Lex NevaOct 31
31
Monday October, 2022
Sponsor
ProwlerPro - the most comprehensive, free tool for AWS security - is so good it’s scary.
ProwlerPro is trusted by orgs of all sizes, and used everyday so teams can be confident in their AWS security framework. Join our Slack community now to get your questions answered, and talk directly to our engineers and happy users.
Use ProwlerPro free today to get dashboards with actionable, direct insights for every level of detail of your security posture.
In a nutshell
This week, I was lucky enough to be invited to one of the most popular AWS podcasts: Screaming in the Cloud.
With Corey, we were able to talk about:
- Independent AWS Consulting in the EU
- Army of indie AWS Twitter bots
- Small bets with my SaaS product unusd.cloud
📢 MAMIP (Monitor AWS Managed IAM Policies)
Policies changed since last week:
- AWSBatchFullAccess
- AWSElasticDisasterRecoveryRecoveryInstancePolicy
- AWSFaultInjectionSimulatorEC2Access
- AWSFaultInjectionSimulatorECSAccess
- AWSFaultInjectionSimulatorEKSAccess
- AWSFaultInjectionSimulatorNetworkAccess
- AWSResourceExplorerServiceRolePolicy
- AccessAnalyzerServiceRolePolicy
[...]
SRE Weekly Issue #345
[tl;dr sec] #156 - Hipster History of CORS, Serverless Security Event Data Pipelines
Clint at tl;dr secOct 27
AWS App Runner - 6 updated methods
Oct 28
AWS App Runner adds .NET 6, Go 1, PHP 8.1 and Ruby 3.1 runtimes.
Amazon AppStream - 12 updated methods
Oct 28
This release includes CertificateBasedAuthProperties in CreateDirectoryConfig and UpdateDirectoryConfig.
AWS CloudFormation - 5 updated methods
Oct 28
This release adds more fields to improves visibility of AWS CloudFormation StackSets information in following APIs: ListStackInstances, DescribeStackInstance, ListStackSetOperationResults, ListStackSetOperations, DescribeStackSetOperation.
AWS MediaTailor - 2 updated methods
Oct 28
This release introduces support for SCTE-35 segmentation descriptor messages which can be sent within time signal messages.
Sponsor
AWS Security Digest Newsletter is preparing next year's sponsorship.
If you are interested in sponsoring this newsletter and touching an audience of 1200+ AWS Security Aficionados for your product, webinars, events, or job posting, contact me to reserve your slots for 2023.
IAM Access Analyzer support for new resource types
Oct 25
IAM Access Analyzer added support for the following resource types:
kafka: 1 new action | 3 updated actions
Oct 29
1 new action: UpdateStorage (Grants permission to update the EBS storage (size or provisioned throughput) associated with MSK brokers or set cluster storage mode to TIERED); 3 updated actions: ListTagsForResource (resources), TagResource (resources), UntagResource (resources)
rum: 7 new actions | 2 updated actions
Oct 28
7 new actions: BatchCreateRumMetricDefinitions (Grants permission to create rum metric definitions), BatchDeleteRumMetricDefinitions (Grants permission to remove rum metric definitions), BatchGetRumMetricDefinitions (Grants permission to get rum metric definitions), DeleteRumMetricsDestination (Grants permission to delete rum metrics destinations), ListRumMetricsDestinations (Grants permission to list rum metrics destinations), PutRumMetricsDestination (Grants permission to put rum metrics …
/cdn.vox-cdn.com/uploads/chorus_asset/file/23951435/acastro_STK050_09.jpg)
Twitter is planning to start charging $20 per month for verification
“The whole verification process is being revamped right now,” Musk tweeted.
Update detected · z0ph/MAMIP@137db6b
[MAMIP] Monitor AWS Managed IAM Policies Changes . Contribute to z0ph/MAMIP development by creating an account on GitHub.
Scott Piper 😍 Looks like Access Analyzer is going to work with EBS snapshots, RDS and RDS cluster snapshots, EFS, and ECR. Doesn't look like AMI support yet thou…
MAMIP - Monitor AWS Managed IAM Policies AccessAnalyzerServiceRolePolicy AWSRefactoringToolkitFullAccess AWSRefactoringToolkitSidecarPolicy... github.com/z0ph/MAMIP/com…
Colm MacCárthaigh @colmmacc
I think of this slightly differently. In general as an industry I think we cut too many automation corners because operator superheroes can step in. This can get a small number of things to market more quickly but backfires and drives not just toil, but real inefficiency.
Jaana Dogan ヤナ ドガン @rakyll
Unpopular opinion: If you think the industry is overstaffed, you are not carrying the pager enough. The industry is disproportionately staffed.
103
10Oct 27 · 9:08 PM Colm MacCárthaigh @colmmacc
Had to give up my black and white streak for our honeymoon in Hawaii.
740Oct 29 · 4:21 AM
Clint Gibler @clintgibler
🗒️ API Security Checklist
A checklist of important security countermeasures when designing, testing, and releasing an API
Topics: authentication, JWT, OAuth, access, input, processing, output, CI/CD
github.com/shieldfy/API-S…
4314Oct 28 · 7:00 PM
Brigid Johnson @bjohnso5y
Everyone loves a good freebie! Now IAM Access Analyzer supports 6⃣ additional resource types for public and cross account findings.🧵(1/10) go.aws/3N89MNQ
466Oct 28 · 8:08 PM
Abby Fuller @abbyfuller
i would do whatever the opposite of paying $20/month to be here is.
nilay patel @reckless
Scoop from @alexeheath: it’ll be $20/mo to be verified, and if the team doesn’t ship in a week, they’re fired theverge.com/2022/10/30/234…
430Oct 31 · 4:27 AM Scott Piper @0xdabbad00
Github is quite the acquisition success story. As an unpaying user my experience has continued to improve, and as a business it's gone from $300M ARR to $1B since the 2018 acquisition.
David Okeyode #EndSARS @asegunlolu
GitHub leveraging Microsoft’s scale onboard major enterprises. Now surpassed $1billion ARR! - tcrn.ch/3zeRpAW #cloudnative #cloudadoption
366Oct 27 · 4:10 PM Clint Gibler @clintgibler
Great overview of the dangers of password reuse due to data breaches by @RachelTobac, @evantobac
* Find email addresses via OSINT
* Password breach databases ➡️ plaintext passwords, hashes, and hints
* Customized wordlist + ruleset ➡️ hashcat
Be safe: Password manager, MFA
357Oct 24 · 9:20 PM
Chris Farris @jcfarris
Twitter is just a Pub/Sub architecture. I bet I could do with with just SNS!
haroon meer @haroonmeer
You know.. all those commenters on HN who can build twitter in a weekend might be about to have their moment..
Some have greatness thrust upon them…
291Oct 27 · 6:07 PM
Kinnaird McQuade 💻☁️💥 @kmcquade3
What advice would you give to a first time engineering manager?
243Oct 28 · 6:18 PM
The reachability analyser was such a time saver
I'm pretty much a newbie when it comes to networking and was tasked by my employer to clean up our application's horrendous network architecture (I'm probably very underqualified to pick up this task but our dev team is very small), it's right now all hosted in the default VPC on …
Bought AWS re:invent ticket but can't go. Willing to pass it on for a cheaper price
Hi everyone,
I bought my re:invent ticket a week ago but due to a personal situation, I'm unable to go. I've contacted AWS for a refund however according to their policy, I'm one day late. I only qualify for a 50% refund.
I've also signed up for a bunch of …
- 🖊️ This digest was forwarded to you? Subscribe here
- 📢 Promote your content with sponsorship
- 💌 Want to suggest new content: contact me or reply to this email
