AWS Morning Brief

Links:Amazon S3 Replication Time Control for predictable replication time now available in the AWS China (Beijing) and AWS China (Ningxia) Regions Amazon SageMaker Canvas supports mathematical functions and operators for richer data exploration Snow Amazon Linux 2 (AL2) Amazon Machine Image (AMI) available on all Snow Family jobs Announcing 1-Click templates and tutorials in AWS Budgets AWS Certificate Manager Private Certificate Authority is now AWS Private Certificate AuthorityAWS Cloud Control API now supports AWS PrivateLinkAWS Compute Optimizer now supports 37 new EC2 instance types and new memory metrics for Windows instancesAWS Copilot, a CLI for the containerized apps, adds IAM permission boundaries and more AWS Cost Categories now support retroactive rules application Amazon File Cache – A High Performance Cache On AWS For Your On-Premises File Systems Amazon WorkSpaces Introduces Ubuntu DesktopsMigrate from Oracle RAC to AWS: Alternatives on AWSSet up enterprise-level cost allocation for ML environments and workloads using resource tagging in Amazon SageMakerSecure media delivery at the edge on Amazon Web Services 

Links:The Challenges of Assessing Kubernetes clusters for PCI Compliance. Tailscale released a post titled What we learned (and can share) from passing our SOC 2 Type II audit that is absolutely worth your time and attention.Our friends at Wiz discovered a vulnerability in Oracle Cloud’s security where you could mount other customers' EBS volumes simply by asking the API to do so. From the Mouth of AWS Horse: Announcing an update to IAM role trust policy behavior In the world of tools, AWS has launched its rolesanywhere-credential-helper

Want to give your ears a break and read this as an article? You’re looking for this link.Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/iOqSjqhD2lcNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of Monday, September 26th with Corey Quinn.

Links:If you're near Arlington Virgina, come on by Highline this evening at 7PM and let me buy you a drink.Are you confused by AWS's KMS service? Me too. This guide to KMS helped a lot--and you really don't want to be confused by security things.BHIM leaks the details of 7.26 million users and scores themselves an S3 Bucket Negligence Award in the process. Stop doing this!Securely Using External ID for Accessing AWS Accounts Owned by Others - AWS blesses us with a great rundown of how to think about external IDs for accessing AWS accounts. Use AWS Network Firewall to filter outbound HTTPS traffic from applications hosted on Amazon EKS and collect hostnames provided by SNI- Don't let your sensitive environments connect all willy-nilly (or more formally, all William-Nilliam) to anything they want on the internet. Last week I mentioned that you might want to enable TouchID to approve sudo requests on macOS. A couple of you pointed out that this setting gets wiped on OS updates, so having a script like this handy to reapply it will likely serve you well. Cloudfox is a great collection of scripts stuffed into a framework and called a tool that empowers cloud penetration tests. Much like the industry, it biases heavily for AWS; take a look.

Want to give your ears a break and read this as an article? You’re looking for this link.Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/2ve_Xmtx7_oNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of September 19th, 2022 with Corey Quinn.

Links:Nick Frichette wrote an incredibly handy guide on the ordered steps to take to avoid CloudFront or DNS domain takeovers on AWS.This handy walkthrough talks about how to configure something that shrieks its head off whenever someone logs into AWS via the root account.The Center for Internet Security just released an update to the AWS version of their security benchmarks, and this approachable post goes through what's new.Introducing message data protection for Amazon SNS - This is a bit hard to wrap my head around--then Scott Piper nailed it with "it's Macie for SNS and now I'm wondering what the point of me even is. I've talked about Parliament before--it's an AWS IAM linting library. Version 1.6.0 just dropped.I'll be in the DC area next week; come by Highline at 7PM and let me buy you a drink / swap stories if you're around.

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/google-cloud-functions-is-surprisingly-delightfulWant to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/lV-Q0EO63foNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of September 12, 2022 with Corey Quinn.