AWS Morning Brief

RSA Beckons to Sell You a Firewall

AWS Morning Brief for the week of April 24, 2023 with Corey Quinn. Links: If you're around tomorrow night (Tuesday) at 6PM, I'll be at The Ramp in SF; let me buy you a drink. Announcing Dev Environment dashboard for Amazon CodeCatalyst (Preview)  Amazon DynamoDB now supports up to 50 concurrent table restores Amazon EC2 supports Ubuntu Pro operating system in a subscription-included model Amazon EFS now supports up to 10 GiB/s of throughput  Increased visibility of your carb...

Screwing Up the Messaging and Also the RSA Dates

Last week in security news: Creating an AWS Backup Account, Azure had another cross-tenant access vulnerability, Security Hub Hurts My Self-Esteem, and more! Links: Corey hosted a partner panel at AWS Container Day at KubeCon  This post on using OIDC to secure your CI/CD pipelines mirrors what I did with GitHub actions a year or so ago. Teri Radichel has a piece on Creating an AWS Backup Account Slack is conducting an absolute masterclass in how to screw up messaging to your ta...

Barest Metal Instances

AWS Morning Brief for the week of April 17, 2023 with Corey Quinn. This week is RSA in San Francisco; I'll be haunting the expo hall at some point, so if you're in town say hi. Links: The Last Week in AWS Job Board continues to thrive; thanks for your ongoing support. Amazon Chime SDK updates Service Level Agreement Amazon CodeWhisperer is now generally available Amazon Connect now enables agents to handle voice calls, chats, and tasks concurrently Amazon EC2 Serial Console ...

"A Quiet Week" He Says, Tempting Fate

Last week in security news: Logging strategies for security incident response, A Department of Energy report shows some rather serious gaps in security monitoring, A dedicated repository of winners of the S3 Bucket Negligence Awards, and more! Links: Zoom took an outage and the message was clearly AWS generated. Root cause? Misconfigured SCP. A Department of Energy report shows some rather serious gaps in the security monitoring of their cloud environments. Logging strategies fo...

LocalStack: Why Local Development for Cloud Workloads Makes Sense

AWS Morning Brief Extras edition for the week of April 12, 2023. Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/localstack-why-local-development-for-cloud-workloads-makes-sense Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts Buy our merch  https://store.la...

Your Network Bill is Now Diamonds

AWS Morning Brief for the week of April 10, 2023 with Corey Quinn. Links: Console Toolbar is now generally available for AWS CloudShell Announcing CSV Export for AWS Resource Explorer Search Results Announcing Utilization Notifications for EC2 On-Demand Capacity Everything you need to know about AWS Billing Conductor’s new pricing model How to use Amazon CloudWatch to monitor Amazon DynamoDB table size and item count metrics Implement resource counters with Amazon DynamoDB ...

A Repository of AWS Customer Breaches

Last week in security news: Gain insights and knowledge at AWS re:Inforce 2023, InvalidClientTokenId, a repository of AWS customer breaches, and more! Links: If you're in New York City proper, I hope to see you tonight at 7PM at Vol de Nuit We're hiring an Account Exec to handle media sales for this very podcast. Should you be the person who refers the successful candidate, we'll give you a $3K USD referral fee. Nick Frichette has found an undocumented Amplify API and used it to...

Friendship Started with Microservices

AWS Morning Brief for the week of April 3, 2023 with Corey Quinn.  Links: Amazon Kendra launches Featured Results  AWS Chatbot now supports search of AWS resources and AWS content  AWS Copilot adds support for full customization with AWS CDK or YAML overrides  AWS re:Post now includes AWS Knowledge Center articles New Cost Explorer users now get Cost Anomaly Detection by default Introducing Data on EKS – Modernize Data Workloads on Amazon EKS Friend microservices using Amazo...

GitHub's Bad Key Week

Last week in security news: Github accidentally published its RSA host keys for SSH, Automate IAM credential reports for large AWS Organizations, The Tool of the Week, and more! Links: Sad news; infosec luminary Kelly ‘Aloria’ Lum has regrettably passed away. Automate IAM credential reports for large AWS Organizations Github accidentally published its RSA host keys for SSH. How to use Amazon Macie to reduce the cost of discovering sensitive data Use backups to recover from sec...

S3 as an Eternal Service

AWS Morning Brief Extras edition for the week of March 29, 2023. Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/s3-as-an-eternal-service Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts Buy our merch  https://store.lastweekinaws.com What's Corey up to? Foll...

Amazon Snizz Bug Gets Fixed

AWS Morning Brief for the week of March 27, 2023 with Corey Quinn.  Links: Allow Listing tool for testing new Billing, Cost Management and Account console permissions  Amazon CloudWatch Logs adds support for new Amazon VPC Flow Logs metadata  Amazon EC2 C6in, M6in, M6idn, R6in, and R6idn metal instances are now available Amazon SNS (pronounced "Snizz") announces support for setting content-type request headers for HTTP/S notifications AWS CodeBuild now supports a small GPU mac...

Y'allbikey Configuration Guide

Last week in security news: The Many Ways to Access DynamoDB, a Yubikey configuration cheatsheet, and more! Links: The Many Ways to Access DynamoDB  Scott Piper’s post on redacting AWS account IDs from public posts How to use Google Workspace as an external identity provider for AWS IAM Identity Center  Yubikey configuration cheatsheet

Mining Your Data/Currency/Minerals

AWS Morning Brief for the week of March 20, 2023 with Corey Quinn.  Links: jobs.lastweekinaws.com Amazon EC2 M1 Mac instances now support in-place operating system updates Announcing Amazon Linux 2023  AWS Chatbot now available in Microsoft Teams  Announcing cross-account support for Amazon S3 Multi-Region Access Points  Talk about cloud with a non-cloud audience  New – Use Amazon S3 Object Lambda with Amazon CloudFront to Tailor Content for End Users Implementing an event-...

The Government Gets It

Last week in security news: U.S. Officials are frustrated with cloud providers, Best Practices For Securing Your Home Network, The Tool of the Week, and more! Links: U.S. officials express significant frustration that cloud providers often up-charge customers to add security protections Lightspin has a guide to SecDataOps and Vulnerability Management on AWS Best Practices For Securing Your Home Network. IAM Identity Center for AWS environments spanning AWS GovCloud (US) and sta...

AWS's Anti-Competitive Move Hidden in Plain Sight

AWS Morning Brief Extras edition for the week of March 15, 2023. Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/awss-anti-competitive-move-hidden-in-plain-sight/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts Buy our merch  https://store.lastweekinaws.com...

Bored? See the AWS Job Board

AWS Morning Brief for the week of March 13, 2023 with Corey Quinn.  Links: jobs.lastweekinaws.com Amazon EC2 announces the ability to create Amazon Machine Images (AMIs) that can boot on UEFI and Legacy BIOS  AWS Application Composer is now generally available AWS CloudShell now supports the modular variant of AWS Tools for PowerShell  AWS Config now supports 18 new resource types  AWS Lambda now supports up to 10 GB of ephemeral storage for Lambda functions in 6 additional r...

LastPass, LastHope, LostPass, LostHope

Last week in security news: Audit Log Wall of Shame, More info on the LastPass breach, the Tool of the Week, and more! Links: Audit Log Wall of Shame Saudi social media app Fayvo apparently had an unsecured database More information has come to light about the LastPass breach Three ways to boost your email security and brand reputation with AWS Tool of the week: Trailscraper is an open source project to get useful information out of CloudTrail logs.

Happy Fun Podcast That Tells It Like It Is

AWS Morning Brief for the week of March 6, 2023 with Corey Quinn. Links: Amazon Aurora Serverless v1 now supports customer configurable maintenance windows Amazon CloudWatch Internet Monitor is now generally available AWS Lambda Powertools for .NET is now generally available Amazon Neptune Serverless now scales down to 1 NCU to save costs  AWS Control Tower announces a progress tracker for landing zone setup and upgrades In the Works – AWS Region in Malaysia  New – Amazon L...

Corey Invades Seattle

Last week in security news: US Military emails leaked on an exposed server, How to monitor and query IAM resources at scale, the Tool of the Week, and more! Links: If you're in Seattle, come to Outer Planet Brewing this Sunday at 7PM and let Corey buy you a drink. Aiden Steele writes at length about using a recent enhancement to Systems Manager to pass out a role to all of your EC2 instances. US Military emails leaked on an exposed server Amazon Detective launches an interactiv...

AWS is Asleep at the Lambda Wheel

AWS Morning Brief Extras edition for the week of March 1, 2023. Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/aws-is-asleep-at-the-lambda-wheel Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts Buy our merch  https://store.lastweekinaws.com What's Corey up...

Listening to This Podcast Will Improve Your Hiring Diversity

AWS Morning Brief for the week of February 27, 2023 with Corey Quinn. Links: Amazon OpenSearch Service now lets you schedule service software updates during off-peak hours  AWS App Runner now supports HTTP to HTTPS redirect Announcing the ability to enable AWS Systems Manager by default across all EC2 instances in an account  New: AWS Telco Network Builder – Deploy and Manage Telco Networks Developing portable AWS Lambda functions Using Porting Advisor for Graviton  Query d...

A Little Security for Everyone

Last week in security news: More security woes for Azure, the AWS Survival Kit, CloudGPT, and more! Links: A security researcher reported a potential account compromise vector to Azure back in 2021.  I once again want to draw your attention to the open source AWS Survival Kit.  How to visualize IAM Access Analyzer policy validation findings with QuickSight  Updated ebook: Protecting your AWS environment from ransomware ChatGPT is all the rage, and of course here's CloudGPT to ...

Amazon's Snowball Edge Frustrates This User

AWS Morning Brief Extras edition for the week of February 22, 2023. Want to give your ears a break and read this as an article? You’re looking for this link.https://www.lastweekinaws.com/blog/amazons-snowball-edge-frustrates-this-user Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts Buy our merch  https://store.lastweekinaws.com What...

Technical Debt Cash-Out Refinance

Attacked S3s and Guilty Pleas

Last week in security news: Ubiquiti inside attacker pleads guilty, Wiz 2023 State of the Cloud report, the tool of the week, and more! Links: That inside attacker who worked at jackass company Ubiquiti pleads guilty Datadog's security folk discovered an AWS Console rate limit bypass Wiz 2023 State of the Cloud report The anatomy of ransomware event targeting data residing in Amazon S3  Tool of the week: aws-firewall-factory 

The Dumbest Dollars a Cloud Provider Can Make (Replay)

AWS Morning Brief Extras edition for the week of February 15, 2023. Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/the-dumbest-dollars-a-cloud-provider-can-make/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts Buy our merch  https://store.lastweekinaws.com...

Santa's EKS Workshop Massacre

AWS Morning Brief for the week of February 13, 2023 with Corey Quinn. Links: Amazon Chime SDK now offers a Windows client library Amazon CloudWatch now supports high resolution metric extraction from structured logs AWS SAM CLI introduces ‘sam list’ command to inspect AWS SAM resources  Get cost estimates faster with AWS Pricing Calculator bulk import  New – Visualize Your VPC Resources from Amazon VPC Creation Experience  Introducing the AWS ProServe Hadoop Migration Delive...

Wait did you say "Drone Manufacturer?!"

Links: In this down market, it's good to know that jobs paying six (and rarely, seven!) figure salaries, giving bonuses, and of course including paid time off are still out there. Unfortunately they're working for cybercrime groups. Ian McKay is great--but given his history of creating awesome-yet-horrifying things in AWS I read this piece on Cedar (AWS's new policy language)  Popular drone manufacturer CrowdStrike reports on how Adversaries Can Persist with AWS User Federation, ...

The AWS Community Isn't for Amazonians

Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/the-aws-community-isnt-for-amazonians Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts Buy our merch  https://store.lastweekinaws.com What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent wo...

Telling Customers What They Want To Hear

Links: Amazon announced its fourth quarter and FY 2022 results last week; Tim Bray has an analysis that's absolutely worth reading.  Amazon CloudWatch now simplifies metric extraction from structured logs Amazon MemoryDB for Redis Announces 99.99% Availability Service Level Agreement AWS CloudTrail Lake now supports ingestion of activity events from non-AWS sources AWS announces access of Simple Monthly Calculator estimates in the AWS Pricing Calculator  Amazon increases NAT G...

Azure Improves Slowly

Links: Azure messed up a regular expression GitHub's blog has a piece on passwordless deployments to the cloud LastPass has now admitted that the attackers stole customers' backups and encryption key Deploy a dashboard for AWS WAF with minimal effort  Thinkst's free service now supports credit card tokens. precloud is a suite of dynamic tests for infrastructure as code. 

S3 Encryption at Rest Does NOT Solve for Bucket Negligence

Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/s3-encryption-at-rest-does-not-solve-for-bucket-negligence/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts Buy our merch  https://store.lastweekinaws.com What's Corey up to? Follow Corey on Twitter (@quinnyp...

Timecode Burn-In, Employee Burn-Out

This episode is sponsored in part by the Google for Startups Cloud Program Links: AWS Purity Test  Amazon Detective adds Amazon VPC Flow Logs visualizations for Amazon EKS workloads  AWS Elemental MediaLive adds timecode burn-in  AWS Pricing Calculator now supports optimized pricing estimation for EC2 Dedicated Hosts  Announcing Porting Advisor for Graviton  Now Open — AWS Asia Pacific (Melbourne) Region in Australia  Amazon OpenSearch Serverless is now generally available! ...

Aspirational Audit Logs

Links: Datadog reports that an undocumented API allowed CloudTrail bypass MailChimp was breached and had customer data exposed Folks can use GitHub Codespaces to host and deliver malware. How to revoke federated users’ active AWS sessions The worst backup software known to humankind

1000 Access Points of Light

Links: Amazon CloudFront now supports the request header order and header count headers Amazon ECS announces the new default console experience  Amazon EFS Supports 1,000 Access Points per File System AWS Nitro Enclaves announces support for multiple enclaves AWS Network Optimization Tips  Introducing multi-function packager, allowing more than one function per event trigger on Amazon CloudFront  Winning the Cat-and-Mouse Race: Staying One Step Ahead of Streaming Free-Riders ...

Wait Did You Say Root API Keys?

Links: Join Corey in Phoenix next Sunday at 1PM at Zuzu for a community meet-up. Rackspace continues to trickle the truth out; it's now admitting that attackers accessed customer data  Tom Forbes scanned--wait, holy hell, he scanned every package on PyPi and found 57 live AWS keys.  In one year we're going to come back and see how accurate the heads of AWS security are with their predictions for cybersecurity in 2023 Today's tip of the week is to go fire up your important AWS a...

Four Announcements of the Boring Apocalypse

Links: Join Corey in Phoenix next Sunday at 1PM at Zuzu for a community meet-up. AWS Config supports 22 new resource types  Changes to AWS Billing, Cost Management, and Account Consoles Permissions Run a popular benchmark on Amazon Redshift Serverless easily with AWS Data Exchange How to optimize costs for grant-based research projects with AWS

Computers Checking Compliance Boxes

This episode is sponsored in part by the Google for Startups Cloud Program Links: CircleCI came out with a security alert urging you to rotate any secrets stored in CircleCI. Another bite at the craptastic LastPass breach response, this article parses their weak-sauce PR statement  Over the holidays Slack had some private GitHub code repositories stolen. ACSESSED is another Azure vulnerability Amazon S3 Encrypts New Objects By Default  Updated whitepaper available: AWS Securi...

The Work of Sober Minds

Links: Amazon CloudFront now supports the removal of response headers  Amazon SageMaker is now available in AWS Middle East (UAE) Region Amazon Neptune announces graph-explorer, an open-source visual exploration tool for low-code users An elastic deployment of Stable Diffusion with Discord on AWS  Measure the Business Impact of Personalize Recommendations  How Heineken’s Connected Brewery Ecosystem fuels automation 

LastStrawPass

inks: AWS Lambda Security Threats and Mitigations LastPass now admits that hackers stole customers’ password vaults. Google WordPress Plug-in Bug  McGraw Hill earned this week’s S3 Bucket Negligence Award for exposing 100K students' grades Announcing the new security widget on AWS Console Home  Introducing the Security Design of the AWS Nitro System whitepaper  Please +1 my request to add support for an ~/.aws/config.d/ directory to the AWS cli. 

Holiday Replay: Why I Turned Down an AWS Job Offer

This episode originally aired on October 13, 2021 Check out a related YouTube Video here: https://youtu.be/BCiUulzr9f8 Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts Buy our merch  https://store.lastweekinaws.com What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with...

Soaking the US Navy

Links: Amazon Connect now allows contact center managers to join ongoing calls  Amazon OpenSearch Service now supports Amazon Graviton2 (M6g, C6g, R6g, and R6gd) instances in four additional regions AWS IQ launches public profiles for companies  AWS Organizations console adds support to centrally manage region opt-in settings on AWS accounts ROSA now provides an AWS Management Console experience for satisfying ROSA prerequisites  Amazon EMR Serverless cost estimator  AWS Mult...

A Bunch of Vulnerabilities is Called an Embarrassment

Links: Azure's VP of Security Engineering published a post describing their approach to cloud vulnerabilities Panther deployed Yubikeys internally and blogged about it. LastPass has (yet again) suffered a breach, and published a no-content advisory that TechCrunch took the time to parse through.  Apparently Wiz decided to poke around a bit into IBM "Cloud" and found a bunch of security issues.  Prepare for consolidated controls view and consolidated control findings in AWS Secu...

Holiday Replay: The Right and Wrong Way to Interview Engineers

This episode originally aired on July 17, 2020. Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/the_right_and_wrong_way_to_interview_engineers/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts Buy our merch  https://store.lastweekinaws.com What's Corey up t...

Screwing Up the Cloud Economics Math

Links: Introducing concurrent account provisioning operations for AWS Control Tower  AWS Cost Anomaly Detection now supports percentage-based thresholds AWS Trusted Advisor adds new fault tolerance checks Heads-Up: Amazon S3 Security Changes Are Coming in April of 2023  LaunchDarkly’s journey from ingesting 1 TB to 100 TB per day with Amazon Kinesis Data Streams  Visualizing the impact of AWS Lambda code updates  New: AWS CLI v2 Docker images available on Amazon ECR Public ...

Censoring Myself Out of Pure Self-Interest

Links: Infosys leaked FullAdminAccess AWS keys on PyPi for over a year. Rackspace has suffered a ransomware attack  AWS Security Hub now integrates with AWS Control Tower AWS Verified Access Preview — VPN-less Secure Network Access to Corporate Applications The Open Source Security Index 

A Multi-Cloud Rant (Holiday Replay)

This episode was originally released on August 20, 2021. Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/a_multicloud_rant/ Want to watch a rant about Multi-Cloud? Watch our Multi-Cloud is a Terrible Idea YouTube Video here: https://youtu.be/Mlr7vioQqwg Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedbac...

The Dryer Ate the SOC

Links: Amazon VPC IP Address Manager (IPAM) is now available in the AWS GovCloud (US) Regions AWS CloudShell is now System and Organization Controls (SOC) compliant Email delta cost usage report in a multi-account organization using AWS Lambda AWS re:Invent 2022 CEO Keynote through the Cloud Financial Management lens Build a robust text-based toxicity predictor

The Unfulfilled Promise of Serverless

Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/The-Unfulfilled-Promise-of-Serverless/ This episode was originally released on November 3, 2021. Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts Buy our merch  https://store.lastweekinaws.com What's Corey up...

re:Invent 2022 Retrospective: Releases & Opinions

Links: VPC Lattice -- network overlay. AWS Supply Chain AWS Application Composer EventBridge pipes Amazon Security Lake Amazon OpenSearch Serverless Amazon CodeCatalyst AWS Wickr is now available AWS Backup supports CloudFormation Stacks AWS stimface weaver – space sim weaver… screw it. AWS SpiderBro it is. AWS launched a whole bunch of new EC2 instance types and sizes