AWS Morning Brief

Links: Azure has another security issue around its Synapse offering; this one was discovered by Tenable.Sysdig has a dive into the real threats to SSH on EC2.Tailscale has announced the ability to support Tailscale SSH.Chris Farris has a treatise on the The Philosphy of Prevention when it comes to cloud security.Google Cloud CISO Phil Venables asks whether security analogies are counterproductive. A security issue of sorts was discovered around sts:GetSessionToken Role Chaining in AWSThe person responsible for the giant Capital One hack that took advantage of a series of small AWS misconfigurations has been convicted.Rogue GitHub apps could have hijacked countless repos for a week or two earlier this year.Wickr for Government achieves FedRAMP Ready designationIt takes an open source project like trackiam to collate IAM actions, AWS APIs, and managed policies from all over the placePasswordle lets you guess commonly used passwords.

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/9-ways-aws-cdk-headdeskWant to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/3Mf3_l6iEtA  Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of June 27, 2022 with Corey Quinn.

Links:Travis CI continues to be a security nightmare.Implementing IAM Permission Boundaries with AWS SSO using TerraformA user reported a vulnerability to a company through Bugcrowd. The writeup is really worth reviewing.The RSA conference was apparently a super spreader event.Because nobody beats the Wiz, they've got a post up on the secret agents installed by cloud service providers.Partitioning and Isolating Multi-Tenant SaaS Data with Amazon S3Service Notice – Upcoming changes required for AWS Config | AWS Cloud Operations & Migrations BlogHere's a list of best practices for writing Docker images that don't make you regret running them in production environments.

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/should-you-take-a-job-at-aws/Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/BCiUulzr9f8Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of June 20, 2022 with Corey Quinn.

Links:Azure’s continuing security woesThe Meeting Owl videoconference device apparently had significant security problems Brandon Sherman writes about how Temporal structures its access control strategy with regard to AWS This week's S3 Bucket Negligence Award goes to Mobike.  Cloud Functions or Cloud Run launched from any GCP organization can bypass Google Kubernetes Engine (GKE) Authorized Networks restrictionsProof of someone migrating to SSO and disabling IAM users entirely. AWS blog post about IAM policy types: How and when to use themTailscale

Want to give your ears a break and read this as an article? You’re looking for this link:https://www.lastweekinaws.com/blog/reinvent-keynote-incident/Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/NGvLMsf4Wg8Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcasts

AWS Morning Brief for the week of June 13, 2022 with Corey Quinn.

Links:Nick Jones' review of the AWS Security Model I linked to previously.Microsoft Azure has seen 6 'nightmare' cloud security flaws over the past year. Unsecured Elasticsearch Data Replaced with Ransom NoteAWS Systems Manager announces support for port forwarding to remote hosts using Session Manager When and where to use IAM permissions boundaries Security vulnerability in AWS's Managed Workflows for Apache Airflow