Chris Hemsworth Is an L9 at Amazon, and I Have Questions

The Trials and Travails of AWS SSO Our newest Principal Cloud Economist Alex Rasmussen hails from a data engineering background. This is a capability that we and our consulting clients have increasingly needed, but his experience means that he’s been focused on different specific areas of the AWS universe than we have. As a result, […]

One of the often-debated questions in AWS is whether AWS account IDs are sensitive information or not and the question has been oddly-difficult to answer definitively. AWS is extremely clear that you should not share passwords to your account with others. They’ve also been clear that things like EC2 instance IDs, S3 bucket names, and […]

The CDK’s approach of client-side generation of CloudFormation templates is deeply flawed, but eminently fixable.

On January 28th, 2022, AWS sent out an email announcement informing customers that GuardDuty now supported EKS findings. By all accounts, that’s great! I’m a big fan of GuardDuty and its continued expansion to other services is awesome. However, there were some issues with this announcement. First, it was sent after business hours on a […]

Tomorrow Amazon reports its quarterly earnings. I’ve talked in some depth about AWS’s compensation model being heavily stock driven, and the market being the market that means a number of excellent AWS friends who have been absolutely killing it find their fortunes rising and falling based entirely upon how well Amazon’s Underpants Store division performs. […]

The fourth stage managing cloud infrastructure is “clicking around in the web console, then lying about it.” I call it “ClickOps.”

Last week Orca Security published two critical vulnerabilities in AWS. This led to a bit of a hair-on-fire day, since AWS didn’t get around to saying anything formally about it until later that afternoon. The particularly eye-popping phrase that stood out from one of the announcements was: “Our research team believes, given the data found […]

I’ve been giving Azure a fair bit of grief lately for some embarrassing information security lapses, and I think it’s only fair for me to explain in a format beyond “some tweets” exactly why that is. The write-ups I’ve seen have all been deeply technical and more or less bury the lede, so let me […]

People often ask me what my favorite AWS service is (generally S3, EFS, Systems Manager, or IAM depending upon the day or my mood), but I virtually never get asked about the inverse: what’s the AWS service I despise most of all? Maybe people are scared of the answer. Maybe they think that it’s going […]

It’s time for me to summarize what happened over the course of this very strange year. Welcome to my attempt at “Last Year in AWS” focusing on things that I found interesting — or at least, worthy of comment. We kicked off 2021 with a bang with an attempted coup at the US Capitol which […]

In the run-up to re:Invent (where as you might imagine I had a whole mess of other things on my mind) AWS significantly expanded their free tier offering for outbound data transfer. TechRadar called it “a major expansion,” The Register likewise sang its praises, and CloudFlare CEO Matthew Prince claimed he was “doing a dance […]

AWS published its analysis of last week’s us-east-1 outage, and it raises more questions than it answers. I understand that they wanted to get it out when they did (late on a Friday during one of the worst cybersecurity flaps in years), to avoid excessive attention. But I’m unconvinced in reading it that the outage […]