AWS Morning Brief

AWS Morning Brief for the week of Monday, September 26th with Corey Quinn.

Links:If you're near Arlington Virgina, come on by Highline this evening at 7PM and let me buy you a drink.Are you confused by AWS's KMS service? Me too. This guide to KMS helped a lot--and you really don't want to be confused by security things.BHIM leaks the details of 7.26 million users and scores themselves an S3 Bucket Negligence Award in the process. Stop doing this!Securely Using External ID for Accessing AWS Accounts Owned by Others - AWS blesses us with a great rundown of how to think about external IDs for accessing AWS accounts. Use AWS Network Firewall to filter outbound HTTPS traffic from applications hosted on Amazon EKS and collect hostnames provided by SNI- Don't let your sensitive environments connect all willy-nilly (or more formally, all William-Nilliam) to anything they want on the internet. Last week I mentioned that you might want to enable TouchID to approve sudo requests on macOS. A couple of you pointed out that this setting gets wiped on OS updates, so having a script like this handy to reapply it will likely serve you well. Cloudfox is a great collection of scripts stuffed into a framework and called a tool that empowers cloud penetration tests. Much like the industry, it biases heavily for AWS; take a look.

Want to give your ears a break and read this as an article? You’re looking for this link.Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/2ve_Xmtx7_oNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of September 19th, 2022 with Corey Quinn.

Links:Nick Frichette wrote an incredibly handy guide on the ordered steps to take to avoid CloudFront or DNS domain takeovers on AWS.This handy walkthrough talks about how to configure something that shrieks its head off whenever someone logs into AWS via the root account.The Center for Internet Security just released an update to the AWS version of their security benchmarks, and this approachable post goes through what's new.Introducing message data protection for Amazon SNS - This is a bit hard to wrap my head around--then Scott Piper nailed it with "it's Macie for SNS and now I'm wondering what the point of me even is. I've talked about Parliament before--it's an AWS IAM linting library. Version 1.6.0 just dropped.I'll be in the DC area next week; come by Highline at 7PM and let me buy you a drink / swap stories if you're around.

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/google-cloud-functions-is-surprisingly-delightfulWant to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/lV-Q0EO63foNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of September 12, 2022 with Corey Quinn.

Links:1Password frankly got it wrong with their assertion that you shouldn't bother with MFA for 1Password itself. Joe Frichette has a handy guide on the ordered steps to take to avoid CloudFront or DNS domain takeovers on AWSOver 1,000 iOS apps found exposing hardcoded AWS credentialsChris Farris has a great post covering how to handle Incident Response in AWS.Announcing new AWS IAM Identity Center APIs to manage users and groups at scale How to subscribe to the new Security Hub Announcements topic for Amazon SNS This week's tool is an open source dingus that lets you use TouchID on supported Macs to authenticate sudo on macOS.

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/the-harrowing-search-for-the-elusive-technical-answerWant to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/mZDquxNO09s\\Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsBuy our merch https://store.lastweekinaws.comWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of September 5, 2022 with Corey Quinn.