Given that SolarWinds’ CEO decided to blame an intern for an issue, I wanted to take a moment to explain my thoughts on what interns should be blamed for. First, malfeasance. If they act dishonestly or unethically, that’s their fault. There is no second item on the list. The entire point of an internship is to learn. If that learning damages the company, either the company has failed to supervise the intern, or their processes need improvement. Often it’s both. If a company views interns as scapegoats or as cheap labor, they’re wrong and you shouldn’t consider interning there.
In lighter news, our Meanwhile in Security newsletter/podcast combo launches later this week. Be sure to subscribe if you haven’t already.
From the Community
This issue is sponsored in part by my friends at ChaosSearch! As you know, log analytics at scale with an ELK Stack can be expensive, unstable, and relentlessly time-sucking. Now try ChaosSearch – a fully managed log analytics platform that delivers the Elasticsearch API you love, but with absolutely NO Elasticsearch under the hood! ChaosSearch leverages your own Amazon S3 as a data store, which means no data movement, no data retention limits and savings of up to 80% vs an ELK Stack. In fact with ChaosSearch, you just Store, Connect & Analyze to start experiencing insights at scale from ALL of your data (tell them Corey Quinn sent you)!
Mangoteque (a company I accidentally named; no I’m not kidding) has a post on 3 Things to know when moving to public cloud.
Does your VPC endpoint allow access to half of the Internet? If that sounds like a ridiculous question, you should go read.
Poignant thoughts on the true meaning of technical debt.
AWS infrastructure can stand up to even the toughest hosting challenges, like providing malware that infects 30,000 Macs.
I can’t tell if this patent refusal is about burstable instances, the spot market, or something that never saw the light of day, but it’s interesting regardless.
A handy guide on choosing Parameter Store vs Secrets Manager.
Jesse DeRose (one of our Cloud Economists) has written a tagging best practices guide to AWS Cost Allocation.
Today’s S3 Bucket Negligence Award goes to a law firm. Ouch.
GCP vs. AWS is a common decision point. Here’s a comparison of their respective onboardings.
Some thoughts on Security Logging in Cloud Environments.
Amazon’s hometown paper picked up that profile of me. I dream of a day in the far distant future where people at AWS basically all know who I am. We are very far away from that moment.
If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!
Everyone sends email; if you want to get noticed it’s hard to beat direct physical mail. “That’s nuts; how the hell am I going to integrate licking stamps into my company’s workflows?” Meet Lob. Lob lets you turn the entire direct mail process into an API like any other. This handy ebook explains how and why– consider whether “direct mail as an API” might help you stand out without risking paper cuts.
Amazon Connect now provides disconnect reason for Voice Calls & Tasks – “Because the conversation sucked” is the honest but uncited answer in upwards of 80% of disconnected calls.
Amazon EC2 Mac Instances now support macOS Big Sur – It’s called Big Sir because the bill shows up and beats the sh*t out of me.
Amazon Elasticsearch Service add support for Reporting in Kibana – They’re slowly turning this into “Amazon ELK” except that they’re probably going to pass it through the Crap Service Naming team and brand it badly; maybe something like “AWS DeerCamp.”
AWS Network Firewall Deployment Automations for AWS Transit Gateway is Generally Available – This is one of those services that customers will never ask for by name, because they can’t possibly remember it. Welcome to the world, “that firewall transit gateway dingus.”
Introducing our new Solutions Training for Partners: Sales Best Practices courses – Learn to sell like AWS! Learn valuable tips like “suggesting Aurora at wildly inappropriate times,” “why it’s time to tag in a replacement sales rep every twenty minutes,” and “how to make peace with the fact that salespeople at your competitors drive Audis while you drive a Toyota.”
What is a unit metric? – I begrudgingly can find no fault in this cost management article by AWS and thus have to put about $40 worth of quarters into the Swear Jar.
Building a serverless multi-player game that scales – I do like this architecture diagram. It’s a rare gem that makes sense to me–I can tell what the services do, and it’s clearly not there just to rack up Architecture Points.
Algorithmic Trading on AWS with Amazon SageMaker and AWS Data Exchange – This will either ruin you, or make you rich beyond the wildest dreams of avarice. Either way, you won’t be worried about the AWS bill.
Facebook, Twitter, Github. What do they all have in common? Data exposure incidents in recent years where even though they had locked down their data stores, credentials leaked into their log files creating painful, public security incidents. Modern software development practices, from microservices to CI/CD, make it harder than ever to prevent log-based data leaks. Prevent data leaks through log file with Open Raven.
Amazon Rekognition Custom Labels Community Showcase – Featuring things like Hotdog/ Not Hotdog, is this senator a giant piece of crap, digital phrenology, will this achievement finally make my father proud of me, and many more.
3 things to like about the now globally available Think Big for Small Business Program – A company worth trillions lecturing small businesses has some real “hello, fellow kids” energy.
Perseverance lands on Mars, cloud-ready to explore – “I wonder how much credit for NASA’s work we can claim?” Significantly less than they just did. “We powered the website that hosted the ‘name the rover’ competition!” is just egging me on at this point; knowing that AWS was involved in naming anything makes the name immediately suspect.
Analyze and understand IAM role usage with Amazon Detective – Even hiring an actual detective won’t make sense of how IAM works.
How to protect sensitive data for its entire lifecycle in AWS – Protecting sensitive data for its entire lifecycle in MongoDB is way easier; just don’t turn your back on it for about as long as it takes to microwave a burrito, and then its lifecycle will be complete.
Updated whitepaper available: Encrypting File Data with Amazon Elastic File System – “We’ve updated our whitepaper on encryption” either results in you not caring at all, or caring a whole hell of a lot. Which it is depends upon who you are.
The rapid adoption of Kubernetes to manage containerized workloads is driving great efficiencies in application development, deployment, and scalability. However, when security becomes an afterthought, you risk diminishing the greatest gain of containerization – agility. Download this ebook to learn how to (1) build secure images and prevent untrusted/vulnerable code, (2) configure RBAC, network policies, and runtime privileges, (3) detect unauthorized runtime activity, and (4) secure your Kubernetes infrastructure components such as the API server.
… and that’s what happened Last Week in AWS.