AWS Morning Brief

Links:Last Week in AWS Community SlackVPC LatticeAWS Supply ChainOpenSearch ServerlessAWS Verified AccessStay Up To Date with re:QuinnventSign up for the re:Quinnvent NewsletterCheck out the re:Quinnvent playlist on YouTubeIf you’re on site:Join Corey for a Nature Walk through the Expo Hall beginning at the Fortinet booth today (11/29/22) at 1pm PST or For drinks at Atomic Liquors tonight at 8:15 pm PST.Tomorrow evening is re:Play, if you see Corey there, please say hello!Help the showShare your feedbackSubscribe wherever you get your podcastsBuy our merchWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

Links:Last Week in AWS Community SlackAmazon ECS Service ConnectAmazon RDS Optimized Reads and WritesFully Managed Blue / Green Deployments in Aurora and RDSProtect Sensitive Data with CloudWatch LogsAmazon cloudWatch Cross-Account ObservabilityStay Up To Date with re:QuinnventSign up for the re:Quinnvent NewsletterCheck out the re:Quinnvent playlist on YouTubeIf you’re on site:Join Corey for a Nature Walk through the Expo Hall beginning at the Fortinet booth tomorrow (11/29/22) at 1pm PST or For drinks at Atomic Liquors tomorrow evening at 8:15 pm PST.Help the showShare your feedbackSubscribe wherever you get your podcastsBuy our merchWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

Links:Tiered storage for MSKLambda telemetry APIResource Explorer LaunchedGP3 comes to RDSAmazon Time Sync is now available as a public NTP serviceZurich regionSpain RegionHyderabad RegionFaster glacier restoresmultiple MFA devicesFinchAWS Fault Isolation Boundaries whitepaperStay Up To Date with re:QuinnventSign up for the re:Quinnvent NewsletterCheck out the re:Quinnvent playlist on YouTubeHelp the showShare your feedbackSubscribe wherever you get your podcastsBuy our merchWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/the-feudal-lords-of-amazon/Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/g1guW6tiR50Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

Links:Amazon NAT Gateway Now Allows You to Select Private IP Address for Network Address TranslationAmazon S3 Glacier improves restore throughput by up to 10x when retrieving large volumes of archived dataAmazon Time Sync is now available over the internet as a public NTP serviceAWS re:Post launches a community leaderboardAnnouncing the new Applications widget on AWS Console HomeAmazon S3 request-level information on use of access control lists (ACLs) coming to S3 server access logs and AWS CloudTrail Know Before You Go: An AWS Partner’s Guide to re:Invent 2022Introducing our final AWS Heroes of the year – November 2022Now Open–AWS Region in SpainIntroducing Amazon EventBridge SchedulerMigrate ROW CHANGE TIMESTAMP from IBM Db2 for z/OS to Amazon RDS for PostgreSQL or Amazon Aurora PostgreSQL-Compatible EditionYou can now assign multiple MFA devices in IAM

Links:A super-neat exploration of the Lambda execution environment from a security perspective.Detect and block advanced bot traffic How to evaluate and use ECDSA certificates in AWS Certificate Manager - AWS released support for ECDSA certificates.Canary Tokens

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/How-To-Learn-Something-New-Kubernetes-the-Much-Harder-WayWant to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/bpp5tpgU6CENever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

Links:Ben Kehoe has left iRobot. And where's he going next? Presumably to re:Invent! I am too, with my re:Quinnvent nonsenseAmazon Athena announces Query Result Reuse to accelerate queriesAmazon EC2 enables you to opt out of directly shared Amazon Machine ImagesAmazon EC2 placement groups can now be shared across multiple AWS accounts Amazon EC2 now supports specifying list of instance types to use in attribute-based instance type selection for Auto Scaling groups, EC2 Fleet, and Spot Fleet Amazon Lightsail announces support for domain registration and DNS autoconfigurationAmazon RDS now supports new General Purpose gp3 storage volumesAnnouncing recurring custom line items for AWS Billing ConductorAWS Lambda announces Telemetry API, further enriching monitoring and observability capabilities of Lambda ExtensionsAWS Cost Explorer’s New Look and Common Use CasesA New AWS Region Opens in Switzerland - eu-central-2 is now available.Introducing AWS Resource Explorer – Quickly Find Resources in Your AWS Account Overview of building resilient applications with Amazon DynamoDB global tables Publish Amazon DevOps Guru Insights to Slack ChannelUncompressed Media over IP on AWS: Read the whitepaper Enable cross-account queries on AWS CloudTrail lake using delegated administration from AWS OrganizationsNASA and ASDI announce no-cost access to important climate dataset on the AWS Cloud

Links:I really like this idea of an AWS account solely for getting into other AWS accounts. Amazon accidentally exposed an internal server packed with Prime Video viewing habits.How to use trust policies with IAM roles - "It's an older post sir, but it checks out." OpenSSL Security Advisories - November 2022Tool of the week: s3crets_scanner

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/an-alternat-future-we-now-have-a-nat-gateway-replacement/Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

Links:Amazon MSK now offers a new low-cost storage tier that scales to virtually unlimited storageAmazon Virtual Private Cloud (VPC) now supports the transfer of Elastic IP addresses between AWS accountsAWS IoT Core announces Location Action to route location data from IoT devices to Amazon Location ServiceAmazon Connect Customer Profiles now surfaces additional customer information in the Amazon Connect Agent Application Keeping Pace with FinServ Regulatory Compliance Demands with Smarsh and AWS Use Alexa devices to initiate customer service with Amazon ConnectHow USAA built an Amazon S3 malware scanning solution Vela Games Cuts Game Build Times by 60% Using Infrastructure on AWSAmazon Simple Email Service (SES) helps improve inbox deliverability with new featuresIncreasing sustainability for your Microsoft workloads on AWSHow Nomad uses Amazon IVS to scale public court livestreamsExport historical Security Hub findings to an S3 bucket to enable complex analytics How to control non-HTTP and non-HTTPS traffic to a DNS domain with AWS Network Firewall and AWS Lambda

Links:SOCRadar demonstrated a significant leak that spanned the world; it distills down to an Azure equivalent of an open S3 bucket.This security recap of 2022 Google Next and Microsoft Ignite is worth reading if you're doing things in that particular side of the ecosystem.IAM Access Analyzer findings now support Amazon SNS topics and five other AWS resource types to help you identify public and cross-account access DNS Analysis Server is a tool that can be used to demonstrate vulnerabilities in your DNS configuration. A very reasonable API Security Checklist of things to consider before releasing your API to the world.

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/aws-re-invent-what-you-actually-need-to-know-before-you-go/Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/lZPDfTXmfI4Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

Links:Amazon Aurora supports cluster export to S3 Amazon Cognito now provides user pool deletion protection Amazon Connect adds real-time schedule adherenceAmazon EC2 enables easier patching of guest operating system and applications with Replace Root Volume Amazon Neptune Serverless is now generally available Introducing the Amazon OpenSearch Service delivery programAmazon SageMaker Canvas supports tags to track and allocate costs incurred by users AWS Console Mobile Application adds support for AWS CloudShell AWS Fault Injection Simulator now supports network connectivity disruptionAWS Nitro Enclaves is now supported on AWS GravitonAWS Organizations console now allows users to centrally manage primary contact information on AWS accounts AWS Private Certificate Authority introduces a mode for short-lived certificates Announcing dark mode support in the AWS Management Console EC2 High Memory instances with 18TiB and 24TiB of memory are now available with On-Demand and Savings Plan purchase options How to take advantage of the AWS Free TierGoldman Sachs, a legacy financial services firm, transforms its operations on AWS Reduce food waste to improve sustainability and financial results in retail with Amazon Forecast Cost Optimization recommendations for AWS Config Optimize your Amazon EC2 instances cost at scale by migrating from Intel to AMD using AWS Systems Manager Automation

Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/the-real-reason-cloud-ide-adoption-is-laggingWant to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/fRc0maN0Z_INever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

Links:Go to snark.cloud/shirt to get your limited edition S3 8th Wonder of the World t-shirt to benefit our friends at 826 NationalAmazon CloudFront adds fields for origin latency and ASN in real-time logs for more granular insightsAmazon EC2 adds Service Quotas for Amazon Machine Images (AMIs)Amazon WorkDocs adds support for Apple Silicon MacBooksAWS Control Tower now available in GovCloud (US) Regions Announcing increased AWS IAM Identity Center default quota valuesAnnouncing AWS Parameters and Secrets Lambda ExtensionAnnouncing Camera Stream Pause and Resume on AWS PanoramaAnnouncing Red Hat Enterprise Linux (RHEL) Workstation on AWSAnnouncing Remote Reboot for AWS PanoramaHow can I get insights into my portfolio with AWS Cost Explorer?Migrate Google Cloud for MySQL to Amazon Aurora MySQLHost code-server on Amazon SageMakerWorking backwards from Vision Zero to improve road safety Changes to AWS Certification exam delivery

Links:A walkthrough that takes us on a whirlwind tour of AWS Secrets Manager and the principle of least-privilege. Azure Arc-enabled Kubernetes privilege escalation vulnerabilityDatadog has an report out on the The State of AWS SecuritySimplifying serverless permissions with AWS SAM Connectors Tool of the week: trailscraper gets signal from noise when it comes to CloudTrail logs.

Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/a-brief-history-of-kubernetes-its-use-cases-and-its-problems Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/StlZwvsq9tcNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

Links:Amazon Chime announces new mobile apps with features to improve your meeting experienceAmazon Detective improves search by supporting case insensitivity AWS Activate is now open to all startups AWS CloudFormation StackSets increases limits on three service quotasAWS IQ now supports partners and independent consultants in Australia, Europe, Japan, and other regionsAnnouncing a new Cost Explorer console experience Omdia study: how the media and entertainment industry uses cloud marketplace solutionsBest Practices for Hosting Regulated Gaming Workloads in AWS Local Zones and on AWS OutpostsReducing AWS Fargate Startup Times with zstd Compressed Container ImagesManaging your Game Studio on AWS part 2Netflix innovates and entertains the world, powered by AWS How to use AWS Config and CloudTrail to find who made changes to a resource Introducing AWS Global Accelerator IPv6 Canary Testing with AWS App Mesh and TektonThe economic impact of AWS’s investment in Japan Goldman Sachs and AWS examine efficient ways to load data into quantum computers The importance of a mentor in your cloud learning journey

Links:AWS Permission Boundaries for Dummies. Improve the Availability of Existing Okta IAM Federation Setup Using Multi-Region SAML Endpoints Use existing Logging and Security Account with AWS Control TowerIAM Access Analyzer makes it simpler to author and validate role trust policies Tool of the week: cleanup-aws-access-keys

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/aws-data-transfer-charges-ingress-actually-is-free/Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

Links:AWS Cloud Map Updates Service Level Agreement Amazon DevOps Guru now allows customers control over the notifications they receive Amazon S3 Object Lambda now supports using your own code to modify the results of S3 HEAD and LIST API requestsAmazon SageMaker Clarify now can provide near real-time explanations for ML predictions AWS Lambda Functions powered by AWS Graviton2 now available in 12 additional regionsThe five most visited Amazon DynamoDB blog posts of 2022 Prevent account takeover at login with the new Account Takeover Insights model in Amazon Fraud Detector Bootstrapping multiple AWS accounts for AWS CDK using CloudFormation StackSetsDesigning hyperscale Amazon VPC networks

Links:AWS RDS Aurora wish list The Confusing Lifetimes of AWS IAM Identity Center Access TokensAWS announces updated Support Plans Console with new IAM controlsHow to automatically build forensic kernel modules for Amazon Linux EC2 instancesTool of the week: aws-security-survival-kit

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/confidential-computing-is-for-the-tinfoil-hat-brigadeWant to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/z_jD64jGhhINever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

Links:Amazon S3 Replication Time Control for predictable replication time now available in the AWS China (Beijing) and AWS China (Ningxia) Regions Amazon SageMaker Canvas supports mathematical functions and operators for richer data exploration Snow Amazon Linux 2 (AL2) Amazon Machine Image (AMI) available on all Snow Family jobs Announcing 1-Click templates and tutorials in AWS Budgets AWS Certificate Manager Private Certificate Authority is now AWS Private Certificate AuthorityAWS Cloud Control API now supports AWS PrivateLinkAWS Compute Optimizer now supports 37 new EC2 instance types and new memory metrics for Windows instancesAWS Copilot, a CLI for the containerized apps, adds IAM permission boundaries and more AWS Cost Categories now support retroactive rules application Amazon File Cache – A High Performance Cache On AWS For Your On-Premises File Systems Amazon WorkSpaces Introduces Ubuntu DesktopsMigrate from Oracle RAC to AWS: Alternatives on AWSSet up enterprise-level cost allocation for ML environments and workloads using resource tagging in Amazon SageMakerSecure media delivery at the edge on Amazon Web Services

Links:The Challenges of Assessing Kubernetes clusters for PCI Compliance. Tailscale released a post titled What we learned (and can share) from passing our SOC 2 Type II audit that is absolutely worth your time and attention.Our friends at Wiz discovered a vulnerability in Oracle Cloud’s security where you could mount other customers' EBS volumes simply by asking the API to do so. From the Mouth of AWS Horse: Announcing an update to IAM role trust policy behavior In the world of tools, AWS has launched its rolesanywhere-credential-helper

Want to give your ears a break and read this as an article? You’re looking for this link.Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/iOqSjqhD2lcNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of Monday, September 26th with Corey Quinn.

Links:If you're near Arlington Virgina, come on by Highline this evening at 7PM and let me buy you a drink.Are you confused by AWS's KMS service? Me too. This guide to KMS helped a lot--and you really don't want to be confused by security things.BHIM leaks the details of 7.26 million users and scores themselves an S3 Bucket Negligence Award in the process. Stop doing this!Securely Using External ID for Accessing AWS Accounts Owned by Others - AWS blesses us with a great rundown of how to think about external IDs for accessing AWS accounts. Use AWS Network Firewall to filter outbound HTTPS traffic from applications hosted on Amazon EKS and collect hostnames provided by SNI- Don't let your sensitive environments connect all willy-nilly (or more formally, all William-Nilliam) to anything they want on the internet. Last week I mentioned that you might want to enable TouchID to approve sudo requests on macOS. A couple of you pointed out that this setting gets wiped on OS updates, so having a script like this handy to reapply it will likely serve you well. Cloudfox is a great collection of scripts stuffed into a framework and called a tool that empowers cloud penetration tests. Much like the industry, it biases heavily for AWS; take a look.

Want to give your ears a break and read this as an article? You’re looking for this link.Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/2ve_Xmtx7_oNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of September 19th, 2022 with Corey Quinn.

Links:Nick Frichette wrote an incredibly handy guide on the ordered steps to take to avoid CloudFront or DNS domain takeovers on AWS.This handy walkthrough talks about how to configure something that shrieks its head off whenever someone logs into AWS via the root account.The Center for Internet Security just released an update to the AWS version of their security benchmarks, and this approachable post goes through what's new.Introducing message data protection for Amazon SNS - This is a bit hard to wrap my head around--then Scott Piper nailed it with "it's Macie for SNS and now I'm wondering what the point of me even is. I've talked about Parliament before--it's an AWS IAM linting library. Version 1.6.0 just dropped.I'll be in the DC area next week; come by Highline at 7PM and let me buy you a drink / swap stories if you're around.

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/google-cloud-functions-is-surprisingly-delightfulWant to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/lV-Q0EO63foNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of September 12, 2022 with Corey Quinn.

Links:1Password frankly got it wrong with their assertion that you shouldn't bother with MFA for 1Password itself. Joe Frichette has a handy guide on the ordered steps to take to avoid CloudFront or DNS domain takeovers on AWSOver 1,000 iOS apps found exposing hardcoded AWS credentialsChris Farris has a great post covering how to handle Incident Response in AWS.Announcing new AWS IAM Identity Center APIs to manage users and groups at scale How to subscribe to the new Security Hub Announcements topic for Amazon SNS This week's tool is an open source dingus that lets you use TouchID on supported Macs to authenticate sudo on macOS.

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/the-harrowing-search-for-the-elusive-technical-answerWant to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/mZDquxNO09s\\Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of September 5, 2022 with Corey Quinn.

Links:Last week LastPass reported (yet another) security issue, wherein their source code was stolen. Finally: an honest recap of fwd:cloudsec and re:Inforce 2022 from someone who had the stomach to sit through the entirety of the latter.The Register reports on a growing trend of using AWS resources to hide phishing attacks.Expanded eligibility for the free MFA security key program How to centralize findings and automate deletion for unused IAM rolesIdentifying publicly accessible resources with Amazon VPC Network Access Analyzer The tool of the week: popeye is a Kubernetes cluster resource sanitizer.

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/how-google-cloud-and-aws-approach-customer-carbon-emissionsWant to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/eyO1DqP9LhYNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of August 29, 2022 with Corey Quinn.

Links:Fascinating allegations have come from Twitter's former CISO about an alleged trashfire approach to security intrinsic to their culture.Microsoft employees exposed their own Azure credentials via GitHubA fascinating discovery by the folks at WizHow to detect suspicious activity in your AWS account by using private decoy resources Remember to opt out of AWS AI data usage.

Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/sagemaker_is_responsible_for_my_surprise_bill/Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/LCZjSZhRAjsNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of August 22, 2022 with Corey Quinn.

Links:Apparently there's been some dependency confusion in AWS CodeArtifact.PlatformQ wins this week's S3 Bucket Negligence Award Found an interesting article that suggests that ransomware in AWS isn't a purely theoretical concern.Protocol interview with AWS CISO CJ Moses about his cloud security challenges.AWS co-announces release of the Open Cybersecurity Schema Framework (OCSF) projectTrivy is a security scanner for vulnerabilities in container images, Git repositories, filesystems, and various bits of configuration.

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/an_unexpected_love_letter_to_azure/Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/NIsF_NS1B0kNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of August 15, 2022 with Corey Quinn.

Links:Twilio's disclosure of an Employee and Customer Account Compromise. Update of AWS Security Reference Architecture is now availableAs the linked tweet says: "If you check out the AWS docs on IAM policy parsing order there is a flowchart that shows you can get an Allow outcome before the boundary policy is evaluated." IAM-Deescalate: is an open source tool to help users reduce the risk of privilege escalation.

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/why_amazon_cant_end_the_release_tidal_wave/Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/eKMxBNF5N-kNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of August 8, 2022 with Corey Quinn.

Links:35K GitHub repos had been compromised by malware. GitHub security issued a response within 24 hours showing what their findings indicate and clarifying the situation.Scale your workforce access management with AWS IAM Identity Center (previously known as AWS SSO)Welcoming the AWS Customer Incident Response Team - Surprisingly this doesn't require a paid support plan.iamlive generates IAM policies from AWS calls via client-side monitoring