A Day in the Life of Server #47B-2: An AWS Data Center Memoir

You want to find a way to maturely and sensibly store those secrets in ways that are centralized (so you don’t have to update every server / container / function whenever one changes), secure (so they remain secret), and accessible (in practice, there’s little difference between a service going down and you losing your credentials to talk to the service). There are a number of ways to do this with native AWS services.

Status Paging You Last week The Register did an analysis piece on the AWS Status Page that heavily quoted me. This is a good thing; I’m a big fan of seeing my name in print, and that goes double for a publication that played no small part in my decision to enter the technology field […]

The Trials and Travails of AWS SSO Our newest Principal Cloud Economist Alex Rasmussen hails from a data engineering background. This is a capability that we and our consulting clients have increasingly needed, but his experience means that he’s been focused on different specific areas of the AWS universe than we have. As a result, […]

One of the often-debated questions in AWS is whether AWS account IDs are sensitive information or not and the question has been oddly-difficult to answer definitively. AWS is extremely clear that you should not share passwords to your account with others. They’ve also been clear that things like EC2 instance IDs, S3 bucket names, and […]

The CDK’s approach of client-side generation of CloudFormation templates is deeply flawed, but eminently fixable.

On January 28th, 2022, AWS sent out an email announcement informing customers that GuardDuty now supported EKS findings. By all accounts, that’s great! I’m a big fan of GuardDuty and its continued expansion to other services is awesome. However, there were some issues with this announcement. First, it was sent after business hours on a […]

Tomorrow Amazon reports its quarterly earnings. I’ve talked in some depth about AWS’s compensation model being heavily stock driven, and the market being the market that means a number of excellent AWS friends who have been absolutely killing it find their fortunes rising and falling based entirely upon how well Amazon’s Underpants Store division performs. […]

The fourth stage managing cloud infrastructure is “clicking around in the web console, then lying about it.” I call it “ClickOps.”

Last week Orca Security published two critical vulnerabilities in AWS. This led to a bit of a hair-on-fire day, since AWS didn’t get around to saying anything formally about it until later that afternoon. The particularly eye-popping phrase that stood out from one of the announcements was: “Our research team believes, given the data found […]

I’ve been giving Azure a fair bit of grief lately for some embarrassing information security lapses, and I think it’s only fair for me to explain in a format beyond “some tweets” exactly why that is. The write-ups I’ve seen have all been deeply technical and more or less bury the lede, so let me […]

People often ask me what my favorite AWS service is (generally S3, EFS, Systems Manager, or IAM depending upon the day or my mood), but I virtually never get asked about the inverse: what’s the AWS service I despise most of all? Maybe people are scared of the answer. Maybe they think that it’s going […]

It’s time for me to summarize what happened over the course of this very strange year. Welcome to my attempt at “Last Year in AWS” focusing on things that I found interesting — or at least, worthy of comment. We kicked off 2021 with a bang with an attempted coup at the US Capitol which […]