cloudonaut

#085 Losing trust in KMS

Feb 1, 2024

Andreas and Michael are losing trust in KMS due to a key policy privilege escalation. They discuss the limitations of AWS Management Console and the potential integration with AWS Marketplace solutions. Additionally, they highlight AWS news, including support for reserved capacity in CodeBuild and new encryption mechanisms for containers in AWS.

32:40

Creator website

Episode guests

Michael Wittig

Andreas

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

KMS key policy privilege escalation raises concerns about the trustworthiness of AWS's encryption service.

Limited ability to customize the UI hinders developers and partners from creating a more personalized user experience on AWS.

Deep dives

Key Policy and Access Control in AWS KMS

AWS KMS offers two types of keys: customer managed keys and built-in default keys. The main difference is that customer managed keys allow for changeable key policies, granting more control. However, if changes to the key policy are made and access is accidentally locked out, recovering from a key policy issue can be problematic. There is no built-in recovery mechanism like there is for deleting keys. Additionally, it has been discovered that modifying the key policy can grant unauthorized access, highlighting potential risks and concerns. This raises questions about the effectiveness and trustworthiness of KMS as an encryption service.

Introduction

2min

Customer Managed Keys vs AWS-Managed Keys

11min

Discussing app customization, AWS Marketplace integration, and AWS code build support for reserved capacity

5min

24/7 Resource Availability and Cost Implications

6min

New Encryption Mechanism for Containers in AWS

8min

Andreas and Michael are losing trust in KMS because of a potential key policy privilege escalation.

Andreas and Michael Wittig are building on AWS since 2009. Follow their journey of developing products like bucketAV, marbot, and HyperEnv and learn from practice.

Topics

KMS Key Policy Privilege Escalation
AWS Management Console misses ability to integrate with AWS Marketplace solutions
AWS News Check

Links

Make sure you are not missing upcoming shows …

Projects

Contact and Feedback

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

cloudonaut

#085 Losing trust in KMS

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Key Policy and Access Control in AWS KMS

Extending the User Interface of AWS Services

Latest Features and News in AWS Services

Topics

Links

Subscribe

Projects

Contact and Feedback

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

cloudonaut

#085 Losing trust in KMS

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Key Policy and Access Control in AWS KMS

Extending the User Interface of AWS Services

Latest Features and News in AWS Services

Topics

Links

Subscribe

Projects

Contact and Feedback

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights