AWS Morning Brief

Last week in security news: Ubiquiti inside attacker pleads guilty, Wiz 2023 State of the Cloud report, the tool of the week, and more!Links:That inside attacker who worked at jackass company Ubiquiti pleads guiltyDatadog's security folk discovered an AWS Console rate limit bypassWiz 2023 State of the Cloud reportThe anatomy of ransomware event targeting data residing in Amazon S3 Tool of the week: aws-firewall-factory 

AWS Morning Brief Extras edition for the week of February 15, 2023.Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/the-dumbest-dollars-a-cloud-provider-can-make/Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of February 13, 2023 with Corey Quinn. Links:Amazon Chime SDK now offers a Windows client libraryAmazon CloudWatch now supports high resolution metric extraction from structured logsAWS SAM CLI introduces ‘sam list’ command to inspect AWS SAM resources Get cost estimates faster with AWS Pricing Calculator bulk import New – Visualize Your VPC Resources from Amazon VPC Creation Experience Introducing the AWS ProServe Hadoop Migration Delivery Kit TCO tool Introducing the Amazon EKS Workshop Using GitHub Actions with Amazon CodeCatalyst Using Amazon CloudWatch metrics to monitor time to expiration for Reserved Instances 

Links:In this down market, it's good to know that jobs paying six (and rarely, seven!) figure salaries, giving bonuses, and of course including paid time off are still out there. Unfortunately they're working for cybercrime groups.Ian McKay is great--but given his history of creating awesome-yet-horrifying things in AWS I read this piece on Cedar (AWS's new policy language) Popular drone manufacturer CrowdStrike reports on how Adversaries Can Persist with AWS User Federation,How to set up ongoing replication from your third-party secrets manager to AWS Secrets Manager Want to chain roles in a way that works for more than an hour? Role Chain Juggling has you covered. 

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/the-aws-community-isnt-for-amazoniansNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

Links:Amazon announced its fourth quarter and FY 2022 results last week; Tim Bray has an analysis that's absolutely worth reading. Amazon CloudWatch now simplifies metric extraction from structured logsAmazon MemoryDB for Redis Announces 99.99% Availability Service Level AgreementAWS CloudTrail Lake now supports ingestion of activity events from non-AWS sourcesAWS announces access of Simple Monthly Calculator estimates in the AWS Pricing Calculator Amazon increases NAT Gateway’s capacity to support concurrent connections to a unique destinationAmazon EMR launches support for Amazon EC2 C7g (Graviton3) instances to improve cost performance for Spark workloads by 7–13%Analyze Amazon S3 storage costs using AWS Cost and Usage Reports, Amazon S3 Inventory, and Amazon Athena AWS shows why physical stores matter more than ever at NRF 2023

Links:Azure messed up a regular expressionGitHub's blog has a piece on passwordless deployments to the cloudLastPass has now admitted that the attackers stole customers' backups and encryption keyDeploy a dashboard for AWS WAF with minimal effort Thinkst's free service now supports credit card tokens.precloud is a suite of dynamic tests for infrastructure as code. 

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/s3-encryption-at-rest-does-not-solve-for-bucket-negligence/Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

This episode is sponsored in part by the Google for Startups Cloud ProgramLinks:AWS Purity Test Amazon Detective adds Amazon VPC Flow Logs visualizations for Amazon EKS workloads AWS Elemental MediaLive adds timecode burn-in AWS Pricing Calculator now supports optimized pricing estimation for EC2 Dedicated Hosts Announcing Porting Advisor for Graviton Now Open — AWS Asia Pacific (Melbourne) Region in Australia Amazon OpenSearch Serverless is now generally available!AWS Lambda: Resilience under-the-hood VPC Routing Enhancements and GWLB Deployment PatternsIntroducing AWS Lambda runtime management controls 

Links:Datadog reports that an undocumented API allowed CloudTrail bypassMailChimp was breached and had customer data exposedFolks can use GitHub Codespaces to host and deliver malware.How to revoke federated users’ active AWS sessionsThe worst backup software known to humankind