AWS Morning Brief

Links:In this down market, it's good to know that jobs paying six (and rarely, seven!) figure salaries, giving bonuses, and of course including paid time off are still out there. Unfortunately they're working for cybercrime groups.Ian McKay is great--but given his history of creating awesome-yet-horrifying things in AWS I read this piece on Cedar (AWS's new policy language) Popular drone manufacturer CrowdStrike reports on how Adversaries Can Persist with AWS User Federation,How to set up ongoing replication from your third-party secrets manager to AWS Secrets Manager Want to chain roles in a way that works for more than an hour? Role Chain Juggling has you covered. 

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/the-aws-community-isnt-for-amazoniansNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

Links:Amazon announced its fourth quarter and FY 2022 results last week; Tim Bray has an analysis that's absolutely worth reading. Amazon CloudWatch now simplifies metric extraction from structured logsAmazon MemoryDB for Redis Announces 99.99% Availability Service Level AgreementAWS CloudTrail Lake now supports ingestion of activity events from non-AWS sourcesAWS announces access of Simple Monthly Calculator estimates in the AWS Pricing Calculator Amazon increases NAT Gateway’s capacity to support concurrent connections to a unique destinationAmazon EMR launches support for Amazon EC2 C7g (Graviton3) instances to improve cost performance for Spark workloads by 7–13%Analyze Amazon S3 storage costs using AWS Cost and Usage Reports, Amazon S3 Inventory, and Amazon Athena AWS shows why physical stores matter more than ever at NRF 2023

Links:Azure messed up a regular expressionGitHub's blog has a piece on passwordless deployments to the cloudLastPass has now admitted that the attackers stole customers' backups and encryption keyDeploy a dashboard for AWS WAF with minimal effort Thinkst's free service now supports credit card tokens.precloud is a suite of dynamic tests for infrastructure as code. 

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/s3-encryption-at-rest-does-not-solve-for-bucket-negligence/Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

This episode is sponsored in part by the Google for Startups Cloud ProgramLinks:AWS Purity Test Amazon Detective adds Amazon VPC Flow Logs visualizations for Amazon EKS workloads AWS Elemental MediaLive adds timecode burn-in AWS Pricing Calculator now supports optimized pricing estimation for EC2 Dedicated Hosts Announcing Porting Advisor for Graviton Now Open — AWS Asia Pacific (Melbourne) Region in Australia Amazon OpenSearch Serverless is now generally available!AWS Lambda: Resilience under-the-hood VPC Routing Enhancements and GWLB Deployment PatternsIntroducing AWS Lambda runtime management controls 

Links:Datadog reports that an undocumented API allowed CloudTrail bypassMailChimp was breached and had customer data exposedFolks can use GitHub Codespaces to host and deliver malware.How to revoke federated users’ active AWS sessionsThe worst backup software known to humankind

Links:Amazon CloudFront now supports the request header order and header count headersAmazon ECS announces the new default console experience Amazon EFS Supports 1,000 Access Points per File SystemAWS Nitro Enclaves announces support for multiple enclavesAWS Network Optimization Tips Introducing multi-function packager, allowing more than one function per event trigger on Amazon CloudFront Winning the Cat-and-Mouse Race: Staying One Step Ahead of Streaming Free-Riders with GeoGuard and AWS

Links:Join Corey in Phoenix next Sunday at 1PM at Zuzu for a community meet-up.Rackspace continues to trickle the truth out; it's now admitting that attackers accessed customer data Tom Forbes scanned--wait, holy hell, he scanned every package on PyPi and found 57 live AWS keys. In one year we're going to come back and see how accurate the heads of AWS security are with their predictions for cybersecurity in 2023Today's tip of the week is to go fire up your important AWS account(s) and validate that the root user doesn't have API credentials assigned.

Links:Join Corey in Phoenix next Sunday at 1PM at Zuzu for a community meet-up.AWS Config supports 22 new resource types Changes to AWS Billing, Cost Management, and Account Consoles PermissionsRun a popular benchmark on Amazon Redshift Serverless easily with AWS Data ExchangeHow to optimize costs for grant-based research projects with AWS