Posts

Disclaimer: I’m not a REGEX expert :smile: Lately, I was working for one of my customers on a custom configuration of AWS Config recorder. My customer wanted to record all resources using AWS Config, except for a few of them: 'AWS::EC2::Subnet' 'AWS::EC2::VPC' 'AWS::EC2::SecurityGroup' Unfortunately, the AWS API and Console do not allow you to do this; you have to manually cherry-pick which resource you want to record. The trade-off of this method is that if a new AWS Config resource type is released, it won’t be recorded until you manually select it in your AWS Config recorder settings. ...

TL;DR: AWS Managed Policies are safe. Currently. :arrows_counterclockwise: Previously in Policy Validation Before the AWS Access Analyzer (AA) Policy Validation release, a few open source initiatives were available to lint AWS IAM Policies, like Parliament from Duolabs and CloudSplaining (Salesforce). The tricky part of these tools is that they are community-driven, from volunteer contributors, and most of the master data comes from AWS IAM docs web scraping. It is difficult to maintain over time, especially if the documentation format is changing, or if the documentation is not in sync with the IAM reality. It will be easier for everyone if the one who is providing the rules is the one who creates the validation tool to run against these rules. Isn’t it? ...

Since my last post on how to deal with information overload and reading pipeline, I’ve created a free digest newsletter about AWS Security. The goal of this curated AWS Security Digest is to condense what happened last week, from the most relevant sources: 🔦 A highlight of the week 👮 Changes since last week on AWS Managed IAM Policies 💌 Curated cloud security newsletters 👀 AWS API changes 🔒 IAM permissions changes 🆙 Most upvoted posts on r/AWS 🔗 Top shared links on Twitter (by cloudsec folks) 🐦 Most engaged tweets from the community This is an ongoing side project, so more content will be added over time. ...

Disclaimer This post contains affiliate links. Introduction As you know, in Information Technology, things are evolving fast. Too fast to stay up to date without losing your mind to information overload/fatigue. To remediate that, I will give you my daily/weekly routine and tips to stay focused on your tasks/objectives without missing anything interesting, and to assimilate it at your own pace. Daily Routine Sign In In the morning, I’m reading my Brew. Mailbrew gives you the ability to craft your own newsletter based on your most interesting content, like tweets with the most engagement from your favorite Twitter accounts, Newsletters, most upvoted Sub-reddit posts, daily calendar schedule, most interesting Hacker News posts and so on. Crafted just by you and for you. ...

TL;DR HighCharts -> APIGW -> DynamoDB + Lambda function 🎉 cockpit.zoph.io Introduction Lately, I was working on a new version, API based, for my Twitter Cockpit. In the previous version, Highcharts was loading data from some flat csv files. The goal of this cockpit is to retrieve and store unlimited history for specific Twitter accounts based on a Twitter list. It means that you can control from Twitter which accounts you want to graph for follower/following history. When you are using Twitter Analytics, the history only compares followers (not following) to the previous 28-day period, and the graph is in fact a non-clickable thumbnail image, a very poor experience for free users. ...