►
From YouTube: Magento Cloud Demo - Overview of 2FA functionality with Billy Gilbert and Matt Johnson
Description
In this demo Billy and Matt will cover the next topics:
- 2FA on Magento Cloud
- Aggregated logs in NewRelic
A
A
First
off
we're
going
to
be
discussing
a
magento
commerce
cloud
2fa
for
ssh
and
then
after
a
quick
demo
on
that
we'll
be
going
on
to
new
relic
logs,
which
has
also
been
released
so
first
off
for
2fa
for
ssh
first
off.
Why
are
we
doing
this,
and
the
tldr
of
everything
is
that
over
the
past
couple
years,
we've
been
seeing
an
increasing
number
of
cloud
customer
stores
being
compromised
due
to
ssh
mismanagement
and
ssh
based
attacks.
A
So
to
be
clear
on
what
2fa
on
ssh
is
it's
not
necessarily
about
using
2fa
during
the
ssh
login
itself,
but
about
ensuring
that
the
credentials
used
for
ssh
have
been
quite
acquired
by
a
means
of
a
flow
that
was
protected
by
2fa,
and
what
that
really
means
is
logging
into
your
cloud.
Account
via
2fa
really
covers
that
mechanism
and
so
generating
that
access
token.
A
A
A
It
really
says
anyone
who
has
admin
access
internally.
Two
projects
is
going
to
have
the
2fa
for
ssh
enforced
on
them,
so
there
are
no
internal
adobe
or
magento
employees
that
are
able
to
ssh
without
this
functionality.
At
the
admin
level,
we
do
support
machine
based
account
usage
via
use
of
an
api
token.
This
can
be
generated
in
your
account's
ui
on
cloud
and
at
this
point
I
will
hand
it
off
to
billy
to
go
ahead
and
give
an
actual
walkthrough.
B
Hey
good
morning,
everyone
I'm
switching
to
my
screen
share.
So
please,
let
me
know
if
you're
seeing
my
screen
with
the
thumbs
up
but
I'll
go
ahead
and
dive
in
here,
so
yeah
we're
gonna
do
a
demo
now.
So
what
you'll
see?
What
I
have
up
on
my
screen
is
what
will
happen
if
you
try
to
ssh
into
a
project
that
has
ufa
enabled,
but
you
have
not
authenticated
right.
So
what
I'm?
What
we're
seeing
here
is.
This
reason
access
requires
mfa.
B
So
so,
like
matt,
said,
there's
a
few
key
points
here.
So
the
first
thing
you
need
to
do
is
authenticate
through
a
through
the
magento
cloud
2fa
to
the
magento.cloud
site.
So
in
this
case
I'm
going
to
just
do
ms
mvc
login,
which
is
going
to
give
me
the
browser
login
here.
So
I've
already
authenticated
to
magento.cloud,
and
it's
got
my
my
2fa
cached
since
you
have
the
option
to
remember
that,
but
just
to
show
where
that's
set
up.
B
B
B
So
you'll
see
I'm
now
able
to
authenticate
now
I
want
to
show
a
few
of
the
configurations
here
as
seen
a
little
bit
of
the
inside
scoop
as
to
what's
actually
happening.
So
if
I
go
look
in
my
actual
ssh
folder
now,
you'll
notice
that
I
have
a
config
file
here
now.
I
already
previously
had
this
generated
for
a
few
commandments,
such
as
putting
in
my
identity
identity
file.
But
what
you're
going
to
notice
here
is
that
it
has
added
these
last
four
lines
to
my
ssh
config
file.
B
B
B
And
that
should
contain
the
meat
of
what
is
actually
being
modified
here.
So
what
you're
going
to
notice
here?
We've
got
an
automatic
refresh,
so
you
know
in
the
events
you
know
we
need
to
regenerate
it
that
go
ahead
and
takes
care
of
it
for
us,
so
that's
going
to
make
it
so
the
circuit
will
continue
to
be
generated
and
then
what
you're
going
to
notice
that
it's
going
to
actually
add
this
additional
certificate
file
right
and
as
well
as
identify
identity
files.
B
So
this
this
key
right
here
this
this
private
key,
is
generated
by
the
cli
so
that
you
will
have
that
available.
Then
this
cert
is
the
actual
ssh
certificate
generated,
and
then,
of
course
it
does
add
my
additional
or
my
my
my
default
private
key
that
I've
generated
for
my
accounts.
That'll
stay
there
as
well.
B
The
one
thing
we
do
recommend
is:
if
you
are
having
any
issues
with
ssh,
go
ahead
and
run
the
command
with
the
dash
dvd
option.
The
reason
I
think
that's
really
important
is
you're.
Gonna
see
the
identity
files
that
it's
trying
to
generate
or
trying
to
use.
So,
of
course
we
can
see
here,
it's
you
know
using
the
certificate
and
then,
of
course
it
accepted
it.
B
The
other
thing
that
is
a
fairly
new
rollout
that
we've
exposed
is
the
ability
to
authenticate
by
an
api
token.
So
I
I
won't
show
that
for
security
purposes,
but
if
we
take
a
look
at
the
off
space
or
the
authentication
space,
you'll
notice,
this
api
token
login
now
on
your
user
account.
If
you
take
a
look,
you
now
have
an
api
tokens
and
from
here
you
can
create
an
ip
api
token
that
you
can
use
to
log
in
the
thing
that's
very
convenient
about
this.
B
B
B
B
So
if
you
create
this
file
and
put
this
configuration
in
there,
it
will
actually
create
a
certificate
for
you
every
time
you
log
in
so
you'll
be
able
to
skip
that
step.
Of
course,
it
still
requires
the
you
know
the
2fa
login
to
magento.cloud,
but
this
is
very
helpful,
particularly
if
you're
doing
any
type
of
automation
around
ssh.
B
The
other
thing
we
like
to
point
out
is
that
this
also
impacts
git,
which
is
of
course
done
on
magento
cloud
through
through
ssh.
So
you
know
be
aware:
if
you're
trying
to
do
any,
you
know
get
operations,
you
will
need
to
authenticate
with
with
mfa
as
well,
and
then
just
the
final
thing
I
want
to
show
is
the
way
you
can
view
if
a
project
is
configured
for
mfa,
so
this
is
going
to
be
my
my
project.
B
So
if
you
run
this
command,
this
curl
command
with
to
the
slash
settings,
endpoint
you're,
going
to
get
a
list
of
the
configurations
for
your
project,
but
what
you'll
notice
here
is:
there's
an
enforce
mfa.
Now,
of
course,
as
matt
noted
for
all
internal
users,
we
always
have
to
use
mfa.
So
as
a
as
an
adobe
employee,
I
have
to
use
mfa
for
any
project,
but
you'll
notice.
This
particular
project
is
not
directly
configured
for
mfa.
B
A
So
I'll
keep
this
short
and
sweet,
so
we
can
get
to
the
the
meat
of
it.
But
the
next
piece
here,
as
I
mentioned,
is
new
relic
logs,
which
was
just
released
in
conjunction
with
2.4
last
week.
You
do
not
need
to
be
on
2.4
to
use
logs.
This
has
been
added
to
our
new
relic
suite
of
products.
So
now,
along
with
apm
and
infrastructure,
you
also
have
access
to
the
logs
functionality
within
logs.
We
are
aggregating
our
application,
our
cluster
logs,
as
well
as
all
fastly,
cdn
and
waft
logs.
A
A
Alerting
is
a
is
a
lifesaver,
as
many
folks
often
know-
and
this
is
really
part
of
the
narrative-
that
cloud
has
really
been
undergoing
over
the
past
year
and
a
half
on
transforming
from
a
black
box
into
putting
more
control
in
the
user's
hand.
So
having
you
need
to
rely
less
on
us
for
visibility
and
you'll
be
able
to
control
that
as
much
as
possible.
A
You
can
see
our
dev
docs
for
some
more
information
and
we
will
be
updating
that
in
the
future.
As
we
start
populating
with
recommended,
queries
recommended
use
cases
as
we
move
forward
on
this,
and
you
can
also
visit
a
new
relic
documentation
for
the
full
list
of
functionalities
as
well,
and
with
that
I
will
hand
back
over
to
billy
to
actually
go
over
the
logging
functionality.
B
All
right,
so
I
stole
the
screen
share
from
matt.
Hopefully
there's
the
button
all
right,
so
hopefully
you
all
are
seeing
the
new
new
relic
one
landing
page.
So
up
here,
I've
got
one
of
our
internal
accounts.
This
is
actually
our
pwa
demo
account
so
I'll
sort
of
show
the
the
key
screens
here
that
you're
looking
at
for
logs.
So
of
course
the
first
one
is
the
logs
ui.
B
So
this
this
screen
is
particularly
useful
for
just
being
able
to
see
a
log
stream
so
give
us
one
moment
to
log
or
to
load
up
since
I
have
a
deeper
level
of
access,
there's
a
fair
bit
that
it
needs
to
load
but
yeah.
So
this
this
screen
in
particular,
is
going
to
be
able
to
show
us
all
of
our
logs,
whereas
there's
a
separate
ui
for
actually
doing
more
deeper.
You
know
querying
and
aggregating,
and
things
like
that,
as
well
as
neural
insights.
B
B
So
in
this
case,
if
I
go
ahead
and
use
what
urela
calls
nerc
will
cinderella
query
language,
I
can
just
select
star
and
see
all
of
my
logs
here
so
in
this
case
we're
getting
some
basic
information,
we're
seeing
you
know
which
project
that
it
came
from
or
which
cluster,
rather
you
know
the
source
of
it
and
then
eventually
over
here
we're
gonna
see
the
actual
message.
We
also
have
this
like
denfield
tracking.
You
know
where
it
came
from
so
and
then
of
course,
yeah
the
message.
B
So
the
simplest
way
to
look
between
the
two
of
those
is
to
you
know,
check
for
a
field
that
only
exists
in
one
or
the
other,
so
with
the
cluster
logs
using
the
the
rsys
log
specification,
I'd
like
to
just
check
for
this
ident
field.
So
if
I
throw
an
ident,
is
not
null
on
here
and
run
that
query,
I'm
only
going
to
get
cluster
logs
neural
does
not
quite
the
normal
query.
Language
doesn't
completely
match
sql,
so
it
does
have
some
nuances.
B
B
B
So
this
is
the
way
you
could
review
traffic
by
ip
and
look
for
you
know
people
performing
at
ddos
attack
or
something
like
that,
so
it
does
look
like
we
have
the
more
modern
ui
loaded
now
like
I
said
this
is
a
very
nice
clean
ui
for
just
looking
at
streams
of
logs
and
again
to
muralik
one.
You
know
as
much
as
I
like
the
insights
page.
I
definitely
recommend
familiarizing
yourself
with
this
screen,
especially
because
this
is
where
new
relic
is
putting
a
lot
of
their
work
into.
B
So
in
this
case,
we
want
to
perform
the
same
type
of
operation.
I
can
do,
has
ident
and
again
we're
going
to
see
all
of
our
cluster
logs
and
then
to
do
something
similar
I
can
do,
has
client
ip.
Then
we
can
take
a
look
at
that
here.
You
can
add
additional
fields
onto
the
right-hand
side.
If
you
you
know,
depending
on
what
you're
missing,
but
because
these
are
fastly
logs,
we
have
a
pretty
substantial
number
of
attributes,
so
you
also
notice
on
this
left-hand
side.
B
One
is
the
last
section,
so
we
can
take
a
look
at
laugh
blocks,
for
example,
so
we
can
see
that
you
know
the
site
has
had
33
waft
blocks
since
12
hours
ago,
so
it
can
help
you
to
review
those
also,
especially
if
your
clients
get
if
they
get
a
block
through
app
there's
a
id
on
here,
request
id
you
can
use
to.
Actually
you
know
review
that.
So
if
I
wanted
to
take
a
look
at,
you
know
the
laugh
blocks.
B
B
I'm
not
seeing
it
right
off
the
top
my
head,
but
yeah
you
can
actually
you
know,
see
the
reason
that
the
request
was
blocked.
The
other
screens
that
I
do
want
to
show
is
this
query
your
data
screen.
So
this
is
actually
the
new
relics,
modernization
of
their
insights.
So
you
know
again
one
of
the
things
that's
really
nice
about
heroic
one
is
we're
bringing
all
of
our
information
in
so
I'll.
Just
show
you
logging,
but
you
know
in
this
case.
Let's
say
we
wanted
to
take
a
look
at
cache
status.
B
So
if
we
just
want
to
take
a
look
at
percentage
of
hits,
for
example,
so
we
can
see
how
many
hits
we're
getting
over
time,
but
yes
again
with
with
new
relic,
you
know
you
can
add
additional
things
here.
So
if
you
wanted
to
compare
this
against
page
views,
you
could
plot
multiple
queries,
so
I
do
want
to
show
this
query
builder
as
well.
This
can
allow
us
to
do
some
more
granular
querying
similar
to
what
we're
doing
with
insights.
B
So
in
this
case,
I
brought
over
the
page
view
query,
but
I'm
going
to
copy
and
paste
this
query
that
I've
borrowed
from
one
of
our
other
teams
here
and
copy
and
paste
this
in
here.
So
if
I
run
this
particular
query,
you
can
actually
see
our
fastly
hit
ratio,
so
in
this
case
we're
querying
the
fastly
logs
and
finding
a
percentage
where
cash
status
equals
hit
of
the
of
the
entirety.
B
B
Let's
add
a
additional
query.
So
so
again
you
know
showing
that
we
can
mix
multiple
queries.
Let's
take
a
look
and
see
how
many
exceptions
we're
getting
so.
Similarly,
you
know
90
35
exceptions.
If
I
take
that
add
that
to
my
test
dashboard,
we
get
a
nice
little
visualization,
so
yeah.
So
I'll
probably
conclude
it
here,
but
once
we
load
up
the
dashboard
but
you'll
see
you
know,
we
can
start
to
pull
some
really
nice
insights.
B
You
know
into
the
relic
and
get
a
good
understanding
about
the
the
health
of
our
site,
and
the
only
other
thing
I
will
note
there
is
you
know
on
that
notice.
You
know
new
relic
is
very
rapidly
upgrading
this
tool.
One
thing
we
noticed
actually
yesterday,
I'm
not
sure
when
they
launched
it
but
they've
started
to
add
some
really
interesting.
B
Parsing
features,
so
you
know
we'll
be
exploring
that.
Hopefully
you
know
adding
that
to
our
our
default
rollouts
for
new
relic
in
the
future,
as
well
as
documenting
around
it.
So
y'all
can
use
that
as
well.
So
with
that,
that's
pretty
much
all
I
wanted
to
show
on
new
relic,
so
I
think
that's
all
we
have
for
today.
So
I
think
we'll
you
know
we'll
we'll
pause
there
for
any
questions
y'all
might
have
about.
You
know
either
of
these
pieces
of
functionality.
B
B
B
B
B
So
not
at
this
point,
you
know
right
now
we're
using
our
syslog
our
syslog
protocol.
So
right
now
we're
just
getting
you
know,
basically
the
the
the
raw
vlogs
not
doing
any
parsing
on
it.
So
let
me
pop
up
my
screen
here.
Like
I
said
we,
I
literally
noticed
this
yesterday
I
sent
it
to
matt
with
kind
of
a
like
question
mark
yesterday,
because
I
didn't
notice
this
was
there
yeah?
You
know
I
love
nurella,
because
they're
just
they're
they're
they're
so
rapidly
developing
this
tool.
B
But
when
I
noticed
yesterday
on
the
log
screen
is
there
is
the
ability
to
do
custom
parsing?
So
if
I
take
a
look
over
here,
we've
got
to
manage
parts
where
we
can
specify
parsing
rules.
So
I
have
not
explored
this
yet,
but
this
should
be
able
to
do
that.
So
you
know
in
this
case
we
should
be
able
to
do
something.
B
You
know
there's,
unfortunately,
not
a
whole
lot.
You
can
do
on.
You
know
the
the
access
logs,
for
example,
without
being
able
to
parse
out
ip
addresses
or
endpoints
or
us.
You
know
status
codes
and
things
like
that,
so
yeah
be
on
the
lookout
for
dev
docs,
and
things
like
that,
where
you
know
hopefully
we'll
be
putting
these
out
and
you
know
helping
you
all.
You
know
get
that
parsing
setup
on
the
magento
application
logs.
B
C
B
Cool
all
right.
Well,
thank
you
so
much
everyone
for
your
time
today.
Oh
it
looks
like
we
got
one
more
question
about
2fa.
It
should
work
with
any
git
client,
that's
authenticating
over
ssh.
Again.
I
think
that
you
know
the
the
main
thing
that
you
need
to
make
sure
of
now
is
that
you
have
the
magento
cloud
cli
installed
locally,
so
that
you
will
be
able
to.
You
know,
generate
your
2fa
certificate,
so
yeah
any
any
get
client
that
that
works
with
cloud
will
be
authenticating
over
ssh.