AWS Morning Brief

AWS Morning Brief for the week of September 11, 2023, with Corey Quinn. Links:Amazon Aurora and Amazon RDS announces Extended Support for MySQL and PostgreSQL databasesAmazon CloudWatch adds Amazon EKS control plane logs as Vended LogsAmazon CloudWatch Logs announces regular expression filter pattern syntax supportAs SwiftOnSecurity pointed out a week or two ago, a lot of folks can now discover firsthand just how many of their rules allow all 10* trafficIntroducing Amazon EC2 R7iz instances AWS Marketplace now supports AWS CloudTrail to improve procurement activity monitoring AWS Step Functions launches enhanced error handlingAWS Trusted Advisor adds 1 new fault tolerance checkAnnouncing daily disbursements for AWS Marketplace sellers Embracing FinOps to Maximize Cloud Value and Control Costs with the Deloitte FinOps Framework Transforming Aviation Maintenance with the Infosys Generative AI Solution Built on Amazon Bedrock How Vercel Shipped Cron Jobs in 2 Months Using Amazon EventBridge SchedulerHow contact center leaders can prepare for generative AI A Culture of Resilience How generative AI is energizing the beauty industryMigrating AWS Direct Connect to a new locationReduce the security and compliance risks of messaging apps with AWS Wickr AWS Guild Tournament builds cloud skills and innovative customer solutionsFrom chocolate sales to a career in cloud with training from AWS re/StartAmazon to Discontinue Honeycode App-Building Service

Last week in security news: Barracuda thought it drove 0-day hackers out of customers’ networks, A terrific guide for getting started with AWS security research, “Zukey” or “Amazon Basics Yubikey”, and more!Links:Barracuda thought it drove 0-day hackers out of customers’ networks.A terrific guide for getting started with AWS security research. Amazon Basics YubikeyTwo real-life examples of why limiting permissions works: Lessons from AWS CIRTValidate IAM policies by using IAM Policy Validator for AWS CloudFormation and GitHub ActionsFrom the world of tools: wapalyzer

Last Week In AWS for the week of September 4, 2023, with Corey Quinn. Links:Amazon QuickSight adds scheduled and programmatic export to Excel format Amazon S3 now supports multivalue answer in response to DNS queriesAWS Backup now supports local time zone selections AWS Lambda Functions powered by AWS Graviton2 now available in 6 additional regions AWS Neuron adds support for Llama 2, GPT-NeoX, and SDXL generative AI models AWS Private CA launches Connector for Active Directory Streamlining Prior Authorization with Treatline’s Generative AI Platform for Healthcare and Insurance ProvidersUpdating AWS CloudFormation Stacks Without Service Disruption to Support Rapid Business InnovationWhy AWS Customers Choose to Procure Software Through Channel Partners in AWS Marketplace Announcing Amazon Managed Service for Apache Flink Renamed from Amazon Kinesis Data AnalyticsDeploy Amazon OpenSearch Serverless with Terraform How AWS AppFabric helps companies overcome tech overload Reinventing the in-store experience with Smart Store solutionsAutomatically generate impressions from findings in radiology reports using generative AI on AWS How MongoDB and AWS Collaborated to Enable Running the Open Source MongoDB Kafka Connector in Managed EnvironmentsEmbracing our broad responsibility for securing digital infrastructure in the European Union

Last week in security news: How AWS built the Security Guardians program, Network Load Balancers now support Security groups, the Tool of the week, and more!Links:David Linthicum stakes out the position that in a multi-cloud world, centralized cloud security is now a must-have.Network Load Balancers now support Security groups How AWS built the Security Guardians program, a mechanism to distribute security ownershipKubernetes Security Issues (CVE-2023-3676, CVE-2023-3893, CVE-2023-3893) Tool of the week: SSOFixer

AWS Morning Brief Extras edition for the week of August 30, 2023.Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/us-west-1-the-flagship-region-that-isn-tNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of August 28, 2023, with Corey Quinn. Links:Amazon Aurora Global Database introduces Global Database FailoverAmazon ElastiCache for Memcached simplifies creating new clusters in the AWS Management ConsoleImprovements to multi-account management for Amazon GuardDutyAWS Certificate Manager introduces Enterprise Controls to help govern certificate issuanceAWS Cost Explorer announces support for AWS Billing ConductorAWS Microservice Extractor now supports visualizing very large enterprise applicationsAWS re:Post launches an enhanced search experienceAnnouncing AWS ROSA console support for the ROSA with hosted control planes previewEC2 Hibernate now supports Amazon EC2 M7i and M7i-flex instancesManage Cost Allocation Tags with Last-Updated and Last-Used timestamps Protecting an AWS Lambda function URL with Amazon CloudFront and Lambda@Edge Choose AWS Graviton and cloud storage for your Ethereum nodes infrastructure on AWS How Amazon Finance Technologies built an event-driven and scalable remittance service using Amazon DynamoDBUpgrade from Amazon Aurora Serverless v1 to v2 with minimal downtimeNext Big Things for Retail – Generative AI leads the pack but isn’t aloneExplain medical decisions in clinical settings using Amazon SageMaker ClarifyBuild a serverless store finder site using Amazon Location ServiceConfiguring client IP address preservation with a Network Load Balancer in AWS Global Accelerator How to use pulse-level control on OQC’s superconducting quantum computerAWS Digital Sovereignty Pledge: Announcing new dedicated infrastructure options

Last week in security news: Short session expiration does not help security, How to use AWS Verified Access logs to write and troubleshoot access policies, This week's S3 Bucket Negligence Award, and more!Links:A UK contractor wins this week's S3 Bucket Negligence Award.What happens when a Zero Day and Access Keys Collide in the Cloud.Short session expiration does not help securityHow to use AWS Verified Access logs to write and troubleshoot access policiesIAMbic purports to be able to alert you to changes to IAM polices via consuming CloudTrail logs

AWS Morning Brief for the week of August 21, 2023 with Corey Quinn. Links:Corey is performing a live Q&A next month; submit your questions here!Amazon Polly launches new Gulf Arabic male NTTS voiceAWS HealthOmics supports cross-account sharing of omics analytics stores New – Amazon EC2 M7a General Purpose Instances Powered by 4th Gen AMD EPYC ProcessorsAmazon OpenSearch Serverless expands support for larger workloads and collections Reduce Lambda cold start times: migrate to AWS SDK for JavaScript v3 Architecting for Resilience in the cloud for critical railway systems How Amazon Shopping uses Amazon Rekognition Content Moderation to review harmful images in product reviewsZero-shot text classification with Amazon SageMaker JumpStartBuild a multi-account access notification system with Amazon EventBridgeGetting Started with CloudWatch agent and collectd Cost considerations and common options for AWS Network Firewall log managementAddressing gender inequity in the technology industry

Last week in security news: Cloudonaut has an overview of AWS's security monitoring services, Chris Farris talks about Defining the Sensitive IAM Actions, What’s new in the world of tools, and more!Links:Cloudonaut has an overview of AWS's security monitoring servicesA deep exploration into how you can really screw up integrating GitHub with AWS.Chris Farris talks about Defining the Sensitive IAM Actions.AWS Security Profile: Get to know the AWS Identity Solutions team CVE-2023-20569 - RAS Poisoning - Inception - Paired with CVE-2022-40982 AVID is an AI Vulnerability Database.TinderSec threw up a scanner on GitHub so you can see if you've fallen prey to one of the classic OICD permissions blunders.

AWS Morning Brief Extras edition for the week of August 16, 2023.Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/the-amazon-prime-day-2023-aws-bill/Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of August 14, 2023, with Corey Quinn. Links:Amazon's approach to RTOAmazon Interactive Video Service announces Real-Time Streaming Amazon MSK Serverless expands availability to three additional AWS RegionsAmazon VPC now supports primary IPv6 address on an elastic network interfaceAWS Artifact launches email notifications Announcing AWS Backup logically air-gapped vault (Preview) Mountpoint for Amazon S3 is now generally available Network Load Balancer now supports security groups Using response streaming with AWS Lambda Web Adapter to optimize performance AWS recognized as a Leader in 2023 Gartner Magic Quadrant for Contact Center as a Service with Amazon Connect

Last week in security news: People are still discovering some effects of the latest Azure security breach, Introducing the first AWS Security Heroes, How to Receive Alerts When Your IAM Configuration Changes, and more!Links:Following the latest Azure breach, the CEO of Tenable says they can see banking customer credentials even now.Introducing the first AWS Security HeroesHow to Receive Alerts When Your IAM Configuration Changes Perform continuous vulnerability scanning of AWS Lambda functions with Amazon InspectorRecent Software-based Power Side-Channel Security Research You can totally use AWS's SSM agent as post-exploitation RAT malware

AWS Morning Brief Extras edition for the week of August 8, 2023.Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/breaking-aws-begins-charging-for-public-ipv4-addresses/Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of August 7, 2023 with Corey Quinn. Links:In Amazon's earnings call, Andy Jassy said that every Amazon team is working on Generative AIAmazon Route 53 adds support for 14 additional Top-Level Domains AWS NAT Gateway is now available in the AWS US West Phoenix Local ZoneAmazon EBS announces up to 128 volume attachments per EC2 instanceIntroducing Amazon EC2 M7i-flex and M7i instancesAmazon EventBridge Scheduler adds schedule deletion after completionAWS Application Composer updates: Undo and Redo, Export Canvas, and Local Sync ModeNow Open – AWS Israel (Tel Aviv ) RegionPrime Day 2023 Powered by AWS – All the Numbers Estimate cost savings for the Amazon Aurora I/O-Optimized feature using Amazon CloudWatch Empowering your workforce with Amazon WorkSpaces services and Microsoft 365Exploring Fn::ForEach and Fn::FindInMap enhancements in AWS CloudFormation Identify and optimize public IPv4 address usage on AWS

Last week in security news: Patch your Ubuntu cloud workloads, Azure faces backlash following that stolen Microsoft signing key, IAM Roles Anywhere credential helper adds support for OS certificate stores, and more!Links:You almost certainly want to patch your Ubuntu cloud workloadsIf you care about what that stolen Microsoft signing key was capable of, Azure really wishes you would stop askingSenator Wyden is calling for Azure to be held responsible.In a frantic scramble, Azure is expanding access to cloud logging data for free IAM Roles Anywhere credential helper adds support for OS certificate storesCVE-2023-20593This handy script fetches SSO permission assignments.

AWS Morning Brief for the week of July 31, 2023, with Corey Quinn. Links:The new Amazon Chime 5 on Windows, macOS, and web is coming soon - Amazon Chime Help Center Access and Query are now generally available for Amazon Managed Blockchain AWS Lambda adds support for Python 3.11 AWS Entity Resolution: Match and Link Related Records from Multiple Applications and Data StoresNew – Amazon EC2 P5 Instances Powered by NVIDIA H100 Tensor Core GPUs for Accelerating Generative AI and HPC ApplicationsNew – AWS Public IPv4 Address Charge + Public IP Insights Preview – Enable Foundation Models to Complete Tasks With Agents for Amazon Bedrock Migrating AWS Lambda functions from the Go1.x runtime to the custom runtime on Amazon Linux 2 Introducing Smithy for Python Introducing AWS HealthScribe – automatically generate clinical notes from patient-clinician conversations using AWS HealthScribeAnalyze rodent infestation using Amazon SageMaker geospatial capabilitiesAWS Reaffirms its Commitment to Responsible Generative AI Amazon SageMaker Canvas announces SOME THINGS I AM NOT GOING TO TELL YOU ABOUT

Last week in security news: A Guide to S3 Logging, Optimize AWS Config for AWS Security Hub, Amazon Told Drivers Not to Worry About In-Van Surveillance Cameras. Now Footage Is Leaking Online, and More!Links:Guide to S3 Logging Good on JumpCloud for disclosing a breach by some state-backed APT hacking group, but I learned about it from this article, and I'm a JumpCloud customer.Charlie Bel issued a security roadmap for Microsoft: Protect Azure DevOps secrets is the first item on it. What a novel idea!Amazon Told Drivers Not to Worry About In-Van Surveillance Cameras. Now Footage Is Leaking OnlineYes, the compromised Microsoft key that they glossed over is incredibly important and Microsoft is downplaying it something fierce.Optimize AWS Config for AWS Security Hub to effectively manage your cloud security postureTool of the Week: IAMActionHunter lets you query IAM permission policies

AWS Morning Brief for the week of July 24 2023 with Corey Quinn. Links:Amazon CodeCatalyst now supports workflows triggered by GitHub pullAmazon S3 Inventory can include ACLs as object metadata in inventory reports Amazon SNS can now deliver mobile push notifications in twelve new regions Introducing Analytics on Amazon Lex AWS Mainframe Modernization service is now PCI DSS Compliant Best Practices for Developing an AWS Co-Sell Program Amazon Route 53 Resolver Now Available on AWS Outposts RackReimagine Software Development With CodeWhisperer as Your AI Coding Companion Orca Security’s journey to a petabyte-scale data lake with Apache Iceberg and AWS Analytics Capture clickstream data using AWS serverless services Amazon Simple Email Service adds email delivery features to revised free tier Service Quota Observability Across Regions and AccountsRemoving Unassociated Elastic IPsNavigating common use cases spanning AWS GovCloud (US) and standard AWS

Last week in security news: An Amazon senior security engineer was indicted in a $9M digital currency heist, Microsoft had one heck of a breach, this week’s S3 Bucket Negligence Award, and more!Links:A write-up of someone's experience going through the publicly available flAWS 1&2 labsSigns of the recent Microsoft breach in your account are tied to an enhanced level of license.An Amazon senior security engineer was indicted in a $9M digital currency heistA far-right publisher earned this week's S3 Bucket Negligence AwardAmazon FSx for NetApp ONTAP supports write once, read many (WORM) protection with SnapLock IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources) was updated.Tool of the week: AWS IAM Data has launched.

AWS Morning Brief Extras edition for the week of July 19, 2023.Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/its-extremely-likely-you-should-not-use-govcloud/Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of July 17, 2023 with Corey Quinn. Links:Bullying ChatGPT into ranking the US Presidents by absorbencyAWS CodeBuild now supports GitHub ActionsAWS Lambda now detects and stops recursive loops in Lambda functionsAWS Fault Injection Simulator supports chaos engineering experiments on Amazon EKS PodsAWS announces inaugural State and Local Government Champions

Last week in security news: A deep dive into the DomainNetworks Snail Mail Scam by Krebs on Security, Tailscale is putting their terms and conditions on GitHub, The Tool/ Lesson of the Week, and more!Links:A deep dive into who's behind the DomainNetworks Snail Mail Scam by Krebs on Security.Tailscale is putting its terms and conditions on GitHub and invites users to subscribe to see diffs instead of legalese.Three ways to accelerate incident response in the cloud: insights from re:Inforce 2023Tool/ Lesson of the week: git-landmine

AWS Morning Brief for the week of July 10, 2023 with Corey Quinn. Links:Last week I railed against what appeared to be AWS Transfer Family creating a new logging format.Last Week in AWS Job BoardAmazon CloudWatch now supports dashboard variablesAmazon DynamoDB now simplifies and lowers the cost of handling failed conditional writesMountpoint for Amazon S3 adds support for creating new files AWS Systems Manager Parameter Store increases API throughput limit Announcing DynamoDB local version 2.0 Building Generative AI into Marketing Strategies: A Primer How To Build an Email Service on SES Downgrade SQL Server Enterprise edition using AWS Systems Manager Document to reduce costITSkills4U: From dentistry to IT

Last week in security news: The Password Game, Customer Compliance Guides Now Available on AWS Artifact, The Tool of the Week, and more!Links:The Password GameLastPass has apparently locked customers out due to MFA resets. Customer Compliance Guides now available on AWS ArtifactTool of the Week: findmytakeover

AWS Morning Brief Extras edition for the week of July 5, 2023.Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of July 3, 2023 with Corey Quinn. Links:AWS Lambda simplifies copying environment variables in the console code editorWhat is a spam trap and why you should care?How we learned to program with atoms in 24 hours flat Running an SSH server on AWS RoboMakerNew training series: Starting your Career with AWS CloudAWS to remove 62,000-message Simple Email Service 'always free' tier from August 2023AWS continues to invest in Ohio The INFORM Consumers Act takes effect on June 27. Here's how Amazon is protecting our customers and sellers from bad actors.

Last week in security news: 'Muddled Libra' Uses Oktapus-Related Smishing to Target Outsourcing Firms, Issue with AWS Directory Service EnableRoleAccess, S3 buckets being used in attacks on npm packages, and more!Links:This collection of best practices for managing root users at scale in AWS is worth a read'Muddled Libra' Uses Oktapus-Related Smishing to Target Outsourcing Firms.1Health is this week's winner of the S3 Bucket Negligence AwardBarracuda advises customers to rip the entire device out, throw it away, and replace it entirely. S3 buckets being used in attacks on npm packagesIssue with AWS Directory Service EnableRoleAccessTool of the week: xeol is an end-of-life package scanner.

AWS Morning Brief for the week of June 26, 2023 with Corey Quinn. Links:The FTC comment period about the business of cloud computing endedAmazon warehouse practices are now the focus of a senate probeThe FTC is suing Amazon for its Prime enrollment dark patternsAmazon’s iRobot acquisition is now the subject of an EU investigationThe launch of Amazon Clinic is being delayed after the senate asked some hard questionsAnnouncing Amazon EC2 Hpc7g instances AWS Lambda supports starting from timestamp for Kafka event sourcesAWS Step Functions launches Versions and Aliases AWS Transfer Family announces structured JSON log format5 Stages to Building a Successful Partner Practice with AWSSay Hello to 176 AWS Competency, Service Delivery, Service Ready, and MSP Partners Added or Renewed in MayHow GoDaddy Implemented a Multi-Region Event-Driven Platform at ScaleNew Amazon EC2 C7gn Instances: Graviton3E Processors and Up To 200 Gbps Network BandwidthFor actual technical depth, my thanks to David Cuthbert in the Last Week in AWS Slack Community for surfacing this AnandTech article.Stream VPC Flow Logs to Datadog via Amazon Kinesis Data FirehoseCreating real-time flood alerts with the cloudUse AWS Private Certificate Authority to issue device attestation certificates for MatterShould I use the hosted UI or create a custom UI in Amazon Cognito? - Trick question, you should use recurring Last Week in AWS sponsor FusionAuth instead. Coming soon: updates to AWS Certified Cloud Practitioner examHow I achieved all six specialty AWS Certifications on first attemptHow to win a $5 Amazon Gift Card, just by signing up for the Amazon News newsletter

Last week in security news: Videos from fwd:cloudsec are now available on YouTube, AWS announces AWS Payment Cryptography, Amazon CodeGuru Security is now available in preview, and more!Links:There was lots of great content presented at fwd:cloudsec. The day-long videos are up on YouTube. You can use the schedule to help find the talks you're interested in.In contrast to AWS's "Shared Responsibility Model", I appreciate GCP's "Shared Fate Model" where they put their own skin in the game in ensuring their customers are protected. In their New Cryptomining Protection Program, they offer $1M in what is basically an insurance policy that comes with Security Command Center Premium.Bob McMillan from the WSJ reports that North Korean hackers have stolen more than $3 billion in crypto over the last 5 years, and their heists are now funding fully half of its ballistic missile program.a16z writes Hiring a Chief Information Security Officer.Removing header remapping from Amazon API Gateway, and notes about our work with security researchers - AWS made a breaking change to respond to a security issue. The security researchers that found the issue wrote their side of the story, describing it as AWS API Gateway header smuggling and cache confusion.Issue with AWS Directory Service EnableRoleAccess - AWS released a security bulletin for this issue, which they seem to do at random for security issues. Ben Bridts from Cloudar found and reported this issue which AWS has fixed. He goes into more detail in his blog post and in a talk at fwd:cloudsec.Amazon CloudWatch Logs data protection account level policy configurationAWS WAF Fraud Control launches account creation fraud prevention and reduced pricingAWS announces AWS Payment CryptographyAWS Transfer Family announces quantum-safe key exchange for SFTPAmazon CodeGuru Security is now available in previewAmazon Inspector announces the general availability of Code Scans for AWS Lambda functionAWS announces Software Bill of Materials export capability in Amazon InspectorAmazon EC2 Instance Connect supports SSH and RDP connectivity without public IP addressAmazon GuardDuty enhances console experience with findings summary viewAmazon Detective extends finding groups to Amazon InspectorAmazon S3 announces dual-layer server-side encryption for compliance workloadsAWS CloudTrail Lake launches curated dashboards for visualizing top CloudTrail trendsAWS IAM Identity Center now supports automated user provisioning from Google Workspace

AWS Morning Brief Extras edition for the week of June 21, 2023.Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/ftc-request-answered-how-cloud-providers-do-businessNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of June 20th, 2023 with Scott Piper filling in for Corey Quinn. Links:AWS announces scripts to bulk updates policies per new AWS Billing and Cost Management permissions Amazon QuickSight now supports APIs to automate and accelerate assets deploymentAmazon Rekognition improves face search accuracy with user vectorsAWS Config supports recording exclusions by resource typeFalcon 40B foundation model from TII available on SageMaker JumpStartAmazon EMR supports price-capacity-optimized allocation strategy for EC2 Spot InstancesAmazon Verified Permissions is now generally availableAnnouncing Live Tail in Amazon CloudWatch Logs, providing real-time exploration of logsaidansteele/rdsconn

Last week in security news: CloudFlare had a Confused Deputy Vulnerability, Moving Away from IAM Identity Center, AWS KMS now supports importing asymmetric and HMAC keys, and more!Links:CloudFlare had a Confused Deputy Vulnerability As I move away from IAM Identity Center, I find it interesting that a lot of folks I respect are doing similar things.I was going to drag this otherwise awesome article disclosing the vulnerability they located within AWS CDK's eks.Cluster component.AWS KMS now supports importing asymmetric and HMAC keys Tool/ Tip of the week: List of documented and undocumented AWS API models

AWS Morning Brief for the week of June 12, 2023 with Corey Quinn. Links:AWS CloudTrail Lake now supports selective start or stop ingestion of CloudTrail events AWS Glue for Ray is now generally available AWS Lambda adds support for Ruby 3.2AWS Mainframe Modernization service is now HIPAA eligibleAnnouncing AWS Snowblade for U.S Department of Defense JWCCAWS Trusted Advisor adds new checks for Amazon EFSAnnouncing the general availability of AWS Database Migration Service ServerlessAnnouncing Live Tail in Amazon CloudWatch Logs, providing real-time exploration of logsAWS announces scripts to bulk updates policies per new AWS Billing and Cost Management permissions Drug Analyzer on AWS Provides Analytics That Inform Treatment Decisions and Support New TherapiesSelecting cost effective capacity reservations for your business-critical workloads on Amazon EC2Announcing Container Image Signing with AWS Signer and Amazon EKS How to deploy workloads in a multicloud environment with AWS developer toolsHow businesses can gain ecommerce capabilities to increase sales A Guide to Maintaining a Healthy Email Database Using Amazon IVS for turnkey town hallsAWS’s long-term commitment to VirginiaHow AWS data centers reuse retired hardware

Last week in security news: Thinkst Canary's Thinkstscapes, Multiple S3 Bucket Negligence Awards, Credit Card Payment Processing on AWS, and more!Links:Thinkst Canary's ThinkstscapesIt's been a while since we've seen a strong, confirmed S3 Bucket Negligence Award, but Toyota has a massive one dating back a decade.Oof, looks like Google's CloudSQL product had a vulnerability that would allow an attacker to escalate to GCP control plane permissions.Holy... Legion malware expands scope to target AWS CloudWatch as well.When it rains, it pours; Capita had an S3 Bucket Negligence Award as well!Credit Card Payment Processing on AWS - Don't do it. Pay Stripe. Amazon Security Lake is now generally availableAnnouncing the AWS Blueprint for Ransomware Defense Get custom data into Amazon Security Lake through ingesting Azure activity logs Tip of the week: When you're starting something new that might turn into a company, use SSO.

AWS Morning Brief Extras edition for the week of June 7, 2023.Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/17-final-ways-to-run-containers/Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of June 5, 2023 with Corey Quinn. Links:Corey is off to Washington DC tomorrow for the Public Sector summit. If you're in town, he’s hosting a drink up at Highline RxR from 6-8 PM tomorrow (Tuesday) evening. Let him buy you a drink!AWS Pricing Calculator now offers visibility of point in time cost estimationsInvoice Summary is now available Optimize your x86-based Amazon EC2 Workloads New – AWS DMS Serverless: Automatically Provisions and Scales Capacity for Migration and Data ReplicationBuild hypothetical indexes in Amazon RDS for PostgreSQL with HypoPGVersion 1 of the AWS Cloud Development Kit (AWS CDK) has reached end-of-supportThe Retail Race: A Roadmap for Implementing a Smart Store Strategy Get ready for AWS IPv6 dayIntroducing a cost control solution for Amazon Braket

Last week in security news: Faster AWS cloud connections with TLS 1.3, Belkin is crappy in many ways, the Tool of the Week, and more!Links:Amazon bought Pillpack, since they wanted to get into being our pharmacy. Now Pillpack reports a data breach affecting more than 19,000 people.Belkin is crappy in many waysAWS partners bring choice of temporary elevated access capabilities to IAM Identity CenterExclude cipher suites at the API gateway using a Network Load Balancer security policy Faster AWS cloud connections with TLS 1.3 Stronger together: Highlights from RSA Conference 2023 This is a fun tool: Is It AWS

AWS Morning Brief for the week of May 30, 2023 with Corey Quinn. Links:Bloomberg reported this week that I referred to AWS's hyped generative AI offerings that nobody I know has been able to access as vaporwareAmazon Aurora PostgreSQL improves availability of read replicas AWS Copilot announces Static Site pattern to host single-page web applications Developing a serverless Slack app using AWS Step Functions and AWS LambdaHow Broadridge used Amazon Managed Blockchain to build a private equity lifecycle management solution Stronger together: Highlights from RSA Conference 2023Welcome to AWS Documentation

Last week in security news: The ex-Ubiquiti engineer who stole a giant pile of their data gets a six year prison term, Bitbucket will be updating their SSH host keys, AWS Reported a GuardDuty Finding Issue, and more!Links:The ex-Ubiquiti engineer who stole a giant pile of their data gets a six year prison termBitbucket will be updating their SSH host keys Google has decided to free up inactive accounts after two years. Okay, that's their policy, but then they have the audacity to lie to our faces and say it's for "security."I have a bunch of Wemo devices at home that control lights. I found out that they've got a buffer overflow that Wemo "will not be fixing" because the devices are end of life.AWS Reported a GuardDuty Finding IssueThe tool of the week: IAMbic lets you tailor AWS Identity Center permissions per account.

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/a-hidden-serverless-perilNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of May 22, 2023 with Corey Quinn. Links:Corey is speaking at Tailscale Up in San Francisco next week; his talk is called "The Managed NAT Gateway Time Machine"AWS announces Amazon Aurora I/O-Optimized AWS Cost Categories now supports “Usage Type” dimension Retiring the AWS Documentation on GitHubPeloton embraces Amazon Redshift to unlock the power of data during changing times Motivations for migration to Amazon DynamoDB Neo Financial achieves Zero Trust goals and meets compliance requirements with Amazon WorkSpaces WebIntroducing AWS GameTime – a new AWS Twitch show Unlock Insights from your Amazon S3 data with intelligent search Estimating AWS Config recorder costs and usage using AWS CloudTrailCreating a strategic approach to government continuity

Last week in security news: Amazon CloudFront announces one-click security protections, SCPkit helps you manage your SCPs, A walk through AWS Verified Access policies, and more!Links:Aetonix was nominated for a potential S3 Bucket Negligence AwardGoogle has launched its Passkey implementationA story about MSI leaking its own signing keysKentik once again has a marvelously unhinged video that you're going to want to watch.This AWS IAM Wishlist is a great place to start if you're an AWS IAM product manageAmazon CloudFront announces one-click security protections A walk through AWS Verified Access policies Tool of the week: SCPkit helps you manage your SCPs

AWS Morning Brief for the week of May 15, 2023 with Corey Quinn. Links:Introducing Amazon EC2 I4g storage-optimized instancesAmazon RDS for PostgreSQL now supports pgvector for simplified ML model integration Amazon VPC IP Address Manager (IPAM) is now available in two additional AWS Regions Private Access to the AWS Management Console is generally availableAWS Systems Manager now allows customers to optimize the compute costs of their applicationsIntroducing Cedar, an open-source language for access control New – Amazon Aurora I/O-Optimized Cluster Configuration with Up to 40% Cost Savings for I/O-Intensive ApplicationsAWS Lambda for the containers developer Committed to our communities: The economic impact of AWS’s $15.6 billion investment in Oregon

Last week in security news: Containing Compromised EC2 Credentials Without (Hopefully) Breaking Things, How to scan your AWS Lambda functions with Amazon Inspector, AWS IAM Actions, And More!Links:The parenthetical in Containing Compromised EC2 Credentials Without (Hopefully) Breaking Things says it all. Amazon S3 now applies two security best practices to all new buckets by defaultHow to scan your AWS Lambda functions with Amazon InspectorAWS IAM Actions

AWS Morning Brief Extras edition for the week of May 10, 2023.Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/9-things-I-love-about-awsNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of May 8, 2023 with Corey Quinn. Links:Announcing Provisioned Capacity for Amazon AthenaAmazon EFS Replication is now available in all AWS RegionsAmazon Redshift launches ra3.xlplus instances in additional Middle East, Europe and Asia Pacific Regions AWS Compute Optimizer now supports filtering by tagsAWS Console Mobile Application launches push notificationsAnnouncing AWS User Notifications general availability Process price transparency data using AWS Glue Patterns for building an API to upload files to Amazon S3Improve query performance and reduce cost using scheduled queries in Amazon TimestreamWorking with JSON data in Amazon DynamoDB The history and future roadmap of the AWS CloudFormation Registry Partnerships extend Just Walk Out technology to more colleges and universitiesQuickly build high-accuracy Generative AI applications on enterprise data using Amazon Kendra, LangChain, and large language models Introducing AWS Verified Access – General Availability

Last week in security news: Tailscale now offers network flow logs, Google had a GhostToken flaw, AWS reported an issue with IAM supporting multiple MFA devices, and more!Links:Tailscale now offers network flow logsGoogle had a GhostToken flaw that let attackers backdoor Google accounts.The folks at SADA found a major bug in Google Cloud; apparently it had the potential to expose the private keys for Google Cloud Service AccountsIssue With IAM Supporting Multiple MFA DevicesThis week in Tools: It's been a while since I linked to CloudMapper

AWS Morning Brief for the week of May 1, 2023 with Corey Quinn. Links:Condolences to my AWS friends affected by last week's layoffs; if I can help, please let me know.Amazon CloudWatch Logs data protection is now available in all AWS Commercial Regions AWS Firewall Manager adds support for multiple administratorsAWS Systems Manager now supports AWS Cloud Development Kit (CDK) applications Working with percolators in Amazon OpenSearch Service AWS Lambda now supports Java 17Optimizing Amazon EC2 Spot Instances with Spot Placement Scores Optimize costs by scheduling provisioned capacity for Amazon DynamoDBPerform intelligent search across emails in your Google workspace using the Gmail connector for Amazon Kendra Best practices and considerations to migrate from VPC Peering to AWS Transit Gateway

Last week in security news: Dealing with Ransomware in the Cloud, Pen Testing AWS, How to prioritize IAM Access Analyzer findings, and more!Links:Last Week in AWS job board AWS had two (minor) Cross-Tenant Vulnerabilities within AWS App Runner.Some company called Invictus has practical experience dealing with ransomware in the cloudChris Farris has a post on Pen Testing AWS.Dark Reading posits that Security Is a Revenue Booster, Not a Cost Center.An Attacker's Perspective on AWS Account IDsHow to prioritize IAM Access Analyzer findings Scale your authorization needs for Secrets Manager using ABAC with IAM Identity CenterNetchecks is a way of programmatically verifying your security controls.I love CloudTrail Lake, and this repository of query samples makes it easier for me to use it.IAMbic offers "GitOps for IAM."

AWS Morning Brief Extras edition for the week of April 26, 2023.Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/why-aws-might-be-the-next-backbone-providerNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill