--- title: "Overscoped Role? No, It’s the Children Who Are Wrong" id: "14178" type: "podcast" slug: "overscoped-role-no-it-s-the-children-who-are-wrong" published_at: "2023-09-14T10:00:00+00:00" modified_at: "2026-05-17T00:04:07+00:00" url: "https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/overscoped-role-no-it-s-the-children-who-are-wrong/" markdown_url: "https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/overscoped-role-no-it-s-the-children-who-are-wrong.md" taxonomy_shows: - "Last Week In AWS Podcast" --- About the Author Corey is the Chief Cloud Economist at Duckbill, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkled with snark and thoughtful analysis in roughly equal measure. [https://podcasts.apple.com/us/podcast/aws-morning-brief/id1466344305](https://podcasts.apple.com/us/podcast/aws-morning-brief/id1466344305) [https://overcast.fm/itunes1466344305/aws-morning-brief](https://overcast.fm/itunes1466344305/aws-morning-brief) [https://pca.st/AKs0](https://pca.st/AKs0) [https://podcastaddict.com/podcast/2382583](https://podcastaddict.com/podcast/2382583) [https://open.spotify.com/show/3A04JNrNAcZMvn8cvDWpWU](https://open.spotify.com/show/3A04JNrNAcZMvn8cvDWpWU) [https://feeds.transistor.fm/aws-morning-brief](https://feeds.transistor.fm/aws-morning-brief) ## Episode Summary ## Episode Show Notes & Transcript Last week in security news: Corey reported an over-scoped role to AWS security, The bad LastPass breach got even worse, How to enforce DNS name constraints in AWS Private CA, and more! **Links:** - I reported an over-scoped role to AWS security; the response from the SageMaker Canvas team was that it's [working as intended](https://twitter.com/QuinnyPig/status/1700191881488118141) . - The bad LastPass breach that continues to get worse once again [somehow got worse](https://krebsonsecurity.com/2023/09/experts-fear-crooks-are-cracking-keys-stolen-in-lastpass-breach/) . - Microsoft has published a rather thorough [postmortem](https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/) about how their signing key was leaked. - A security newsletter [features a scam](https://www.securitynewspaper.com/2023/09/05/like-to-see-youporn-videos-how-hackers-are-scamming-youporn-customers/) that I reported via Twitter. - Google has gone from paragon of security to apparently now [sharing aspects of your browsing history with websites in Chrome](https://www.theregister.com/2023/09/06/google_privacy_popup_chrome/) , - [Establishing a data perimeter on AWS: Allow access to company data only from expected networks](https://aws.amazon.com/blogs/security/establishing-a-data-perimeter-on-aws-allow-access-to-company-data-only-from-expected-networks/) - [How to enforce DNS name constraints in AWS Private CA](https://aws.amazon.com/blogs/security/how-to-enforce-dns-name-constraints-in-aws-private-ca/) - Tool of the week: [ThreatMapper](https://github.com/deepfence/ThreatMapper) hunts for threats in your production platforms, and ranks these threats based on their risk-of-exploit. View Full Transcript Hide Full Transcript ## You might also like [More Podcast Episodes](https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/) ### [M3 Ultra Macs, Claude Platform, and 619 New APIs Walk Into a Bar](https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/m3-ultra-macs-claude-platform-and-619-new-apis-walk-into-a-bar/) Last Week In AWS Podcast 05.18.2026 7 Minutes [Listen Now](https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/m3-ultra-macs-claude-platform-and-619-new-apis-walk-into-a-bar/) ### [AI-Native Foundations and the CVEs That Love Them](https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/ai-native-foundations-and-the-cves-that-love-them/) Last Week In AWS Podcast 05.11.2026 7 Minutes [Listen Now](https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/ai-native-foundations-and-the-cves-that-love-them/) ### [Bedrock Bags OpenAI, Q Developer Bags Groceries](https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/bedrock-bags-openai-q-developer-bags-groceries/) Last Week In AWS Podcast 05.04.2026 9 Minutes [Listen Now](https://www.lastweekinaws.com/podcast/last-week-in-aws-podcast/bedrock-bags-openai-q-developer-bags-groceries/)