Yah know….. ( said with a humorously wry rise )

So I thought I would recall all of the biffs I made when migrating to AWS… I wanted to join the Amazon club pretty bad….. because everyone is doing it, right? I can just hear my mother’s voice in my ear…

“If all your friends decided to jump off a cliff, would you jump off it too?!!” – said with exasperated disapproval being sprayed all over the room that would make any seven-year-old shrink down into their shoes…

Regardless, the AWS cliff looks fun and everyone seems to be surviving. But going straight into it for the first time, I encountered a few bumps in the road. Here is a road map of where I was going and a list of the places where the trail went cold:

Build: Amazon Linux 2 AMI, NGinX, MySQL, PHP, WordPress. 

• Launched Instance. Couldn’t SSL into the box because I didn’t set a name tag and didn’t set up DNS correctly. For some reason, troubleshooting after you make that mistake before launch is tough.  Flash Box

• Launched Instance. Couldn’t get MySQL installed onto Linux AMI. There is an unsolved library compatibility issue that no one has posted a fix for on Stack Overflow yet. And there is only so much package hunting you can do in the morning before work — gave up and went back to Ubuntu 16.04. Flash Box

• Got ALL THE WAY THROUGH the 5 minute installation and had it ready to install ( yah know… when its accessible via default creds? ) and then I had to go catch the train. During my commute I was taught a harsh lesson around security group configuration. When I got back to do the install, a very courteous piece of cryptojacking malware had  done it for me. I spent a few hours doing some forensic analysis on the box ( running top, I could see the database was VERY busy spending my money) and I attempted to hash in my own password into MySQL so I could get back in, but my drive to not get sidetracked with albeit, an interesting pursuit, was not going to directly contribute to the completion of this project. Flash Box

• Accidentally started up the firewall at some point when I was on NGINX installation autopilot and kicked myself out of my own machine. It didn’t actually terminate the session I already had, which made it take longer for me to remember what I had done wrong when my ssh command didn’t work the next day. That ufw command has consequences… Flash Box

• Yet another Death by Firewall as I changed the configuration of the SSH service to operate on another port ( Security by Obscurity Lives!!! ) and I forgot to open up a port in the firewall. FLASH BOX!

Remember that scene in The 5th Element when Gary Oldman opened the case to find that there were no stones? Yeah… it was like that. The struggle is real.

A funny reminder of all of these id10t viruses compromising the layer 8 host is the naming convention I have applied to the key pairs that I download each time I spin up a new AWS instance. SecondKey, ThirdKey, FourthKey… you get the idea. Wish me luck with a successful configuration while the numbering of the keys is still in the one’s column.

Takeaway: Even when you’re just getting started, the amazon design and security principles do state the importance of automating a best practice around starting with a secure architecture, strong controls and having a system for versioning your instances — which would have been a great help to keep me from starting from scratch every time.