SlideShare a Scribd company logo
1 of 22
Download to read offline
Communit
y
AWS Community
AWS RDS Data API and CloudTrail
Who drop the Table?
Vladimir Cageyv Samoylov
AWS Community
Key Takeaway
- Utilize AWS RDS Data API for secure database access and operations
- CloudTrail for auditing and activity monitoring
- Investigating incidents and preventing unauthorized access
- PostgreSQL Auditing (pgAudit) extension
AWS Community
Key Services
Amazon Aurora PostgreSQL CloudTrail
Vladimir Samoylov
CTO & Principal Consultant @FivexL
Founder @ZoJump
https://cageyv.dev/
The Story
AWS Community
Who did that?
-- Initial intended transfer
INSERT INTO transactions (from_account, to_account, amount, date)
VALUES ('12345', '67890', 100, '2024-02-12');
-- Attacker's transfer
INSERT INTO transactions (from_account, to_account, amount, date)
VALUES ('67890', 'attacker_account', 100, '2024-02-12');
-- Obscure the transaction
UPDATE transactions
SET from_account = 'unknown', to_account = 'unknown'
WHERE id = (SELECT MAX(id) FROM transactions);
-- Drop the audit_logs table
DROP TABLE audit_logs;
AWS Community
PostgreSQL Auditing (pgAudit) extension
More info:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.pgaudit.html
AWS Community
Database Logs. Notifications
...
2024-02-12 19:09:49 UTC:...:john_doe@postgres:[11701]:LOG: AUDIT:
OBJECT,1,1,READ,UPDATE,TABLE,public.transactions,UPDATE transactions SET
amount = amount - 100 WHERE from_account = '12345' AND to_account = '54321';
...
More info:
https://aws.amazon.com/blogs/database/build-proactive-database-monitoring-for-amazon-rds-with-amazon-cloudwatch
-logs-aws-lambda-and-amazon-sns/
Who was the “john_doe”?
AWS Community
"Action": ["rds-db:connect"],
"Resource":
["arn:aws:rds-db:us-west-2:1234567890:db:db-ABCDEFGHIJKL01234/john_doe"]
CREATE USER john_doe;
GRANT rds_iam TO john_doe;
export RDSHOST="db.1234567890.us-west-2.rds.amazonaws.com"
export PGPASSWORD="$(aws rds generate-db-auth-token --hostname
$RDSHOST --port 5432 --region us-west-2 --username john_doe )"
IAM database authentication
More info:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAM.html
AWS Community
AWS Session Manager and Bastion Hosts
More info:
https://aws.amazon.com/blogs/mt/implementing-aws-session-manager-logging-guardrails-in-a-multi-account-environme
nt/
AWS Community
AWS RDS Proxy for IAM authentication
More info:
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy.html
AWS Community
Turn on the Enhanced Logging feature of RDS Proxy. Logging gives detailed
information about the SQL statements. These logs are a useful resource to help
you understand certain authentication issues. Because this adds to performance
overhead, it's a best practice to turn them on only for debugging. To minimize
overhead, RDS Proxy automatically turns this setting off 24 hours after you turn it
on.
RDS Proxy limitations
More info: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy-setup.html
AWS RDS Data API
AWS Community
AWS RDS Data API Use Cases
More info:
https://aws.amazon.com/blogs/database/using-the-data-api-to-interact-with-an-amazon-aurora-serverless-mysql-databa
se/
AWS Community
Query Editor for Amazon Aurora
More info: https://aws.amazon.com/blogs/database/using-the-data-api-to-interact-with-an-amazon-aurora-serverless-mysql-database/
AWS Community
Logging RDS Data API calls with AWS CloudTrail
More info: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/logging-using-cloudtrail-data-api.html
"userIdentity": {
"arn": "arn:aws:iam::123456789012:user/johndoe"
},
"eventTime": "2024-02-14T00:49:34Z",
"eventSource": "rdsdataapi.amazonaws.com",
"eventName": "ExecuteStatement",
"awsRegion": "us-west-1",
"sourceIPAddress": "3.126.2.15",
"userAgent": "aws-cli/1.16.102 Python/3.7.2 Windows/10 botocore/1.12.92",
"requestParameters": {
"resourceArn": "arn:aws:rds:us-west-1:123456789012:cluster:db",
"sql": "UPDATE transactions SET amount = amount - 100 WHERE
from_account = '12345' AND to_account = '54321"},
AWS Community
Logging RDS Data API calls with AWS CloudTrail
More info: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/logging-using-cloudtrail-data-api.html
"userIdentity": {
"arn": "arn:aws:iam::123456789012:user/johndoe"
},
"eventTime": "2024-02-14T00:49:34Z",
"eventSource": "rdsdataapi.amazonaws.com",
"eventName": "ExecuteStatement",
"awsRegion": "us-west-1",
"sourceIPAddress": "3.126.2.15",
"userAgent": "aws-cli/1.16.102 Python/3.7.2 Windows/10 botocore/1.12.92",
"requestParameters": {
"resourceArn": "arn:aws:rds:us-west-1:123456789012:cluster:db",
"sql": "UPDATE transactions SET amount = amount - 100 WHERE
from_account = '12345' AND to_account = '54321"},
AWS Community
SSO-Elevator (Just in Time Access)
More info: https://github.com/fivexl/terraform-aws-sso-elevator
AWS Community
Temporary Access to RDS Data API
More info: https://github.com/fivexl/terraform-aws-sso-elevator
AWS Community
Guard Duty RDS Protection
More info:
https://docs.aws.amazon.com/guardduty/latest/ug/rds-protection.html
Thank You
https://www.linkedin.com/in/vladimirsamoylov/

More Related Content

Similar to AWS RDS Data API and CloudTrail. Who drop the table_.pdf

Running Oracle Databases on Amazon RDS and Migrating to PostgreSQL (DAT307-R1...
Running Oracle Databases on Amazon RDS and Migrating to PostgreSQL (DAT307-R1...Running Oracle Databases on Amazon RDS and Migrating to PostgreSQL (DAT307-R1...
Running Oracle Databases on Amazon RDS and Migrating to PostgreSQL (DAT307-R1...Amazon Web Services
 
AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)
AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)
AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)Amazon Web Services
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceAmazon Web Services
 
Azure Data Factory for Redmond SQL PASS UG Sept 2018
Azure Data Factory for Redmond SQL PASS UG Sept 2018Azure Data Factory for Redmond SQL PASS UG Sept 2018
Azure Data Factory for Redmond SQL PASS UG Sept 2018Mark Kromer
 
Slides: Proven Strategies for Hybrid Cloud Computing with Mainframes — From A...
Slides: Proven Strategies for Hybrid Cloud Computing with Mainframes — From A...Slides: Proven Strategies for Hybrid Cloud Computing with Mainframes — From A...
Slides: Proven Strategies for Hybrid Cloud Computing with Mainframes — From A...DATAVERSITY
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusCloudera, Inc.
 
PASS 17: RDS SQL Server on Amazon Web Services Overview
PASS 17: RDS SQL Server on Amazon Web Services OverviewPASS 17: RDS SQL Server on Amazon Web Services Overview
PASS 17: RDS SQL Server on Amazon Web Services OverviewAmazon Web Services
 
AWS March 2016 Webinar Series - Building Big Data Solutions with Amazon EMR a...
AWS March 2016 Webinar Series - Building Big Data Solutions with Amazon EMR a...AWS March 2016 Webinar Series - Building Big Data Solutions with Amazon EMR a...
AWS March 2016 Webinar Series - Building Big Data Solutions with Amazon EMR a...Amazon Web Services
 
AWS October Webinar Series - Getting Started with AWS IoT
AWS October Webinar Series - Getting Started with AWS IoTAWS October Webinar Series - Getting Started with AWS IoT
AWS October Webinar Series - Getting Started with AWS IoTAmazon Web Services
 
AWSug.nl Data recap Jan 2023
AWSug.nl Data recap Jan 2023AWSug.nl Data recap Jan 2023
AWSug.nl Data recap Jan 2023Jacob Verhoeks
 
Supply Chain Data Lake - Kartik Medha AWS Chicago.pptx
Supply Chain Data Lake - Kartik Medha AWS Chicago.pptxSupply Chain Data Lake - Kartik Medha AWS Chicago.pptx
Supply Chain Data Lake - Kartik Medha AWS Chicago.pptxAWS Chicago
 
Big Data: Mejores prácticas en AWS
Big Data: Mejores prácticas en AWSBig Data: Mejores prácticas en AWS
Big Data: Mejores prácticas en AWSAmazon Web Services
 
re:Invent ARC307 - Serverless architectural patterns and best practices.pdf
re:Invent ARC307 - Serverless architectural patterns and best practices.pdfre:Invent ARC307 - Serverless architectural patterns and best practices.pdf
re:Invent ARC307 - Serverless architectural patterns and best practices.pdfHeitor Lessa
 
Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security Tom Laszewski
 
Seminario de Cloud Computing na UFRRJ
Seminario de Cloud Computing na UFRRJSeminario de Cloud Computing na UFRRJ
Seminario de Cloud Computing na UFRRJAlex Barbosa Coqueiro
 
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...Amazon Web Services
 
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Amazon Web Services
 
(ISM304) Oracle to Amazon RDS MySQL & Aurora: How Gallup Made the Move
(ISM304) Oracle to Amazon RDS MySQL & Aurora: How Gallup Made the Move(ISM304) Oracle to Amazon RDS MySQL & Aurora: How Gallup Made the Move
(ISM304) Oracle to Amazon RDS MySQL & Aurora: How Gallup Made the MoveAmazon Web Services
 
Serveless design patterns (VoxxedDays Luxembourg)
Serveless design patterns (VoxxedDays Luxembourg)Serveless design patterns (VoxxedDays Luxembourg)
Serveless design patterns (VoxxedDays Luxembourg)Yan Cui
 

Similar to AWS RDS Data API and CloudTrail. Who drop the table_.pdf (20)

Running Oracle Databases on Amazon RDS and Migrating to PostgreSQL (DAT307-R1...
Running Oracle Databases on Amazon RDS and Migrating to PostgreSQL (DAT307-R1...Running Oracle Databases on Amazon RDS and Migrating to PostgreSQL (DAT307-R1...
Running Oracle Databases on Amazon RDS and Migrating to PostgreSQL (DAT307-R1...
 
Big Data on AWS
Big Data on AWSBig Data on AWS
Big Data on AWS
 
AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)
AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)
AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
 
Azure Data Factory for Redmond SQL PASS UG Sept 2018
Azure Data Factory for Redmond SQL PASS UG Sept 2018Azure Data Factory for Redmond SQL PASS UG Sept 2018
Azure Data Factory for Redmond SQL PASS UG Sept 2018
 
Slides: Proven Strategies for Hybrid Cloud Computing with Mainframes — From A...
Slides: Proven Strategies for Hybrid Cloud Computing with Mainframes — From A...Slides: Proven Strategies for Hybrid Cloud Computing with Mainframes — From A...
Slides: Proven Strategies for Hybrid Cloud Computing with Mainframes — From A...
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
 
PASS 17: RDS SQL Server on Amazon Web Services Overview
PASS 17: RDS SQL Server on Amazon Web Services OverviewPASS 17: RDS SQL Server on Amazon Web Services Overview
PASS 17: RDS SQL Server on Amazon Web Services Overview
 
AWS March 2016 Webinar Series - Building Big Data Solutions with Amazon EMR a...
AWS March 2016 Webinar Series - Building Big Data Solutions with Amazon EMR a...AWS March 2016 Webinar Series - Building Big Data Solutions with Amazon EMR a...
AWS March 2016 Webinar Series - Building Big Data Solutions with Amazon EMR a...
 
AWS October Webinar Series - Getting Started with AWS IoT
AWS October Webinar Series - Getting Started with AWS IoTAWS October Webinar Series - Getting Started with AWS IoT
AWS October Webinar Series - Getting Started with AWS IoT
 
AWSug.nl Data recap Jan 2023
AWSug.nl Data recap Jan 2023AWSug.nl Data recap Jan 2023
AWSug.nl Data recap Jan 2023
 
Supply Chain Data Lake - Kartik Medha AWS Chicago.pptx
Supply Chain Data Lake - Kartik Medha AWS Chicago.pptxSupply Chain Data Lake - Kartik Medha AWS Chicago.pptx
Supply Chain Data Lake - Kartik Medha AWS Chicago.pptx
 
Big Data: Mejores prácticas en AWS
Big Data: Mejores prácticas en AWSBig Data: Mejores prácticas en AWS
Big Data: Mejores prácticas en AWS
 
re:Invent ARC307 - Serverless architectural patterns and best practices.pdf
re:Invent ARC307 - Serverless architectural patterns and best practices.pdfre:Invent ARC307 - Serverless architectural patterns and best practices.pdf
re:Invent ARC307 - Serverless architectural patterns and best practices.pdf
 
Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security
 
Seminario de Cloud Computing na UFRRJ
Seminario de Cloud Computing na UFRRJSeminario de Cloud Computing na UFRRJ
Seminario de Cloud Computing na UFRRJ
 
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...
 
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
 
(ISM304) Oracle to Amazon RDS MySQL & Aurora: How Gallup Made the Move
(ISM304) Oracle to Amazon RDS MySQL & Aurora: How Gallup Made the Move(ISM304) Oracle to Amazon RDS MySQL & Aurora: How Gallup Made the Move
(ISM304) Oracle to Amazon RDS MySQL & Aurora: How Gallup Made the Move
 
Serveless design patterns (VoxxedDays Luxembourg)
Serveless design patterns (VoxxedDays Luxembourg)Serveless design patterns (VoxxedDays Luxembourg)
Serveless design patterns (VoxxedDays Luxembourg)
 

Recently uploaded

Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸mathanramanathan2005
 
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.KathleenAnnCordero2
 
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory  affair 1st sem CRRINDIAN GCP GUIDELINE. for Regulatory  affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRsarwankumar4524
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxmavinoikein
 
Engaging Eid Ul Fitr Presentation for Kindergartners.pptx
Engaging Eid Ul Fitr Presentation for Kindergartners.pptxEngaging Eid Ul Fitr Presentation for Kindergartners.pptx
Engaging Eid Ul Fitr Presentation for Kindergartners.pptxAsifArshad8
 
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRachelAnnTenibroAmaz
 
Event 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxEvent 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxaryanv1753
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringSebastiano Panichella
 
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...Henrik Hanke
 
Early Modern Spain. All about this period
Early Modern Spain. All about this periodEarly Modern Spain. All about this period
Early Modern Spain. All about this periodSaraIsabelJimenez
 
Quality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for  RA (1ST SEMQuality by design.. ppt for  RA (1ST SEM
Quality by design.. ppt for RA (1ST SEMCharmi13
 
Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Escort Service
 
The Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationThe Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationNathan Young
 
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power
 
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...漢銘 謝
 
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC  - NANOTECHNOLOGYPHYSICS PROJECT BY MSC  - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYpruthirajnayak525
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
 
Genshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxGenshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxJohnree4
 
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comSaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comsaastr
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSebastiano Panichella
 

Recently uploaded (20)

Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸
 
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
 
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory  affair 1st sem CRRINDIAN GCP GUIDELINE. for Regulatory  affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptx
 
Engaging Eid Ul Fitr Presentation for Kindergartners.pptx
Engaging Eid Ul Fitr Presentation for Kindergartners.pptxEngaging Eid Ul Fitr Presentation for Kindergartners.pptx
Engaging Eid Ul Fitr Presentation for Kindergartners.pptx
 
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
 
Event 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxEvent 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptx
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software Engineering
 
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
 
Early Modern Spain. All about this period
Early Modern Spain. All about this periodEarly Modern Spain. All about this period
Early Modern Spain. All about this period
 
Quality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for  RA (1ST SEMQuality by design.. ppt for  RA (1ST SEM
Quality by design.. ppt for RA (1ST SEM
 
Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170
 
The Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationThe Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism Presentation
 
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
 
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
 
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC  - NANOTECHNOLOGYPHYSICS PROJECT BY MSC  - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation Track
 
Genshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxGenshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptx
 
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comSaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
 

AWS RDS Data API and CloudTrail. Who drop the table_.pdf

  • 1. Communit y AWS Community AWS RDS Data API and CloudTrail Who drop the Table? Vladimir Cageyv Samoylov
  • 2. AWS Community Key Takeaway - Utilize AWS RDS Data API for secure database access and operations - CloudTrail for auditing and activity monitoring - Investigating incidents and preventing unauthorized access - PostgreSQL Auditing (pgAudit) extension
  • 3. AWS Community Key Services Amazon Aurora PostgreSQL CloudTrail
  • 4. Vladimir Samoylov CTO & Principal Consultant @FivexL Founder @ZoJump https://cageyv.dev/
  • 6. AWS Community Who did that? -- Initial intended transfer INSERT INTO transactions (from_account, to_account, amount, date) VALUES ('12345', '67890', 100, '2024-02-12'); -- Attacker's transfer INSERT INTO transactions (from_account, to_account, amount, date) VALUES ('67890', 'attacker_account', 100, '2024-02-12'); -- Obscure the transaction UPDATE transactions SET from_account = 'unknown', to_account = 'unknown' WHERE id = (SELECT MAX(id) FROM transactions); -- Drop the audit_logs table DROP TABLE audit_logs;
  • 7. AWS Community PostgreSQL Auditing (pgAudit) extension More info: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.pgaudit.html
  • 8. AWS Community Database Logs. Notifications ... 2024-02-12 19:09:49 UTC:...:john_doe@postgres:[11701]:LOG: AUDIT: OBJECT,1,1,READ,UPDATE,TABLE,public.transactions,UPDATE transactions SET amount = amount - 100 WHERE from_account = '12345' AND to_account = '54321'; ... More info: https://aws.amazon.com/blogs/database/build-proactive-database-monitoring-for-amazon-rds-with-amazon-cloudwatch -logs-aws-lambda-and-amazon-sns/
  • 9. Who was the “john_doe”?
  • 10. AWS Community "Action": ["rds-db:connect"], "Resource": ["arn:aws:rds-db:us-west-2:1234567890:db:db-ABCDEFGHIJKL01234/john_doe"] CREATE USER john_doe; GRANT rds_iam TO john_doe; export RDSHOST="db.1234567890.us-west-2.rds.amazonaws.com" export PGPASSWORD="$(aws rds generate-db-auth-token --hostname $RDSHOST --port 5432 --region us-west-2 --username john_doe )" IAM database authentication More info: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAM.html
  • 11. AWS Community AWS Session Manager and Bastion Hosts More info: https://aws.amazon.com/blogs/mt/implementing-aws-session-manager-logging-guardrails-in-a-multi-account-environme nt/
  • 12. AWS Community AWS RDS Proxy for IAM authentication More info: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy.html
  • 13. AWS Community Turn on the Enhanced Logging feature of RDS Proxy. Logging gives detailed information about the SQL statements. These logs are a useful resource to help you understand certain authentication issues. Because this adds to performance overhead, it's a best practice to turn them on only for debugging. To minimize overhead, RDS Proxy automatically turns this setting off 24 hours after you turn it on. RDS Proxy limitations More info: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy-setup.html
  • 15. AWS Community AWS RDS Data API Use Cases More info: https://aws.amazon.com/blogs/database/using-the-data-api-to-interact-with-an-amazon-aurora-serverless-mysql-databa se/
  • 16. AWS Community Query Editor for Amazon Aurora More info: https://aws.amazon.com/blogs/database/using-the-data-api-to-interact-with-an-amazon-aurora-serverless-mysql-database/
  • 17. AWS Community Logging RDS Data API calls with AWS CloudTrail More info: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/logging-using-cloudtrail-data-api.html "userIdentity": { "arn": "arn:aws:iam::123456789012:user/johndoe" }, "eventTime": "2024-02-14T00:49:34Z", "eventSource": "rdsdataapi.amazonaws.com", "eventName": "ExecuteStatement", "awsRegion": "us-west-1", "sourceIPAddress": "3.126.2.15", "userAgent": "aws-cli/1.16.102 Python/3.7.2 Windows/10 botocore/1.12.92", "requestParameters": { "resourceArn": "arn:aws:rds:us-west-1:123456789012:cluster:db", "sql": "UPDATE transactions SET amount = amount - 100 WHERE from_account = '12345' AND to_account = '54321"},
  • 18. AWS Community Logging RDS Data API calls with AWS CloudTrail More info: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/logging-using-cloudtrail-data-api.html "userIdentity": { "arn": "arn:aws:iam::123456789012:user/johndoe" }, "eventTime": "2024-02-14T00:49:34Z", "eventSource": "rdsdataapi.amazonaws.com", "eventName": "ExecuteStatement", "awsRegion": "us-west-1", "sourceIPAddress": "3.126.2.15", "userAgent": "aws-cli/1.16.102 Python/3.7.2 Windows/10 botocore/1.12.92", "requestParameters": { "resourceArn": "arn:aws:rds:us-west-1:123456789012:cluster:db", "sql": "UPDATE transactions SET amount = amount - 100 WHERE from_account = '12345' AND to_account = '54321"},
  • 19. AWS Community SSO-Elevator (Just in Time Access) More info: https://github.com/fivexl/terraform-aws-sso-elevator
  • 20. AWS Community Temporary Access to RDS Data API More info: https://github.com/fivexl/terraform-aws-sso-elevator
  • 21. AWS Community Guard Duty RDS Protection More info: https://docs.aws.amazon.com/guardduty/latest/ug/rds-protection.html