The Guardian utilizes Amazon Web Services (AWS) for most of the administrations behind the site and substance administration frameworks. We're always endeavoring to enhance our security practices thus we've chosen to receive an approach of scrambling everything that we can as a matter of course. AWS administrations make this simple when utilizing S3 containers, Dynamo tables, RDS occasions or EBS volumes. One eminent special case is that encoding the root volume of EC2 examples is non inconsequential.
Changing to encode our root volumes implied changing how we make and circulate the Amazon Machine Images (AMIs) that we make. Our past approach was to heat the greater part of our AMIs in a solitary AWS account (utilizing our in house preparing instrument AMIgo) and after that give authorization for the majority of our different records to utilize them. Nonetheless, encoded AMIs must be utilized as a part of the record where they were made (as that is the place the encryption key is) so we presently need to make individual scrambled AMIs in each record that needs to utilize it.
We made a lambda work (called Image Copier) in each record that terminated at whatever point another AMI was made by AMIgo. The lambda is straightforward: it makes a scrambled duplicate of the AMI in the nearby AWS record and after that add labels to the new AMI to show the AMI from which it was replicated.
This straightforward depiction precludes various subtle elements that are expected to make this work.
As a matter of first importance, keeping in mind the end goal to duplicate an AMI alternate AWS account must be offered consent to both dispatch the AMI and furthermore get to the EBS depiction related with the AMI. We utilize Hashicorp's Packer to prepare AMIs and we expected to update the form we were utilizing to a later form that has bolster for preview authorizations (see this PR).
Also, labels related with an AMI are not noticeable from different records thus they are not duplicated with the AMI. We require the labels to monitor the personality of each picture. To keep them we incorporated the arrangement of labels on the SNS point that was utilized to trigger the Lambda. Notwithstanding the current labels we likewise added two new labels: Encrypted and CopiedFromAMI. These show that the AMI has an encoded root volume and the ID of the first AMI it was replicated from.
Thirdly, we would prefer not to make a scrambled duplicate of each picture that AMIgo heats in each record that contains the Image Copier lambda. To unravel this, every formula in AMIgo has a rundown of target accounts and these are likewise sent in the message on the subject. At the point when an Image Copier lambda gets a message it hopes to check whether it is in a record that is recorded in the message. On the off chance that so it will make a scrambled duplicate, else it will overlook the message.
At long last, it merits saying that we utilized AWS CloudFormation StackSets to convey this Lambda capacity to the greater part of our records so we didn't have to do it by hand and can without much of a stretch refresh it later on.
You can discover the source code for AMIgo and Image Copier in our GitHub store.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.