Wednesday, December 16, 2020

AWS Beanstalk Sensitive Info Exposed

The best way to learn something is to create projects from scratch.  Once I have free time I always try to create different types of projects.  Right now I decided to create an event-driven process to make data transformation/processing/real-time searching (Talking about the Big Data). I have standard ETL architecture using AWS S3, AWS SQS, AWS Lambdas. I also use AWS Lambdas to create data partitions on S3 and  Elastic beanstalk for data processing.  

I've just found that some sensitive information was exposed. I found the following header in the HTTP response:

Server: Apache/2/4/39 (Amazon) OpenSSL 1.0.2l-fips

The solution is pretty straightforward. We need to open the Apache documentation and read it. Note that if you need to completely remove the header you have to install the mod_security module. On the AWS EBS side, everything is simple. We need to create a new config for the beanstalk cluster. 

Location: Amazon S3/$bucket name/build/$app/.ebextensions/httpd/conf.d/

Next time I may share the entire project architecture - how I created real-time processing/searching on AWS env, why I use AWS Lambdas, why I create parquet files for the metadata, how I run distributed processing at AWS Beanstalk with Apache Ignite etc.


Have a good holiday!

No comments:

Post a Comment