AWS

Disclaimer: I’m not a REGEX expert :smile: Lately, I was working for one of my customers on a custom configuration of AWS Config recorder. My customer wanted to record using AWS Config All resources except a few of them: 'AWS::EC2::Subnet' 'AWS::EC2::VPC' 'AWS::EC2::SecurityGroup' Unfortunately, the AWS API and Console do not allow you to do this, you should cherry-pick manually which resource you want to record. The trade-off of this method is that if a new AWS Config resource type came out, it won’t be recorded until you manually select it in your AWS Config recorder setting. ...

TL;DR: AWS Managed Policies are safe. Currently. :arrows_counterclockwise: Previously in Policy Validation Before AWS Access Analyzer (AA) - Policy Validation release, few open source initiatives were available to lint AWS IAM Policies, like Parliament from Duolabs, CloudSplaining (Salesforce). The tricky part of these tools is that they are community-driven, from volunteer contributors, and most of the master data comes from AWS IAM docs web scrapping. It is difficult to maintain over time, especially if the documentation format is changing, or if the documentation is not in sync with the IAM reality. It will be easier for everyone if the one who is providing the rules is the one who creates the validation tool to run against these rules — Isn’t it? ...

Since my last post, on how to deal with information Overload and reading pipeline, I’ve created a free digest newsletter about AWS Security. The goal of this curated AWS Security Digest is to condensate what was happening from last week on the most relevant sources: 🔦 A Highlight of the week 👮 Change since last week on AWS Managed IAM Policies 💌 Curated Cloud Security Newsletters 👀 AWS API changes 🔒 IAM Permissions changes 🆙 Most upvoted posts on r/AWS 🔗 Top shared links on Twitter (by cloudsec folks) 🐦 Most engaged Tweets from the community This is an ongoing side project, so more content will be added over time. ...

Disclaimer This post contains affiliate links. Introduction As you know, in Information Technologies, things are evolving fast. Too fast to stay up-to-date without losing your mind by information overload/fatigue. To remediate that, I will give you my daily/weekly routine and tips to stay focus on your tasks/objectives, without missing something interesting, and assimilate it at your own pace. Daily Routine Sign In In the morning, I’m reading my Brew — Mailbrew gives you the ability to craft your own newsletter based on your most interesting content, like tweets with the most engagement from your favorite Twitter accounts, Newsletters, most upvoted Sub-reddit posts, daily calendar schedule, most interesting Hacker News posts and so on. Crafted just by you and for you. ...

This post was updated in July 2020. It was originally my first post on this blog in December 2016. 👴 I’m often asked by many colleagues, friends, or Twitter followers where to start with Amazon Web Services (AWS). In this post, I will try to explain where you should start in 2020. I’ll try to write this post as I wish I had in 2016 when I came into this technology. ...