amazon web services - Prevent an elastic beanstalk app being downloaded using the AWS account? -


short background, we're small business our clients larger businesses. have software subscribe deployed aws elastic beanstalk. clients have own devops teams, unlike us, , need manage of technical support. need access aws account running software, can things reboot server, clear database if screw up, change ec2 instance type etc. ok want prevent software being downloaded outside of aws account.

the software java war running on tomcat, on single elastic beanstalk instance. care limiting access war file (not database example).

the beanstalk application versions page appears have no way download war file - good. ssh underlying ec2 instance though presumably copy war out of tomcat directory. given complexity of aws there's other ways access war file (e.g. clone ebs volume , attach ec2 instance).

i assume machine instances available purchase via aws marketplace must have form of copy protection i've not been able find details on this. looks aws accepts marketplace vendors larger us, marketplace option may not open us.

any idea how prevent access war file running on elastic beanstalk while still allowing client access aws account? (or @ least make access hard).

the solution comes mind be, removing ec2 ssh key pairs account, , denying them access ec2:createkeypair. really, need doing granting them least privilege access account, is, granting them access actions absolutely need.

this go long way, sufficient knowledge of aws, it's going uphill battle trying ensure give them enough access need, while not giving them more want. i'd question if legal option (like contracts, licenses, etc) better protection this.


Comments

Post a Comment

Popular posts from this blog

resizing Telegram inline keyboard -

telegram's inline keyboard great feature lots of different use cases. inline buttons added list of items this: inline_keyboard = [[inlinekeyboardbutton(text="button", callback_data="button"), inlinekeyboardbutton(text="reset",callback_data="reset")]] inline_keyboard_markup = inlinekeyboardmarkup(inline_keyboard) update.message.reply_text("hi", reply_markup=inline_keyboard_markup) the above code adds 2 buttons each half width of chat screen. i know the normal keyboard button there resize_keyboard parameter somehow can used. my question is there way resize inline buttons ? example make full width or quarter width. unfortunately, can't now. :( you can suggest @botsupport , might add feature next version.
Read more

command line - How can a Python program background itself? -

consider following python command-line program. doesn't work because incomplete, think illustrates problem: #!/usr/bin/python3 import multiprocessing pool = multiprocessing.pool() task in expensive_iterator_with_user_interaction(): pool.call_async(expensive_computation, (task,)) pool.close() print("dear user, may press ctrl-z , bg script.") pool.join() thus, problem scripts needs user input while it's launching expensive parallel processes. there moment when user interaction not needed anymore. then, ask user background process shell actions. however, can achieved program itself? (side note: core of problem entanglement of user input firing “expensive computations”. therefore, cannot separate both in 2 scripts, , letting 1 spawning other daemon.) the command screen may you. use screen -l create new session , run application. after inputting data, can press " ctrl-a " , press " d " on keyboard detach session. now
Read more

php - "cURL error 28: Resolving timed out" on Wordpress on Azure App Service on Linux -

Image
my wordpress installation on azure app service on linux using custom docker container has slow response times. pages take around 20-40 seconds load. i have troubleshooting plugin installed indicates problem "curl error 28: resolving timed out after n milliseconds" when making requests following urls https://api.wordpress.org/core/version-check/1.7/ http://api.wordpress.org/core/version-check/1.7/ https://api.wordpress.org/plugins/update-check/1.1/ http://api.wordpress.org/plugins/update-check/1.1/ https://api.wordpress.org/themes/update-check/1.1/ http://api.wordpress.org/themes/update-check/1.1/ curl works fine on scm-site command line. example works ok. curl -x post http://api.wordpress.org/core/version-check/1.7/ edit if ssh container , run php code, works fine. <?php $url = 'http://api.wordpress.org/core/version-check/1.7/'; $fields = array( 'version' => urlencode('4.8.1'), 'php' => urlencode(
Read more