Increase security with the click of a button!

  • 0

Increase security with the click of a button!

Category : IoT , Tech Blog

Although at easytocloud we prefer to build serverless solutions wherever we can, we do have some EC2 instances and use a bastion host to access our – predominantly private – EC2 instances.

In an earlier posting you could read how we use our EC2 scheduler to stop and start our persistent instances based on the time of the day. The cost-savings of running an instance only during office-hours is a whopping 75% compared to leaving instances on ‘all the time’.

As for our bastion host, not only does it reduce costs, it also increases security. The bastion host being the only way into our AWS infra as (most) other instances do not even have a public IP address. So, whenever the bastion host is ‘off’, it is not possible to get into our AWS stuff.

Recently I got hold of a few AWS IoT buttons and thought it would be nice to be able to stop and start our bastion host with it. The IoT button can send 3 different ‘messages’ to AWS IoT; one click, double click or long press.

button

So now we start (one click) and stop (double click) our bastion host, hence increasing security with the (double) click of a button!

Some background?!

An IoT button uses a WiFi to send it’s messages. To connect it to a (new) WiFi network, it becomes an access point that you can connect to with your laptop. The button features a webserver that you then browse to, so you can setup the button to connect to your WiFi.

The next step is to configure the IoT button to be a trigger for a lambda function. Each button has a unique ID and you can configure a particular button to trigger your function to be executed.

Your lambda function receives information from the button when it is pressed: the button-ID, the type of ‘click’ and the remaining voltage of the battery.

All that is needed now is some code that changes the powerstate of your instance. With only few modifications to (a copy of) the python code of the previous post it was   an easy last step.

The next thing for me to do is write a cloud formation template so you can increase your security too – with just the click of a button!