Automation

The 46-Minute Problem The IAMTrail detection engine fetches ~1,500 AWS managed IAM policies every run. The original approach was pure bash: 1 2 3 4 aws iam list-policies --output json | jq -cr '...' | xargs -P 16 -n3 sh -c \ 'aws iam get-policy-version --policy-arn $1 --version-id $2 | jq --indent 4 . > "policies/$3"' sh Looks fine, right? Except each iteration spawns a full AWS CLI process. That means a fresh Python runtime, boto3 import, credential resolution, one single HTTP call, then exit. Times 1,500. ...

📜 The Origins Back in 2019, Scott Piper started a GitHub repository to track changes to AWS Managed Policies. It was a simple setup, manually triggered but it worked well and was incredibly useful. Using git diff or the Github.com UI, Scott and the community could easily see how policies evolved over time. At that time, AWS didn’t publicly share the changes made to managed policies by the various “two-pizza” product teams inside AWS. ...

This post was co-authored by Teddy Ferdinand. Who is working as Cloud Security Architect 🐻 Introduction In this series, we will talk about the emergence of the DevSecOps movement, and more especially, what the benefits are of introducing a DevSecOps approach to your existing CI/CD Pipelines. CI/CD Pipeline To give you some context, you will find in the diagram below a standard DevOps CI/CD Pipeline. DevSecWhat? DevSecOps could be defined as a shift from a central internal security team to the inclusion of security practices in the existing DevOps teams: DevSecOps 🎉 ...

TL;DR: I search “@awscloud” in their Twitter Bio and add their profiles to a public Twitter list. One opportunity to get fresh news from the AWS ecosystem is to follow relevant current or former Amazon (Web Services) employees called Amazonians on Twitter, but it can be difficult to stalk their profiles across the myriad of user profiles talking about #AWS subjects… Lately, I was working on a quick Python Proof of Concept (another excuse to ramp up my Python 🐍 skills) to query the Twitter API to find profiles with a specific Twitter description/bio, and I asked myself if I could use this to find more and more AWS employees :roll_eyes: ...

Info: This is our first post in a series of co-authored articles with @kharec. Serverless SFTP with AWS Transfer for SFTP Sometimes in the web world, we need to quickly deploy a space to share data with programs or with other humans. One of the numerous solutions is an SFTP space out there. But you know: create the server, configure the service, partition the users, the permissions, the folders, etc. It gets heavy faster than a speeding bullet! ...