AWS Morning Brief

‌

Episodes

‌

AWS Morning Brief

The latest in AWS news, sprinkled with snark. Posts about AWS come out over sixty times a day. We filter through it all to find the hidden gems, the community contributions--the stuff worth hearing about! Then we summarize it with snark and share it with you--minus the nonsense.

Episodes

Handling Secrets with AWS

Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/handling-secrets-with-aws Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lowe...

Mar 09, 2022•9 min•Ep 355•Transcript available on Metacast

Unnamed Podcast That Informs and Snarks about AWS News

AWS Morning Brief for the week of March 7, 2022 with Corey Quinn.

Mar 07, 2022•7 min•Ep 354•Transcript available on Metacast

Corporate Solidarity

Links: Charlie Bell in the Wall Street Journal The Register’s Roundup Melijoe.com’s award AWS Announcement Granted Transcript Corey: This is the AWS Morning Brief: Security Edition . AWS is fond of saying security is job zero. That means it’s nobody in particular’s job, which means it falls to the rest of us. Just the news you need to know, none of the fluff. Corey: Couchbase Capella Database-as-a-Service is flexible, full-featured, and fully managed with built-in access via key-value, SQL, and ...

Mar 03, 2022•5 min•Ep 353•Transcript available on Metacast

Status Paging You

Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/status-paging-you Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lower your A...

Mar 02, 2022•12 min•Ep 352•Transcript available on Metacast

Your AWS S3 Bill is Backup

AWS Morning Brief for the week of February 28, 2022 with Corey Quinn.

Feb 28, 2022•6 min•Ep 351•Transcript available on Metacast

Security Developer Experience and Security

Links: “Developer Experience is Security”: https://redmonk.com/rstephens/2022/02/17/devex-is-security/ Cleansing their network of ransomware: https://www.espn.com/nfl/story/_/id/33283115/san-francisco-49ers-network-hit-gang-ransomware-attack-team-notifies-law-enforcement “Control access to Amazon Elastic Container Service resources by using ABAC policies”: https://aws.amazon.com/blogs/security/control-access-to-amazon-elastic-container-service-resources-by-using-abac-policies/ “Introducing s2n-q...

Feb 24, 2022•5 min•Ep 350•Transcript available on Metacast

The Trials and Travails of AWS SSO

Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/the-trials-and-travails-of-aws-sso/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to...

Feb 23, 2022•8 min•Ep 349•Transcript available on Metacast

AWS Bill Goes Brrrrrrrrrrrrrrr

AWS Morning Brief for the week of February 20, 2022 with Corey Quinn.

Feb 21, 2022•8 min•Ep 348•Transcript available on Metacast

Of CORS It Gets Better

Links Referenced: CanaryTokens: https://www.canarytokens.org/ Found a solid way to avoid that sneaky method: https://blog.thinkst.com/2022/02/a-safety-net-for-aws-canarytokens.html?m=1 The folks at Orca found a vulnerability around OCI’s handling of Server Side Request Forgery (SSRF) Metadata: https://orca.security/resources/blog/Oracle-server-side-request-forgery-ssrf-attack-metadata/ S3 Bucket Negligence Award: https://techcrunch.com/2022/02/08/ottawa-trucker-freedom-convoy-exposed-donation/ O...

Feb 17, 2022•6 min•Ep 347•Transcript available on Metacast

Are AWS Account IDs Sensitive Information?

Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/are-aws-account-ids-sensitive-information/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill G...

Feb 16, 2022•6 min•Ep 346•Transcript available on Metacast

A Billing Glimpse and a CloudFormation Hook

AWS Morning Brief for the week of February 14, 2021 with Corey Quinn.

Feb 14, 2022•8 min•Ep 345•Transcript available on Metacast

VPC Data Exfiltration Via CodeBuild

Links: CodeBuild to exfiltrate data from an AWS VPC: https://awsteele.com/blog/2022/02/03/aws-vpc-data-exfiltration-using-codebuild.html Thousands of Open Databases: https://InfoSecwriteups.com/how-i-discovered-thousands-of-open-databases-on-aws-764729aa7f32 “Why do Amazon S3 Data Breaches Keep Happening?”: https://markn.ca/2022/why-do-amazon-s3-data-breaches-keep-happening/ You’re going to be placed on a public list of shame: https://Twitter.com/0xdabbad00/status/1489305680490106880?s=12 How to...

Feb 10, 2022•7 min•Ep 344•Transcript available on Metacast

GuardDuty for EKS and Why Security Should Be Free

Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/guardduty-for-eks-and-why-security-should-be-free Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duc...

Feb 09, 2022•10 min•Ep 343•Transcript available on Metacast

AWS Comcast Service Appointment

AWS Morning Brief for the week of February 7, 2022 with Corey Quinn.

Feb 07, 2022•7 min•Ep 342•Transcript available on Metacast

Privacy Means Your Data Is Private to You and Also Google

Links: Three vulnerabilities: https://blog.wiz.io/black-hat-2021-aws-cross-account-vulnerabilities-how-isolated-is-your-cloud-environment/ Embarrassingly long time: https://Twitter.com/christophetd/status/1486610249045925890 “Companies Leave Vast Amounts of Sensitive Data Unprotected”: https://www.propublica.org/article/identity-theft-surged-during-the-pandemic-heres-where-a-lot-of-the-stolen-data-came-from?token=pIt-Qx8lrKMcPei_lM3rFDQpHXkkcxXQ Google Drive started mistakenly flagging files as ...

Feb 03, 2022•7 min•Ep 341•Transcript available on Metacast

Going Out to Play with the CDK

Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/going-out-to-play-with-the-cdk Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help...

Feb 02, 2022•11 min•Ep 340•Transcript available on Metacast

Amazon Basics MongoDB Offers Free Trial

AWS Morning Brief for the week of January 31, 2022 with Corey Quinn.

Jan 31, 2022•8 min•Ep 339•Transcript available on Metacast

An SSH Key Request

Links: GitHub organizations: https://alsmola.medium.com/securing-github-organizations-9c33c850638 CloudTrail would spew other accounts’ credentials your way: https://onecloudplease.com/blog/security-september-cataclysms-in-the-cloud-formations Spot on: https://research.nccgroup.com/2022/01/13/10-real-world-stories-of-how-weve-compromised-ci-cd-pipelines/ Some excellent points: https://www.darkreading.com/cloud/enterprises-are-sailing-into-a-perfect-storm-of-cloud-risk “Amazon EC2 customers can n...

Jan 27, 2022•5 min•Ep 338•Transcript available on Metacast

ClickOps

Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/clickops Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lower your AWS bill...

Jan 26, 2022•7 min•Ep 337•Transcript available on Metacast

AWS Boldly Responds With Silence

AWS Morning Brief for the week of January 24, 2022 with Corey Quinn.

Jan 24, 2022•10 min•Ep 336•Transcript available on Metacast

The Gruntled Developer

Links: S3 Bucket Negligence Award: http://saharareporters.com/2022/01/10/exclusive-hacker-breaks-nimc-server-steals-over-three-million-national-identity-numbers Anyone in a VPC, any VPC, anywhere: https://Twitter.com/santosh_ankr/status/1481387630973493251 A disgruntled developer corrupts their own NPM libs ‘colors’ and ‘faker’, breaking thousands of apps: https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/ “Top ten security best prac...

Jan 20, 2022•6 min•Ep 335•Transcript available on Metacast

Orca Security, AWS, and the Killer Whale of a Problem

Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/orca-security-aws-and-the-killer-whale-of-a-problem Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the D...

Jan 19, 2022•13 min•Ep 334•Transcript available on Metacast

New Consolation

AWS Morning Brief for the week of January 17, 2021 with Corey Quinn.

Jan 17, 2022•7 min•Ep 333•Transcript available on Metacast

CISOs Should Ideally Stay Out of Prison

Links: Comes with a cryptominer: https://krebsonsecurity.com/2022/01/norton-360-now-comes-with-a-cryptominer/ You could be federally charged with wire fraud for paying off a security researcher: https://www.justice.gov/usao-ndca/pr/former-uber-chief-security-officer-face-wire-fraud-charges-0 A source code leak of its Azure App Service: https://www.theregister.com/2021/12/24/azure_app_service_not_legit_source_code_leak/ “Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks...

Jan 13, 2022•6 min•Ep 332•Transcript available on Metacast

Azure's Terrible Security Posture Comes Home to Roost

Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/azures-terrible-security-posture-comes-home-to-roost/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the...

Jan 12, 2022•9 min•Ep 331•Transcript available on Metacast

LakeTrail for Clouds

AWS Morning Brief for the week of January 10, 2021 with Corey Quinn.

Jan 10, 2022•7 min•Ep 330•Transcript available on Metacast

Time to Give LastPass the Heave

Links: “Tokyo police lose 2 floppy disks containing personal info on 38 public housing applicants”: https://mainichi.jp/english/articles/20211227/p2a/00m/0na/072000c LastPass may have suffered a breach: https://news.ycombinator.com/item?id=29705957 “Worst AWS Data Breaches of 2021”: https://securityboulevard.com/2021/12/worst-aws-data-breaches-of-2021/ D.W. Morgan: https://www.hackread.com/logistics-giant-d-w-morgan-exposed-clients-data/ SEGA Europe: https://vpnoverview.com/news/sega-europe-suff...

Jan 06, 2022•5 min•Ep 329•Transcript available on Metacast

The AWS Service I Hate the Most

Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/the-aws-service-i-hate-the-most Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to hel...

Jan 05, 2022•9 min•Ep 328•Transcript available on Metacast

AWS Burninate

AWS Morning Brief for the week of January 3, 2021 with Corey Quinn.

Jan 03, 2022•6 min•Ep 327•Transcript available on Metacast

Self-Disclosure Heals Many Wounds

Links: “Cloud Security Breaches and Vulnerabilities”: https://blog.christophetd.fr/cloud-security-breaches-and-vulnerabilities-2021-in-review/ S3 Bucket Negligence Award: https://mytechdecisions.com/audio/sennheiser-responds-after-customer-data-from-2018-was-exposed-online/ Granted the role its support teams use to access customer accounts access to S3 objects: https://Twitter.com/0xdabbad00/status/1473448889948598275?s=12 S3 Bucket Negligence Award: https://www.modernghana.com/news/1127205/repo...

Dec 30, 2021•6 min•Ep 326•Transcript available on Metacast