AWS Morning Brief

This episode is sponsored in part by the Google for Startups Cloud ProgramLinks:CircleCI came out with a security alert urging you to rotate any secrets stored in CircleCI.Another bite at the craptastic LastPass breach response, this article parses their weak-sauce PR statement Over the holidays Slack had some private GitHub code repositories stolen.ACSESSED is another Azure vulnerabilityAmazon S3 Encrypts New Objects By Default Updated whitepaper available: AWS Security Incident Response Guideiamfast analyzes your application code to generate a least-privilege IAM policy.Wiz has come up with and open sourced PEACH, a tenant isolation framework for cloud applications.

Links:Amazon CloudFront now supports the removal of response headers Amazon SageMaker is now available in AWS Middle East (UAE) RegionAmazon Neptune announces graph-explorer, an open-source visual exploration tool for low-code usersAn elastic deployment of Stable Diffusion with Discord on AWS Measure the Business Impact of Personalize Recommendations How Heineken’s Connected Brewery Ecosystem fuels automation 

inks:AWS Lambda Security Threats and MitigationsLastPass now admits that hackers stole customers’ password vaults.Google WordPress Plug-in Bug McGraw Hill earned this week’s S3 Bucket Negligence Award for exposing 100K students' gradesAnnouncing the new security widget on AWS Console Home Introducing the Security Design of the AWS Nitro System whitepaper Please +1 my request to add support for an ~/.aws/config.d/ directory to the AWS cli. 

This episode originally aired on October 13, 2021Check out a related YouTube Video here: https://youtu.be/BCiUulzr9f8Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

Links:Amazon Connect now allows contact center managers to join ongoing calls Amazon OpenSearch Service now supports Amazon Graviton2 (M6g, C6g, R6g, and R6gd) instances in four additional regionsAWS IQ launches public profiles for companies AWS Organizations console adds support to centrally manage region opt-in settings on AWS accountsROSA now provides an AWS Management Console experience for satisfying ROSA prerequisites Amazon EMR Serverless cost estimator AWS Multi-Region Fundamentals - AWS Multi-Region Fundamentals Organize your AWS Serverless code to prevent merge conflicts 

Links:Azure's VP of Security Engineering published a post describing their approach to cloud vulnerabilitiesPanther deployed Yubikeys internally and blogged about it.LastPass has (yet again) suffered a breach, and published a no-content advisory that TechCrunch took the time to parse through. Apparently Wiz decided to poke around a bit into IBM "Cloud" and found a bunch of security issues. Prepare for consolidated controls view and consolidated control findings in AWS Security Hub Reported ECR Public Gallery IssueFrom the world of tools: osquery turns your operating system into a database

This episode originally aired on July 17, 2020.Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/the_right_and_wrong_way_to_interview_engineers/Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

Discussion on cloud providers and recent AWS updates, such as Google Cloud's developer experience, AWS Control Tower enhancements, and Launch Darkly's experience with Amazon Kinesis Data Streams

Links:Infosys leaked FullAdminAccess AWS keys on PyPi for over a year.Rackspace has suffered a ransomware attack AWS Security Hub now integrates with AWS Control TowerAWS Verified Access Preview — VPN-less Secure Network Access to Corporate ApplicationsThe Open Source Security Index 

This episode was originally released on August 20, 2021.Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/a_multicloud_rant/Want to watch a rant about Multi-Cloud? Watch our Multi-Cloud is a Terrible Idea YouTube Video here: https://youtu.be/Mlr7vioQqwgNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill