AWS Morning Brief

Links:Travis CI continues to be a security nightmare.Implementing IAM Permission Boundaries with AWS SSO using TerraformA user reported a vulnerability to a company through Bugcrowd. The writeup is really worth reviewing.The RSA conference was apparently a super spreader event.Because nobody beats the Wiz, they've got a post up on the secret agents installed by cloud service providers.Partitioning and Isolating Multi-Tenant SaaS Data with Amazon S3Service Notice – Upcoming changes required for AWS Config | AWS Cloud Operations & Migrations BlogHere's a list of best practices for writing Docker images that don't make you regret running them in production environments.

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/should-you-take-a-job-at-aws/Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/BCiUulzr9f8Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of June 20, 2022 with Corey Quinn.

Links:Azure’s continuing security woesThe Meeting Owl videoconference device apparently had significant security problems Brandon Sherman writes about how Temporal structures its access control strategy with regard to AWS This week's S3 Bucket Negligence Award goes to Mobike.  Cloud Functions or Cloud Run launched from any GCP organization can bypass Google Kubernetes Engine (GKE) Authorized Networks restrictionsProof of someone migrating to SSO and disabling IAM users entirely. AWS blog post about IAM policy types: How and when to use themTailscale

Want to give your ears a break and read this as an article? You’re looking for this link:https://www.lastweekinaws.com/blog/reinvent-keynote-incident/Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/NGvLMsf4Wg8Never miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcasts

AWS Morning Brief for the week of June 13, 2022 with Corey Quinn.

Links:Nick Jones' review of the AWS Security Model I linked to previously.Microsoft Azure has seen 6 'nightmare' cloud security flaws over the past year. Unsecured Elasticsearch Data Replaced with Ransom NoteAWS Systems Manager announces support for port forwarding to remote hosts using Session Manager When and where to use IAM permissions boundaries Security vulnerability in AWS's Managed Workflows for Apache Airflow

Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/the-strange-too-familiar-tale-of-uncle-suitcase/Want to watch the full dramatic reenactment of this podcast? Watch the YouTube Video here: https://youtu.be/x70EypnAH1YNever miss an episodeJoin the Last Week in AWS newsletterSubscribe wherever you get your podcastsHelp the showLeave a reviewShare your feedbackSubscribe wherever you get your podcastsWhat's Corey up to?Follow Corey on Twitter (@quinnypig)See our recent work at the Duckbill GroupApply to work with Corey and the Duckbill Group to help lower your AWS bill

AWS Morning Brief for the week of June 6, 2022, with Corey Quinn.

Links:Poisoned Python and PHP packages purloin passwords for AWS accessNo, your cloud environment doesn't need a sandboxSpring 2022 SOC reports are now available with 150 services in scopeCanary Tokens