SRE Weekly Issue #353 • Amazon EMR - 1 new methods • AWS Secrets Manager - 2 updated methods • Amazon ElastiCache - 15 updated methods • AWS Network Firewall - 3 updated methods • iotroborunner: 1 removed resource, 1 removed condition • autoscaling: 1 removed condition • connect: 1 new action • Blog | Cloud Cred Harvesting Campaign - Grinch Edition • Security vendor: "You should absolutely be defining your infrastructure in code; it's a security best practice." Also security vendor: "So to configure our product, just log in to our UI and follow these 85 point-and-click steps." • New year, new <a href="https://twitter.com/hashtag/AWS" target="_blank">#AWS</a> project! ⌨️☁️ I loved the KMS external key stores announcement so I made a mock external key manager using APIGW, Lambda and DDB to learn how it works and mess with keying material. You can deploy this yourself by installing from <a href="https://t.co/OmaCZ8wkjN" target="_blank">github.com/iann0036/toyxks</a> • I used to think this too. It's uncouth to talk about money, but having a software engineering degree opens up life-changing opportunities for Australians willing to work in the USA. It can literally make you more than ONE MILLION DOLLARS better off in four years. • You have got to be shitting me. Are these abbreviations both really used in the infosec industry? • Last week, I reported a public bucket at a French bank, filled with about 16GB of data, with nothing noteworthy except static assets. They gave me a credit of $10 for the report. Security for living, I guess :) • 7 years in a row (after fixing it for just two years) ... Google continues to be an absolute mess of "organizing the world's information" with lyrics. This year they credit Rod Stewart for Auld Lang Syne. Previous years include Kenny G and Billy Joel. • if you're in the seattle area, my friend colleen (wedding florist! flower farmer! event planner!) is doing a monthly bouquet club this year from april to october 💐 do every month, pick a few of the months. get pretty, locally-grown flowers. <a href="https://t.co/E6G7mEcFde" target="_blank">diademflowers.com/flower-shop/p/…</a> • It’s been an amazing year for Datadog Security Labs! We’ve released a number of open source tools, shared the results of our research projects. Be sure to subscribe to our RSS feed, we have more cloud vulnerabilities to be released soon :) <a href="https://t.co/QyaaO5BRuq" target="_blank">securitylabs.datadoghq.com/articles/secur…</a> • I'm stoked to be speaking at <a href="https://twitter.com/wiz_io" target="_blank">@wiz_io</a>'s CloudSec 360! Hope to see you there 👇 • Today just isn't the same without a Chaos Communication Congress. So many great talks and such a perfect week for soaking in the mind-blowing breaks and exploits. Hoping for its return! <a href="https://t.co/ibP2NYbKDM" target="_blank">twitter.com/i/web/status/1…</a> • AWS CIRT announces the release of five publicly available workshops • Whats the point of IPv6 native subsets if they don't support auto-scaling target groups? • Is fargate the right choice for my apps? • Redirecting to either S3 or API Gateway depending on the endpoint (more details in comment) • 2022 Review: Cloud Tech Chaos - Forbes • AWS, Microsoft, Google Doubled Down on Cloud Security in 2022 - SDxCentral • AWS IP Ranges update for 2022-12-16 08:13:06 • AWS IP Ranges update for 2022-12-16 14:03:09