that faded away. They are not there and disabled.

7 – Links in scene environments are absolute and send users in a real environment

This problem has been driving crazy for years.
Whenever I create a scene environment of a site, I copy the database from the production site. Some of the links in it – whether in menus, in content or in code – are absolute paths in the production site.
I therefore have links that lead users from one environment to another.

I've been looking for a way to change this behavior.
so any link like
live-environment.com/some-page —-> stage-environment.com/some-page

I do not care if this will happen before rendering or just after the click. the end result will be that the user stays in the scene environment.

How can I do this? (drupal 7)

thanks a lot for your help

devops – Best Practices for Active Directory Management in Development, Quality Assurance, UAT and Production Environments

Long-time auditor, first caller. I've recently been promoted to my first position as a Systems Analyst – and I'm very excited, if it's a little green.

My company has just launched a new internal application on which our development team has been working for a few years, before my arrival.

Now that the application and integrations have been published in the production environment, the DevOps team is restructuring the CI / CD pipeline to make sure that every environment is protected by a firewall. We have Dev, QA, UAT and Prod environments.

Developers insist that everything be written in scripts, so that environments can be destroyed and developed as needed. Of course, all non-producing environments must imitate as much as possible the environment of the environment. Currently, Active Directory services are structured as a single forest, a single domain.

Our common concern is that – when creating the environment, including AD elements (eg, user accounts, service accounts, security groups, and distribution groups) – we could inadvertently cause an unwanted change to our unique AD, which of course is responsible for all production authentication (users, computers, etc.).

My question: What are the best practices for DevOps teams in terms of architecture, management and isolation of Active Directory across multiple environments? Should we create another forest, with a relationship of trust? Or maybe a child domain in the existing forest? Or something totally different?

If all environments are unique – that is, they are protected by a firewall and isolated from each other, but they are all isolated from their isolation to have a "point of contact" in a single AD, how is it better managed?

Looking forward to any guidance, and yes – I'm interested in Google / looking regardless of my question here. I thought this community could be a good place to continue my research.

Please – if I have not provided the necessary information to answer the question correctly, let me know.

Thanks in advance.