Home - Advanced Web Machinery

AWS

Terraform

RDS

How to remove the RDS master user password from the Terraform state

The Terraform state file usually does not contain sensitive data. When you create a Lambda function, it will contain its configuration, its ARN, the configured role, and the appended policies, but nothing that would constitute sensitive information. This is because Lambda uses process-based credentials, so when the Lambda function needs access to protected resources, the Lambda service generates temporary credentials based on the IAM role. So if somebody gets access to the Terraform state file, they only get some insight into the infrastructure but nothing that would compromise security.

Continue reading →

Author's image

Tamás Sallai

22 June 2022

AppSync

IAM

How IAM permissions work with AppSync

AppSync follows most other AWS services in terms of how it gets permissions to use resources in an account. By default, it can not access anything and you need to configure IAM policies to allow it access.

Continue reading →

Author's image

Tamás Sallai

15 June 2022

AWS

RDS

Terraform

How to set up Amazon RDS password rotation with Terraform

When you create an RDS cluster you need to define a username and a master password. This is not a problem when a trusted person is using the Console to type it manually, but it is a problem when you use Terraform as in that case the state file contains the password in plain text:

Continue reading →

Author's image

Tamás Sallai

07 June 2022

Syncthing

How to monitor Syncthing

Syncthing is an awesome way to keep files synchronized between devices. It is designed to run in the background, so you configure it once and then forget about it. Which is great, but what happens when there is an error and synchronization stops? That’s where monitoring comes into play.

Continue reading →

Author's image

Tamás Sallai

03 June 2022