Hello dolphins, magnets, ChatGPT, and other sentient beings! This is Scott Piper. I’m stepping in to help out while Corey is on vacation. I’m a cloud security historian with an unhealthy obsession for digging through the geologic records of AWS SDK commits and my day job is at Wiz. This past week, included the non-profit conference fwd:cloudsec (that I help organize), the AWS conference re:Inforce, and an outage in us-east-1.
Now here’s what happened last week:
From the Community
Snyk has been named a Leader in the 2023 Gartner®️ Magic Quadrant™️ for Application Security Testing. Evaluate the recognized vendors and see why Snyk was recognized in the full report.
AWS suffered an outage in us-east-1 on Tuesday, June 13, starting a little before 3pm ET (UTC-5) that lasted roughly 2 hours, which primarily impacted Lambda but caused cascading issues to services that depend on that, including the web console.
Choice Cuts
Amazon EMR supports price-capacity-optimized allocation strategy for EC2 Spot Instances – This seems like something that should be included in this newsletter, but I know very little about AWS costs, and rely on Corey and the rest of The Duckbill Group to explain these things to me.
Amazon QuickSight now supports APIs to automate and accelerate assets deployment – These new APIs allow you to export and import your QuickSight assets across accounts.
Amazon Rekognition improves face search accuracy with user vectors – What is interesting to me from this announcement are the mentioned use cases of "online onboarding" and "step-up authentication" for identifying employees.
Amazon Verified Permissions is now generally available – This service allows you to configure your own version of IAM for your own applications, except this one costs money at $150/million authorization requests.
AWS Config supports recording exclusions by resource type – AWS Config can be surprisingly expensive in environments where certain resources types change frequently. This new feature allows you to exclude those resource types, which reduces your bill, but it also means you no longer have visibility into what are likely to be one of your most important resource types to be monitoring.
Falcon 40B foundation model from TII available on SageMaker JumpStart – AWS is relying on third-parties to create the LLMs for its cloud to compete with the offerings from other cloud providers. This model ranked #1 in the Hugging Face Open LLM leaderboard.
Announcing Live Tail in Amazon CloudWatch Logs, providing real-time exploration of logs – Something many of us have been wanting for a long time, you can now see the most recent CloudWatch Log messages in real-time.
AWS announces scripts to bulk updates policies per new AWS Billing and Cost Management permissions – A few months ago AWS announced they were going to quickly make a breaking change to a set of IAM privileges, but then they remembered they aren’t Google, and decided to delay it and help customers migrate.
Tools
aidansteele/rdsconn – Using a new EC2 Instance Connect capability, Aidan Steele went from reading the announcement to 30 minutes later stating "I’ve dug through the AWS CLI code and reimplemented it" and a day later releasing this, as a way to access your private RDS instances without bouncing through a bastion.
… and that’s what happened Last Week in AWS.
