AWS IAM roles provide a way to supply your applications running on AWS infrastructure with the credentials they need to access other AWS resources without having to worry about managing access keys. When you have a single application per EC2 instance, everything "just works", but things get a bit more complex when you start throwing containers in the mix, especially with PHP.
I run a piece of software which is replicated across two machines and shares information via multicast. I noticed after performing some updates that information only seemed to be flowing in one direction, so thought I'd share the details of what ended up being wrong for the next person to run into the same problem.
While reviewing the logs of my OpenVPN server recently, I noticed a series of suspicious looking entries that indicated that it was being used as part of a UDP reflection attack. Thankfully this is pretty straightforward to block using the built in functionality of OpenVPN and/or firewall software such as nftables. I'll cover both approaches here.
Enabling multi-factor authentication (MFA) is one of the single most effective steps you can take to protect your online accounts against unauthorised access. Combining something you have (a device or smartcard) or something you are (biometrics) with something you know (your password) ensures that if your password falls into the hands of an attacker, whether through a security breach, malware, or brute force guessing, then they still won't be able to get access to your account.
AWS X-Ray is an application monitoring tool by Amazon Web Services that allows you to get an insight into how your applications are performing in production. It also allows you to see how your applications interact with each other, with external services, and with some of AWS' own services. All that's required is to add some instrumentation code at key points in your application. Despite lack of official support, it can be used with PHP.
