---
title: "Connecting All William-Nilliam"
id: "13051"
type: "podcast"
slug: "connecting-all-william-nilliam"
published_at: "2022-09-22T10:00:00+00:00"
modified_at: "2023-03-13T17:58:17+00:00"
url: "https://www.lastweekinaws.com/podcast/aws-morning-brief/connecting-all-william-nilliam/"
markdown_url: "https://www.lastweekinaws.com/podcast/aws-morning-brief/connecting-all-william-nilliam.md"
taxonomy_shows:
  - "Last Week In AWS"
---

About the Author Corey is the Chief Cloud Economist at Duckbill, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkled with snark and thoughtful analysis in roughly equal measure.

[https://podcasts.apple.com/us/podcast/aws-morning-brief/id1466344305](https://podcasts.apple.com/us/podcast/aws-morning-brief/id1466344305)

[https://overcast.fm/itunes1466344305/aws-morning-brief](https://overcast.fm/itunes1466344305/aws-morning-brief)

[https://pca.st/AKs0](https://pca.st/AKs0)

[https://podcastaddict.com/podcast/2382583](https://podcastaddict.com/podcast/2382583)

[https://open.spotify.com/show/3A04JNrNAcZMvn8cvDWpWU](https://open.spotify.com/show/3A04JNrNAcZMvn8cvDWpWU)

[https://feeds.transistor.fm/aws-morning-brief](https://feeds.transistor.fm/aws-morning-brief)

## Episode Summary

Last week in security news: BHIM leaks the details of 7.26 million users, a great rundown of how to think about external IDs for accessing AWS accounts, and a script for reapplying TouchID settings on sudo requests after they get wiped by MacOS updates.

## Episode Show Notes & Transcript

**Links:**

- If you're near Arlington Virgina, come on by [Highline](https://www.highlinerxr.com/) this evening at 7PM and let me buy you a drink.
- Are you confused by AWS's KMS service? Me too. This [guide to KMS](https://securityboulevard.com/2022/09/the-complete-guide-to-aws-kms/) helped a lot--and you really don't want to be confused by security things.
- BHIM leaks the details of 7.26 million users and scores themselves an [S3 Bucket Negligence Award](https://www.nationalheraldindia.com/national/726-million-records-of-bhim-users-data-leaked-report) in the process. Stop doing this!
- [Securely Using External ID for Accessing AWS Accounts Owned by Others](https://aws.amazon.com/blogs/apn/securely-using-external-id-for-accessing-aws-accounts-owned-by-others/) - AWS blesses us with a great rundown of how to think about external IDs for accessing AWS accounts.
- [Use AWS Network Firewall to filter outbound HTTPS traffic from applications hosted on Amazon EKS and collect hostnames provided by SNI](https://aws.amazon.com/blogs/security/use-aws-network-firewall-to-filter-outbound-https-traffic-from-applications-hosted-on-amazon-eks/) - Don't let your sensitive environments connect all willy-nilly (or more formally, all William-Nilliam) to anything they want on the internet.
- Last week I mentioned that you might want to enable TouchID to approve sudo requests on macOS. A couple of you pointed out that this setting gets wiped on OS updates, so having [a script like this](https://gist.github.com/mauvehed/9392126bfbef1502a4c8c6d95d0e763d) handy to reapply it will likely serve you well.
- [Cloudfox](https://github.com/BishopFox/cloudfox) is a great collection of scripts stuffed into a framework and called a tool that empowers cloud penetration tests. Much like the industry, it biases heavily for AWS; take a look.

 View Full Transcript  Hide Full Transcript

## You might also like

[More Podcast Episodes](https://www.lastweekinaws.com/podcast/aws-morning-brief/)