Sponsor
Automate compliance with Drata—G2’s highest-rated cloud compliance software.
As an AWS partner, Drata provides continuous control monitoring and evidence collection across your company’s AWS footprint for 14+ frameworks including SOC 2, ISO 27001, and even custom frameworks.
Drata will discover and import your AWS virtual assets to simplify the collection and categorization process, and eliminate manual processes. With an enhanced vulnerability scanning connection for AWS Inspector and a risk management tool, you'll know where you stand at all times. Request a demo today!
📢 MAMIP (Monitor AWS Managed IAM Policies)
Policies changed since last week:
- AWSIncidentManagerServiceRolePolicy
- AWSPrivateMarketplaceAdminFullAccess
- AmazonSageMakerCanvasFullAccess
- AmazonSageMakerFeatureStoreAccess
- AutoScalingServiceRolePolicy







No better day than today to watch @abbyfuller's great talk about how Amazon responded to log4shell. Super interesting breakdowns of the timelines and processes involved.
youtube.com/watch?v=pkPkm7…



🤖 ChatGPT Chrome Extension
A Chrome extension to show ChatGPT response in Google search results
github.com/wong2/chat-gpt…




☠️ New GitHub Actions Attack: Artifact Poisoning
If you're using a "download-artifact" custom action, you might be vulnerable
Why?
The download artifacts API (& wrapping actions) doesn’t differentiate between artifacts uploaded by forked vs base repos
legitsecurity.com/blog/artifact-…




Hats off to researchers at @Unit42_Intel for sharing a detailed write-up of two real-world cloud attacks they witnessed in AWS and GCP.
unit42.paloaltonetworks.com/compromised-cl…
I encourage other companies to follow their lead!



I love a good AWS IAM visualisation, this time it's IAM concepts by @JulianWieg
storage.googleapis.com/multicloudiam/…
There's a lot going on there 😬




I signed up for Github Sponsors a while ago. Imagine my surprise when the API GW->EventBridge webhook receiver I set up for it logged something for the first time today.
Apparently it's a 'thank you' for contributing to the ecosystem of open source AWS tools. Nice Xmas present!




Of the 700+ re:Invent talks that have been posted so far, I chose my top 5 favorites. wiz.io/blog/top-secur…



I’m extremely impressed with this. I write a thread with complaints about an obscure, minor bug in an AWS service and the issue is acknowledged ~immediately and a fix rolled out in a month — with re:invent in the middle of it all! 🤯
twitter.com/amitguptaataws…


@__steele We have deployed a fix in App Runner and this should be working now. Again thanks for testing and letting us know.



Funny I guess Pickles actually did make it to #reInvent2022.



My AWS account was hacked the other day, the user logged in, created a quick API key, used that to create a new admin user, then tried to do a bunch of nefarious stuff with that new admin user.
The question I have is how the attacker got in under …
For about a week now I have been trying to configure Spring with Cognito, I have asked a lot of questions just trying to understand what is going on and every guide there is online doesn't work. Everyone's configuration just looks completely different and I genuinely have no idea where …
I need to process a data stream of up to 10TB per day (approx. ~1000 messages of 100KB each, per second). SQS charges per API request (so send, receive, and delete separately), so this is approximately 8B requests per month, or 3200 USD.
Is there a cheaper way to process …
I think this might be an interesting topic to discuss...
What are some interesting things/architectures built using only free tier or very minor additional cost?
- 🖊️ This digest was forwarded to you? Subscribe here
- 📢 Promote your content with sponsorship
- 💌 Want to suggest new content: contact me or reply to this email