Archive

Archive for the ‘Amazon Web Services’ Category

Managing AWS-hosted VMs using EC2 Systems Manager

May 30, 2017 Leave a comment

I’ve been doing a lot of work recently with Linux VMs that are hosted on Amazon Web ServicesEC2 service. As part of this work, I’ve been working on two problems in parallel:

  • Enabling automation of certain management commands for the VMs
  • Securing SSH

Part of the issue was that I thought I needed to have SSH available to enable remote administration. If that was true, I also needed to secure SSH access so that I could use it and malicious third parties couldn’t. However, whatever method I chose also needed to be easily accessible to my team so that they could access the AWS-hosted VMs in case of an emergency where I wasn’t available.

I went through a few iterations of SSH solutions, including investigating multi-factor authentication and setting up SSH bastions. In the end though, I discovered a surprising solution that fixed both of my problems: AWS’s EC2 Systems Manager

Systems Manager allowed me to do the following:

  1. Manage my Linux VMs on EC2 without using SSH
  2. Block SSH access on my Linux VMs
  3. Run commands on multiple VMs at once
  4. Create a library of frequently used tasks and run those commands without needing to re-enter the scripts used to run those tasks.
  5. Not spend extra money on a management solution because AWS makes Systems Manager available at no cost to AWS customers.

For more details, please see below the jump.

Read more…

Using IAM roles on Amazon Web Services to generate temporary credentials for EC2 instances

April 27, 2017 Leave a comment

While working on a project involving Amazon Web Services, I ran across the concept of being able to use temporary credentials with AWS’s Command Line Interface (awscli) tool. When using the awscli tool, it is necessary to provide authentication credentials so that the aws tool is able to authorize its actions with AWS. When running the awscli tool on an EC 2 instance, AWS has provided a way to get temporary authentication credentials on demand, through the use of IAM roles.

In my research on the topic, I found a lot of posts showing how to use temporary credentials, but not a lot of information on how to set up the needed IAM roles. After some additional research, in addition to trial and error, I was able to figure out the IAM role setup process. For more details, see below the jump.

Read more…

Categories: Amazon Web Services, Linux

S3 server side encryption not supported with Jamf Pro cloud distribution points

April 23, 2017 Leave a comment

As part of a project I’m working on, I needed to set up a cloud distribution point for a Jamf Pro server in Amazon Web Services. AWS -hosted cloud distribution points use a bucket in Amazon’s S3 service to store the files hosted by the distribution point. To help secure the S3 bucket, I enabled S3 server-side encryption. This encryption provides data at rest protection for files stored in a S3 bucket and is managed by Amazon’s S3 service.

Once that security was enabled, I was unable to then upload either installer .pkgs or .dmgs to the S3 bucket associated with the cloud distribution point using any of the following methods:

The unusual part was that the installer would look like it would upload and appear as a valid package when viewed from the Jamf Pro web console.

Screen Shot 2017 04 23 at 12 19 02 PM

Screen Shot 2017 04 23 at 12 19 23 PM

However, if I viewed the S3 bucket from the AWS console, the actual installer files would not be present in the S3 bucket.

Encrypted CDP S3 bucket

For more details, see below the jump.

Read more…

Creating a Jamf Pro Cloud Distribution Point using Amazon Web Services

March 7, 2017 3 comments

In a number of environments, Mac admins are transitioning from hosting their Mac-supporting services in on-site datacenters to now hosting them with various cloud service providers. These service providers can include Jamf Cloud, Amazon Web Services, Akamai or Rackspace.

For Mac admins using Jamf Pro, one way to start this transition is to use a Cloud Distribution Point (CDP). This allows a Jamf Pro server to use several specific cloud services’ content delivery networks to host installers and (if applicable) in-house developed applications and eBooks.

For my own needs, I was looking into setting up a CDP on Amazon Web Services (AWS). Jamf provides some documentation on how to set a CDP up with AWS, but doesn’t provide specific guidance. After some research and testing though, I was able to figure out the process for Jamf Pro 9.97x. For more details, see below the jump.

Read more…

%d bloggers like this: