Ubiquiti Teaches AWS Security and Crisis Comms Via Counterexample
Ubiquiti filed a lawsuit against Brian Krebs for reporting he’d done previously around an alleged Ubiquiti security breach.
S3 Is Not a Backup
Corey suggests that S3’s native features aren’t a substitute for a thoughtful backup strategy.
Google Cloud Alters the Deal
Google increases cloud pricing
My Mental Model of AWS Regions
Usually when I talk about AWS regions and availability zones, it ties back to [data transfer pricing] or some other model of cloud economics. Today I want to take a different angle: it’s my belief that how I think about AWS regions and how AWS talks about them are somewhat far apart. The reason I’m doing this in blog form instead of as a Twitter stunt or whatnot is that I’m not particularly intending to be funny, and to be transparent, I’m not completely sure whether I’m right or not. Let’s dive in.
Handling Secrets with AWS
You want to find a way to maturely and sensibly store those secrets in ways that are centralized (so you don’t have to update every server / container / function whenever one changes), secure (so they remain secret), and accessible (in practice, there’s little difference between a service going down and you losing your credentials to talk to the service). There are a number of ways to do this with native AWS services.
Status Paging You
Status Paging You Last week The Register did an analysis piece on the AWS Status Page that heavily quoted me. This is a good thing; I’m a big fan of seeing my name in print, and that goes double for a publication that played no small part in my decision to enter the technology field […]
The Trials and Travails of AWS SSO
The Trials and Travails of AWS SSO Our newest Principal Cloud Economist Alex Rasmussen hails from a data engineering background. This is a capability that we and our consulting clients have increasingly needed, but his experience means that he’s been focused on different specific areas of the AWS universe than we have. As a result, […]
Are AWS account IDs sensitive information?
One of the often-debated questions in AWS is whether AWS account IDs are sensitive information or not and the question has been oddly-difficult to answer definitively. AWS is extremely clear that you should not share passwords to your account with others. They’ve also been clear that things like EC2 instance IDs, S3 bucket names, and […]
GuardDuty for EKS and Why Security Should Be Free
On January 28th, 2022, AWS sent out an email announcement informing customers that GuardDuty now supported EKS findings. By all accounts, that’s great! I’m a big fan of GuardDuty and its continued expansion to other services is awesome. However, there were some issues with this announcement. First, it was sent after business hours on a […]
Going Out to Play with the CDK
Tomorrow Amazon reports its quarterly earnings. I’ve talked in some depth about AWS’s compensation model being heavily stock driven, and the market being the market that means a number of excellent AWS friends who have been absolutely killing it find their fortunes rising and falling based entirely upon how well Amazon’s Underpants Store division performs. […]
ClickOps
The fourth stage managing cloud infrastructure is “clicking around in the web console, then lying about it.” I call it “ClickOps.”
Orca Security, AWS, and the Killer Whale of a Problem
Last week Orca Security published two critical vulnerabilities in AWS. This led to a bit of a hair-on-fire day, since AWS didn’t get around to saying anything formally about it until later that afternoon. The particularly eye-popping phrase that stood out from one of the announcements was: “Our research team believes, given the data found […]