A *functional* container that requires MFA code on every call and runs a script | by Teri Radichel | Cloud Security | November 2023

esteria.white

ACM.385 Operate the container with the new directory structure in a local network to deploy resources to AWS

Part of my series on Automation of cybersecurity measures. AWS Organizations. I AM. Deploy a static website. THE Coded.

Free content on Cybersecurity Jobs | Register at Broadcast list

In recent articles, I’ve talked about restricting the encryption algorithm used when creating EC2 key pairs to reduce the chance of an attack on SSH due to a recently announced vulnerability.

Before this I was trying to get my container working which requires MFA for deployments in a private network that assumed a role in an account in another organization in a different region. The results were very confusing at first due to inaccurate error messages. So I had to reverse engineer to figure out what was actually happening. I kind of made it work, but not completely or ideally.

In this article, I want my deployment container to work completely and run scripts without delays or public IPs.

Rearrange and rerun root scripts in Cloud Shell

I’m going to go ahead and run my root script that I was testing earlier in Cloud Shell in the remote account, but this time in my local account using the root user. I need to make sure everything is deployed to root admin in this account before continuing.

There is one change I want to make while going through this.

  • I just want deploy the rootadmin user and policy scripts with the root user.
  • I will deploy organization with rootadmin user.

I split this code into two scripts and now have a much simpler script in the root folder:

deploy/root/deploy_rootadmin.sh

Leave a comment