How To Use AWS CloudTrail For Intrusion Detection To Monitor Your AWS Account For Unwanted Activity

Author: , Posted on Friday, December 30th, 2022 at 11:46:21am


Use AWS CloudTrail as the basis for a simple Intrusion Detection System to monitor your AWS account for unwanted activity.


While I follow best practices for security, it is always possible that a bad actor could obtain my credentials and gain access to my AWS account.

Once access is gained, such criminals could launch new, maximum-sized instances all over the world and proceed to harness them for nefarious purposes, often for DDoS attacks and crypto-mining.

These instances can accrue enormous charges in a short time given the cost per instance times the quantity launched.

Attacks like this can cripple an organization financially, especially because Amazon Web Services are NOT flexible about refunding such charges if they happen more than once.

AWS-based Solutions

AWS itself offers a number of paid services to assist with account security, including CloudWatch and Trusted Advisor.

While they are no doubt excellent offerings, I was reluctant to pay more than I had to, and the CloudWatch tool seemed like overkill in terms of complexity.

Chosen Solution

While CloudWatch did not work for me, the underlying CloudTrail service in fact was the answer, when used with the aws command-line tool to query the associated event data periodically via cron for non-Read-Only events.

This solution required me to roll my own tool (in Perl) to interpret the data and alert via email under the desired circumstances.

Solution Steps

Example CLI Call

Example Crontab Entry

Example Parsing Logic (Perl)

List of AWS Regions


Tungsten Clustering: Plugging the Holes – Risk Mitigation Through Best Practices

Author: , Posted on Wednesday, December 7th, 2022 at 2:52:03pm
Tungsten Clustering depends on a number of prerequisites and best practices to function optimally. In this blog post, we explore a critical, yet easily-overlooked step when installing a Tungsten Cluster node - setting up start at boot, ideally under `systemd` control.

How To Fix “iCloud Account Could Not Be Removed” Error on OS X Yosemite 10.10.5

Author: , Posted on Thursday, November 24th, 2022 at 10:32:14am

PROBLEM: Unable to sign out of iCloud on OSX Yosemite or disable Keychain

SOLUTION: Delete the following, then reboot:

Now Available: Tungsten Dashboard v1.0.11 Release

Author: , Posted on Tuesday, November 8th, 2022 at 3:18:55pm
We are pleased to announce that Tungsten Dashboard v1.0.11 is now available. Tungsten Dashboard is a web-based UI for monitoring and managing Tungsten Clustering deployments of MySQL databases, freely included for Tungsten Clustering customers. We provide Tungsten Dashboard in addition to our command-line user interfaces for easy visual monitoring and management of Tungsten Clusters. Users are able to view, monitor and maintain all of their database clusters in one place.

R.I.P. Robby Coltrane

Author: , Posted on Friday, October 14th, 2022 at 10:39:47am

30 March 1950 – 14 October 2022

Anthony Robert McMillan OBE (30 March 1950 – 14 October 2022), known professionally as Robbie Coltrane, was a Scottish actor and comedian. He gained worldwide recognition as Rubeus Hagrid in the Harry Potter film series (2001–2011), and as Valentin Dmitrovich Zukovsky in the James Bond films GoldenEye (1995) and The World Is Not Enough (1999). He was appointed an OBE in the 2006 New Year Honours by Queen Elizabeth II for his services to drama. In 1990, Coltrane received the Evening Standard British Film Award – Peter Sellers Award for Comedy. In 2011, he was honoured for his “outstanding contribution” to film at the British Academy Scotland Awards.

New Command for Tungsten: tungsten_get_status

Author: , Posted on Tuesday, October 11th, 2022 at 2:54:28pm

Tungsten Clustering contains many tools to monitor your cluster, and today we will look at a new one - the tungsten_get_status command, included with Tungsten versions 6.1.19+ and 7.0.2+. This tool was created in response to a customer request for a simple script that could display the status of all nodes cluster-wide for any topology from a single place. The status includes the datasource and replicator layers along with the policy for each cluster.

R.I.P. Dame Angela Brigid Lansbury

Author: , Posted on Tuesday, October 11th, 2022 at 10:30:47am

Born – 16 October 1925 Regent’s Park, London, England
Died – 11 October 2022 (aged 96) Los Angeles, California, US

How To Disable Automatic Updates in WordPress

Author: , Posted on Monday, September 19th, 2022 at 9:14:20am

To disable automatic updates in WordPress, simply edit the wp-config.php file in your WordPress root directory and add the following line:

Tungsten Replicator: New Pause and Resume Feature in v7.0.2

Author: , Posted on Thursday, September 15th, 2022 at 10:48:46am

Tungsten Replicator is a powerful tool with many great features, and today we will look at a new one - the ability to Pause and Resume a replication service. Until now, the only way to stop a replication stream was to take the service offline, and put it back online when it is needed again. The online process involves a number of internal steps and overhead, and if there are many THL files on disk, it could take some time to index them all before the service can come fully online. To remove the overhead of the startup time, the new pause/resume feature was developed for the Replicator, and is accessed via the trepctl command.

R.I.P. Queen Elizabeth II

Author: , Posted on Thursday, September 8th, 2022 at 1:52:04pm

Queen Elizabeth II, 1926 – 2022