AWS Morning Brief

AWS Morning Brief for the week of July 18th, 2022 with Corey Quinn.

Links:My article on the dangers of chatbots led someone to share this concern-affirming tale. Extend AWS IAM roles to workloads outside of AWS with IAM Roles Anywhere How to tune TLS for hybrid post-quantum cryptography with Kyber hasIAMfailedopenyet.com is a site that triggers a Lambda function on every invocation that attempts to access something it cannot. 

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/coreys-security-posture-2022Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/dHDY69hIvvkNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of July 11, 2022 with Corey Quinn.

Links:The most recently reported Azure vulnerabilityAmazon Photos exposes customers to riskI (re)discovered Scott Piper's work on Lesser Known Techniques for Attacking AWS Environments.PyPi python packages get caught sending stolen AWS keys to unsecured sites.TLS 1.2 to become the minimum TLS protocol level for all AWS API endpoints GuardDuty has new findings CloudFormation Guard had a new release.

Want to give your ears a break and read this as an article? You’re looking for this link:https://www.lastweekinaws.com/blog/the-chatops-issue-no-ones-chatting-aboutWant to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/eBKZ71OLjG8Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of July 4th, 2022 with Corey Quinn.

Links: Azure has another security issue around its Synapse offering; this one was discovered by Tenable.Sysdig has a dive into the real threats to SSH on EC2.Tailscale has announced the ability to support Tailscale SSH.Chris Farris has a treatise on the The Philosphy of Prevention when it comes to cloud security.Google Cloud CISO Phil Venables asks whether security analogies are counterproductive. A security issue of sorts was discovered around sts:GetSessionToken Role Chaining in AWSThe person responsible for the giant Capital One hack that took advantage of a series of small AWS misconfigurations has been convicted.Rogue GitHub apps could have hijacked countless repos for a week or two earlier this year.Wickr for Government achieves FedRAMP Ready designationIt takes an open source project like trackiam to collate IAM actions, AWS APIs, and managed policies from all over the placePasswordle lets you guess commonly used passwords.

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/9-ways-aws-cdk-headdeskWant to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/3Mf3_l6iEtA  Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of June 27, 2022 with Corey Quinn.