Posted on

Introduction to IAM in Google Cloud Platform (GCP)

Identity and access management (IAM) is one of the most important security controls in cloud infrastructure environments like GCP. Since nearly every action performed is an API call — including the provisioning, deprovisioning, and manipulation of resources — all a malicious actor needs to get into your environment is the wrong binding of a permission to the wrong identity, or alternatively, a compromised identity.

For this reason, it’s crucial to pay close attention to the permissions that grant access to resources in your GCP organization and make sure only the minimum number of permissions required to perform business functions are provided. In other words, you need to maintain least-privilege for all identities — both humans and services — at all times.

Posted on

AWS IAM Security Best Practices

While this blog post refers to AWS services, in particular, the best practices are mostly the same for any other IAM framework.

"Security is job zero."

When it comes to security in AWS, this is the de facto culture and standard.

Posted on

How to Create a Kubernetes Cluster on AWS With Jenkins and Spring Boot

Kuberntes cluster under construction.

In this article, we will set up an AWS environment to deploy a Dockerized Spring Boot application in a Kubernetes Cluster with the free tier EC2 instance in a few minutes. Kubernetes can be installed on AWS as explained in the Kubernetes documentation either using conjure-upKubernetes Operations (kops), CoreOS Tectonic or kube-aws. Out of those options, I found kops easier to use and it's nicely-designed for customizing the installation, executing upgrades and managing the Kubernetes clusters over time. 

You may also enjoy:  Creating an Affordable Kubernetes Cluster

Steps to Follow

  1. First, we need an AWS account and access keys to start with. Login to your AWS console and generate access keys for your user by navigating to Users/Security credentials page.
  2. Create an EC2 Instance with a t2.micro instance for managing the Kubernetes cluster.
  3. Create a new IAM user or use an existing IAM user and grant the following permissions to the newly-created EC2 Instance:        
AmazonEC2FullAccess
AmazonRoute53FullAccess
AmazonS3FullAccess
AmazonVPCFullAccess
AmazonIAMFullAccess