Building infrastructure for AWS using terraform

What is terraform?

Terraform is an open-source infrastructure as code, software tool created by HashiCorp. It enables users to define and provision data center infrastructure using a declarative configuration language known as HashiCorp Configuration Language (HCL), or optionally JSON. Terraform supports all cloud providers.

In this article i will show how to build simple architecture in aws using terraform.

First install terraform on your system. Based on your Operating system download terrafrom.

Let’s start with ec2-creation. I am using ubuntu 18.04 as base OS and instance type t2.micro which falls under free-tier.

Ec2-resource creation:

resource "aws_instance" "MyFirstInstance"{
#add ami,instance,tag values to create instance
ami = "ami-02354e95b39ca8dec"
instance_type = "t2.micro"
vpc_security_group_ids = ["${}"]
subnet_id = "${}"
tags = {
Name = "MyEc2Instance"

Elastic ip creation:

resource "aws_eip" "EipForInstance"{ instance = "${}" vpc = true tags = { Name = "Ec2_instance_ip" }}

VPC Creation: Here for demo i have allowed all ips for ssh. Don’t follow this practice in dev/production server

resource "aws_vpc" "mainvpc" { cidr_block = "" instance_tenancy = "default" enable_dns_hostnames = true
tags = { Name = "VPC_TF" }

You can find code in my repo . Kindly check the readme file for running terraform file.

Running pytest in Jenkins

In this blog, I will show how to run pytest in Jenkins. To run Python scripts in Jenkins, you can refer my previous blog. In order to run the pytest in the cloud, install pytest library. I have added requirements file. Run it by the command “pip3 install -r requirements.txt”.

I have created a freestyle project, Which pulls source code from git and runs the script. My git repo.

Underbuild section, select Execute Windows batch command. For the first build add “pip3 install -r requirements.txt”, so that it will install libraries. After a successful run, And add these command “SET PATH=%PATH%;%Python_path% dir pytest -v -s” and remove previous command.

Save the project and click on the build project.

Running Python scripts in Jenkins

In this post, I will show how to run python scripts in Jenkins. For demo purpose, I have installed python and Jenkins in my local system.

Make sure you have installed the latest version of Jenkins and Python in your system(local or cloud). I assume that you have already done setup of Jenkins in your system.

Now navigate to Global Tool Configuration which is under manage Jenkins. Scroll down and click on add Python under python.

Give the path of python installed location here and save it.

Now go Jenkins job and create a new job. Select the freestyle project.

Under SCM select your git repository. And add your git URL. My repo

Underbuild section select Execute Windows batch command. And add the below command to set python path “SET PATH=%PATH%;%Python_path%”.

Python_path is variable, I have set this in Global properties under environment variable. Change it with your path.

And now add python command to run the file i.e, “python”.Save it and click on a Build job.

The project will get executed and you can check the console log.

Hope this information has helped you.

What is this Agent Smith? Is it related to Matrix?

Recently a New virus has been found which is known as Agent Smith. This app hides like WhatsApp, Hotstar, Jiotv, Flipkart, Operamini and other apps.

This attack has occurred majorly in India, Pakistan and other Asian countries. Nearly 25million Android devices have been affected by this virus.

Agent Smith uses permissions which users blindly approve. The infected app modifies its name to something that looks more “authentic” like Google Updater or Google Themes or something else with Google in it.

And it also starts injecting its code into the bits of other popular apps like WhatsApp and Flipkart. This code is then used to serve more ads to users.

Now the question arises how to detect this virus. Well, you can’t detect it. But you can take precaution such as downloading the app from google play store and glance at the permissions the app is asking for, also if you are updating the app check the permission again before updating.

I know lots of users install the apps from 3rd party. After downloading the app upload it to VirusTotal and scan it. There is 62-64 antivirus on this server which will detect whether the app is safe or not based on that you can install it.

For more details visit this link

A critical flaw in Zoom video conferencing:

If you are using Zoom video conferencing then you need to read this.

Why Zoom is used?

Zoom is popular for cloud-based meeting platforms such as video, audio and screen sharing for users, And its free.

Recently a flaw has been found which exposes your webcam. If you uninstall zoom from your device even then the attacker can access your webcam.

For more details and Zoom’s response for this attack. click on the link

Is Android App safe?

Many of the Android apps have been collecting your data such as Messages, Calls, Location, Media and etc. There is a setting where you can block this permission for the apps. But is that sufficient?

Recently some of the applications have been caught collecting information even though you deny these application.

Researchers have reported these apps and bugs to Google. These bugs will be fixed once Andriod Q is rolled out. So until you receive update from google, turn off app permissions for the applications which are not needed.

For more details visit this link

Marriot Faces fine from GDPR:

The World’s biggest hotel chain Marriot International has been fined with $123Million under GDPR over 2014 data breach.
In 2018 November, Marriot detected that unknown hackers have comprised their guest reservation database through its recently acquired Starwood Hotels and got access to personal details of around 339 million guests

The attack leaked guests’ names, mailing addresses, phone numbers, email addresses, dates of birth, gender, arrival and departure information, reservation date, and communication preferences.

For More details visit this link.

To know more about GDPR . click on this link

How to connect and deploy application from docker container to EC2 instance

In this article, I will be showing how to run and deploy the angular project from Docker Container(Localhost) to the Amazon EC2 instance.

I have made a video and uploaded it on Youtube. This is the theoretical article.

First, I have taken a base Ubuntu OS in docker and installed Angular, Nodejs, JDK, Jenkins and created a new image, which I pushed to my repository. After doing that I ran my docker container by this cmd

docker run -it -d -p 8095:8080 -p 81:80 -p 50000:50000 image_id. For entering into container type this cmd

docker exec -it container_id bin/bash.

After entering into the container you will be logged in root user. Run this command “service Jenkins start”.You will get a message as Jenkins started on some pid number. If you are using a MAC OS the jenkins URL will be localhost and the port number which you entered when you started the container. I am running it on port 8095 so my URL will be “localhost:8095”. If you are using windows then your jenkins url will be port number. it’s because of the NAT setting in the network.

Now create an EC2 instance using Ubuntu any version. I am using 18.04. log into instance. By default you will ubuntu user. Now run “sudo apt-get update” this cmd will update packages. And install apache2 in an instance.

“sudo apt-get install apache2 -y” by running this cmd apache will be installed. Now run “sudo service apache2 start” to start Apache service in an instance.

Now go to your docker container and switch to jenkins user. I have created a user called jenkins by using “useradd jenkins” cmd and set a password for the user by”passwd jenkins” cmd. To switch to jenkins user

“su – jenkins”. Now run “ssh-keygen” hit enter until you get the message that key has been created. Now this key will be under jenkins folder i.e, /usr/lib/jenkins/.ssh/ view that key by “cat /.ssh/” and copy that key. And go to ec2 instance, here you are logged in as ubuntu user run “ls -la”. You will find .ssh folder in your home directory. In that folder, there will be a file called authorize_keys open it and paste the key that you copied from your docker container by “sudo vi authorize_keys”. Once done go back to your docker container and run “ssh ubuntu@public-ip-address”. If everything is working fine you will be welcomed as ubuntu user inside ec2 instance. run “exit” to exit from ssh connection.

Now go to your jenkins url and create a new job or project. Under source management, select git. And add the git repository and under build section select “execute as shell”. And add these cmds “npm install”, “ng build”, “cd dist”, “tar -czvf new-name.tar.gz *”, “scp new-name.tar.gz instance-2-user@public-ip-address:folder” apply and save it. Now click on Build. The build is successful



How to spot an Scammer in online

In this article, we will be showing how to spot a scammer in the Digital world(Quickr, Telegram). You must have read in NEWS about people losing their money in quickr, Telegram.

First, what is a scam?

A scam is an attempt to defraud a person or group by gaining their confidence. So a person who does this is known as Scammer. I had heard that there were scammers in quickr. And found one easily.

Here I have uploaded a chat with one of the scammers who were in quickr. Now I am living in Bengaluru, India. So I have filtered the search for the ads within Bengaluru. I got attracted to the ads were the seller is selling iPhone X for 30K(INR). Now, who would sell an iPhone to such low amount?. Remember scammers always sell high budget products to a low amount, so that people would by the product from them.


Here seller is from another country, but in ads, it says the seller is in Bengaluru. He is in hurry, so I bargained for 26K. which he accepted. Then he says that he will ship the product to me and I need to pay half amount in advance and the rest after the product is delivered. Then Seller calls me through Whatsapp call and he is talking in Nigerian accent. And is asking me how fast can I pay the money. He sends his account details which are from SBI(State Bank of India). And the number from which he is calling me is International Call. Now, how come a foreigner is having SBI account in INDIA. Here you can see how scammers are scamming people in name of the product. If I had gone ahead with the payment, he would have blocked me once I paid the amount.

Moral of the story: Always get confirmation from the seller whether She/He is from the same city or not. And chat with them by asking to send more pics of the device, accessories, and invoice. If they say that will send the product by courier. Then they are scammers.

What is carding?

Carding is a term describing the trafficking of a credit card, bank account and other personal information online as well as related fraud services.

Many of these(Carders) are in telegram and Instagram, where they say that they can get you any product in less amount. And like fools, many will fall for it and end up paying money. Once the carders get your money they just block you. Since they accept the money through Paytm, Paypal, BTC, or other eWallets we will not be able to trace them. Mark my words never deal with carders or scammers as you end up losing your money.

Note: This is a Research purpose only. Never deal with scammers or carders

Difference between Android and IOS:

1. Architecture:


1.  In IOS architecture there are 4 layers mainly Cocoa touch, Media player, Core services, Core Os.

Core OS:

This layer contains the low-level features on basis of which the other high-level features are built. Though we may not use these services directly, they used by the frameworks which are used by our application. We can make use of these features when we need to implement the security features or communicating with an external hardware accessory.



Core Service layer:

This Layer contains basic system services for apps. Core Foundation and Foundation Frameworks are the key services provided by this layer, which define the basic types that all apps use it also has the technologies which support the features like location, iCloud, social media and networking.





Media Layer:

This layer contains the graphics, audio, and video technologies you use to implement multimedia experiences in your apps. The technologies in this layer make it easy for you to build apps that look and sound great.


Cocoa touch:

Cocoa Touch mainly contains the classes implemented in Objective-C, an object-oriented language that is compiled to run at incredible speed, yet employs a truly dynamic runtime making it uniquely flexible. Because Objective-C is a superset of C, it is easy to mix C and even C++ into your Cocoa Touch applications


In Android, there are mainly 4 layers: Linux kernel, Libraries & Android Runtime, Application framework, and application.

Linux Kernel:

Android is partly Linux with some changes. In this layer device drivers, memory management, process management, and networking. However, we will never be programmed to this layer directly.

Libraries & Android runtime:

This layer contains native libraries. They are all written in C/C++ internally, but you’ll be calling them through Java interfaces. In this layer, you can find the Surface Manager (for compositing windows), 2D and 3D graphics, Media codecs (MPEG-4, H.264, MP3, etc.), the SQL database (SQLite), and a native web browser engine (WebKit).

Next is the Android runtime, including the Dalvik Virtual Machine. Dalvik runs dex files, which are converted at compile time from standard class and jar files. Dex files are more compact and efficient than class files, an important consideration for the limited memory and battery-powered devices that Android targets. Java libraries are also part of the Android runtime. They are written in Java, as is everything above this layer.

Application framework:

Parts of this toolkit are provided by Google, and parts are extensions or services that you write. The most important component of the framework is the Activity Manager, which manages the lifecycle of applications and a common “back-stack” for user navigation.


This is the top layer. Most of our code will live here, alongside built-in applications such as the Phone and Web Browser.

2. Security:

Studies have found that a far higher percentage of mobile malware targets Android than iOS, the software that runs Apple’s devices. That’s down both to Android’s huge global popularity and its open approach. Plus, Apple tightly controls which apps are available on its App Store, vetting all apps to avoid allowing malware through.

Many threats to Android could be largely eliminated if all users upgraded their handsets to the latest version of the OS. The fragmentation of Android devices across old versions plays into the hands of malware creators, so it’s vital to keep your own devices up to date.

Apple has no similar problem, as each release of iOS quickly filters through to users. Indeed, iOS updates are big events that prompt mass upgrades, and that means significant security scares are rare enough to be big news when they occur. There are of course downsides to Apple’s tight grip over everything that occurs on its platform, but there’s no doubt it makes for a more secure environment for casual users.

Majority cellphone users are android and that is the reason that android phones are easy to hack as hacker target majority users. And you might have read articles about google, facebook collecting data. if you are using apple phones chances are less .

Source: 1  2 3