Podcasts about aws secrets manager

  • 17PODCASTS
  • 31EPISODES
  • 42mAVG DURATION
  • 1MONTHLY NEW EPISODE
  • Jan 17, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about aws secrets manager

Latest podcast episodes about aws secrets manager

Trust Issues
EP 69 - Cloudy with a 100% Chance of Secrets: Decoding Secrets Management in the Cloud

Trust Issues

Play Episode Listen Later Jan 17, 2025 39:02


In this episode of the Trust Issues podcast, host David Puner dives into the complexities of secrets management with Ritesh Desai, General Manager at AWS Secrets Manager. They discuss the evolving landscape of secrets management, emphasizing the importance of a multi-layered defense strategy as organizations increasingly adopt cloud services, digital transformation and agile development practices. Ritesh highlights the critical role of machine identities in managing secrets and the growing significance of AI and automation in enhancing security measures. He also underscores the necessity of a comprehensive approach that includes discovery, visibility and leak detection to safeguard sensitive information effectively. The conversation covers the challenges of managing secrets in multi-cloud environments and the importance of regular secret rotation and access control. This episode provides valuable insights into best practices and strategies for securing secrets. 

The Cloud Pod
285: 6 years of cloud news… and we're still talking about FPGAs and PowerPC

The Cloud Pod

Play Episode Listen Later Dec 26, 2024 57:55


Welcome to episode 285 of the Explain it to me Like I'm 5 Podcast, formerly known as The Cloud Pod – where the forecast is always cloudy! We've got a lot of news this week, including the last of our coverage from re:Invent, ChatGTP Pro, FPGA, and even some major staffing turnovers. Titles we almost went with this week: Throw $200 dollars in a fire with ChatGPT Pro Jeff Barr is wrapped up by Agentic AI The Tribble with Trilliums The Wind in the Quantum Willows  Rise of the dead instances FPGA and PowerPC Jeff Barr is replaced by Nova The Cloud Pod: Return of the dead instances types After 6 year Jeff Barr hands over the reigns to the CloudPod For our 6th birthday Jeff barr Retires For our 6th birthday jeff barr delegates announcements to the cloud pod 6 years of meaningless PR drivel 6 years of cloud news and we still don't know what Quantum computing is A big thanks to this week's sponsor: We're sponsorless! Want to get your brand, company, or service in front of a very enthusiastic group of cloud news seekers? You've come to the right place! Send us an email or hit us up on our slack channel for more info.  General News HAPPY 6th BIRTHDAY!  2:00 HashiCorp at re:Invent 2024: Security Lifecycle Management with AWS Hashi is a big sponsor of re:Invent, so of course they had some news of their own to release.  HCP Vault Secrets auto-rotation is now generally available.  Dynamic secrets are generally available via HCP Vault Secrets. Secrets sync will help keep your secrets synced with AWS Secrets Manager. It still appears to be one direction, but you can now also view secrets in AWS Secrets Manager that are managed by vault.  HCP Vault Radar, now in beta, automates the detection and identification of unmanaged secrets in your code, including AWS infrastructure configurations 03:10 Matthew – “This qualifies under the category of things that I feel like we talked about so long ago, I just already assumed was GA. I’m surprised that it wasn’t.” 03:34 HashiCorp at re:Invent 2024: Infrastructure Lifecycle Management with AWS Terraform AWS provider is now at 3 billion downloads.  The

The Daily Decrypt - Cyber News and Discussions
CyberSecurity News: Child Predators Get Ransomwared, Cloud CLI Exposes Credentials, United Nations Data Theft

The Daily Decrypt - Cyber News and Discussions

Play Episode Listen Later Apr 22, 2024


From malware developers targeting child exploiters with ransomware, to major cloud services exposing credentials, learn how digital vigilantes and technological oversights shape online security. Featuring insights on the United Nations' latest ransomware dilemma, uncover the intricate web of cybersecurity challenges faced globally. URLs for Reference: Malware Dev lures child exploiters into honeytrap to extort them AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs United Nations agency investigates ransomware attack, data theft Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: cybersecurity, ransomware, malware, cloud security, digital threats, cyber vigilantes, tech giants, United Nations, cyber attack, data theft, CryptVPN, AWS, Google Cloud, Azure, CLI tools, BleepingComputer, The Hacker News Search Phrases: Cyber vigilante justice malware extortion Cloud CLI tools security vulnerabilities United Nations cyberattack investigation CryptVPN ransomware against child exploiters AWS, Google, and Azure CLI tools leaking credentials Impact of ransomware on global organizations Cybersecurity threats in cloud computing Cybersecurity tactics against illegal online activities Data breach at United Nations agency New trends in cyber threats and digital security Transcript: Apr22 Malware developers are now targeting individuals seeking child exploitation material, employing cryptVPN ransomware to extort them by locking their systems and demanding payment, as revealed by Bleeping Computer. What methods are these developers using, and why do I want them to succeed? Leaky CLI, a vulnerability discovered by Orca in AWS, Google, and Azure CLI tools, is exposing sensitive credentials in build logs, putting countless organizations at risk of cyber attacks. What measures can organizations take to prevent sensitive credentials from being exposed by build logs? Finally, hackers have infiltrated the United Nations Development Program's IT systems, stealing sensitive human resources data from its global network dedicated to fighting poverty and inequality. You're listening to the Daily Decrypt. Malware developers are now turning their tactics against individuals seeking child exploitation material, specifically targeting them with ransomware designed to extort money by feigning legal action. This new strain of malware, dubbed CryptVPN, was recently analyzed by Bleeping Computer after a sample was shared with the cybersecurity researcher MalwareHunterTeam. CryptVPN tricks users into downloading a seemingly harmless software, which then locks the user's desktop and changes their wallpaper to a menacing ransom note. The ploy begins with a decoy website that impersonates. Usenet Club, a purported subscription service offering uncensored access to downloadable content from Usenet, which is an established network used for various discussions, which unfortunately also includes illegal content. The site offers several subscription tiers, but the trap is set with the free tier, which requires the installation of the CryptVPN software to access the supposed free content. Now to be honest, I feel like I don't even want to give away these clues to any child predators that may be listening. So I'm going to stop there as far as how the attack works, but I'm really glad that attackers have found this vector because people who are partaking in illegal activities have a lot to lose and are often pretty scared, you know, unless they're complete psychopaths. And and so if someone's able to get the information or lure people into these websites You know, this reminds me of something that happened to me back in my single days. And those of you who know me personally can validate the authenticity of this story, but it might sound a little crazy to just an average listener. But swiping on Tinder, matched with someone, they didn't really want to chat too much, they just wanted to start sending nude photographs. And I personally, it's not my thing, but let's just say I'm not going to unmatch this person for offering. And so nude photographs came through, there was no exchange, but they did ask for photographs of myself, which I was not interested in sending. And in fact, I wasn't really interested in pursuing anyone who would just jump in and send nude photographs. So I stopped talking to them. And about a couple of days later, I got a phone call from a Someone claiming to be the police department, saying that they had gotten my number from this girl's dad, and she's underage, and now they have proof that I've been sending nude photographs to this underage person. Well, I don't know. They accused me of that and that never happened. So immediately I knew it was a scan. But let's just say hypothetically that I had sent pictures to this person. I would be pretty scared receiving this threat. Because my whole life would change, right? If I became a child predator or a sexual predator or whatever it's called, then like a lot of stuff changes. And at the time I was in the military, so that was the end of my military career or whatever. So it's a very similar to that. If you're doing something wrong. And you get caught in a trap, you're very likely to pay the ransom. So first of all, don't mess around with children online. Don't do illegal sexual things. And you have nothing to worry about with this scam. So please stop doing that. Don't do that. And you've got nothing to worry about, it's been recently unveiled that command line interface tools from the tech giants such as Amazon Web Services and Google Cloud are susceptible to exposing sensitive credentials in the build logs, presenting a substantial security hazard to enterprises. This vulnerability is a Which the cloud security firm Orca has dubbed Leaky CLI, involves certain commands on the Azure CLI, AWS CLI, and Google Cloud CLI that could reveal environment variables. Roy Nizmi, a prominent security researcher, highlights in a report to the Hacker News that, quote, some commands can expose sensitive information in the form of environment variables, which can be collected by adversaries when published by tools such as GitHub Actions. In response, Microsoft has proactively addressed this security lapse in its November 2023 update, designating it with the CVE identifier 2023 36052, which carries a critical CVSS score of 8. 6 out of 10. Conversely, Amazon and Google view the exposure of environment variables as an anticipated behavior, advising organizations to refrain from storing secrets within these variables. Instead, they recommend using specialized services like AWS Secrets Manager or Google Cloud Secret Manager, which is a great recommendation. Furthermore, Google has advised users of its CLI tools to employ the dash dash no dash user output enabled option, which prevents the printing of command output to the terminal, thereby mitigating the risk of data leaks. Orca has also identified several instances on GitHub where projects inadvertently leaked access tokens and other sensitive data through continuous integration and deployment tools, including GitHub actions, CircleCI, TravisCI, and CloudBuild, which is always going to be a problem. Take those. Pull request reviews, seriously. Nimzy warns, if bad actors get their hands on these environment variables, this could potentially lead to view sensitive information, including credentials, such as passwords, usernames, and keys, which could allow them to access any resources that the repository owners can. He added that CLI commands are by default assumed to be running in a secure environment. But coupled with CICD pipelines or continuous integration, continuous development, they may pose a security threat. This ongoing issue underscores the critical need for heightened security measures within cloud computing environments. Go out there, get you a new cloud job, my guys. Finally, the United Nations Development Program, or UNDP, has launched an investigation into a significant cyber attack where intruders compromised its IT systems, resulting in the theft of critical human resources data. So, human resources data sounds It's pretty benign to me, like, the way that that's framed seems like nothing, but think about what the data Human Resources has. It's the crown jewels. They've got your social security number for your W 2 form, they've got your previous jobs, they've got your address, they've got your email address, they've got everything. So Human Resources data is nothing to bat an eye at. The agency, which is a cornerstone of the United Nations efforts to combat poverty and inequality worldwide. Confirmed the breach occurred in late March within the local IT infrastructure for the United Nations. Following the detection of the breach on March 27th, thanks to a threat intelligence alert, UNDP acted swiftly. Quote, actions were immediately taken to identify a potential source and contain the effective server as well. As to determine the specifics of the exposed data and who was impacted. The ongoing investigation seeks to fully understand the incident's nature and scope, as well as its impact on individuals whose information was compromised, but to further complicate some matters, the eight base ransomware gang, a group known for its broad attacks on various industries, claimed responsibility for the data theft. On the same day as the breach, they added a new entry for UNDP on their dark web leak site. The documents leaked, according to the attackers, contain a huge amount of confidential information, ranging from personal data to financial records and employment contracts. This cyberattack is not the first the United Nations has suffered. Previous breaches have struck the United Nations Environmental Program and key United Nations networks in Geneva and Vienna, showcasing ongoing vulnerabilities within UNIT systems. Meanwhile, the 8Base group, which claims to target companies neglecting data privacy, continues its surge of attacks, having listed over 350 victims on its data leak site to date. So if you're listening and you know your company is rejecting some data privacy protocols, maybe use this story as incentive to get them to pay more attention to this. That's all we got for you today. Happy Monday. Thanks so much for listening. Please head over to our social media accounts, Instagram, Twitter, Twitter. com. Youtube Give us a follow, give us a like, and send us a comment. We'd love to talk. And we'll be back tomorrow with some more news.

AWS Bites
97. Configuration for AWS Applications (Env vars, SSM, Secrets Manager, AppConfig)

AWS Bites

Play Episode Listen Later Sep 28, 2023 34:33


Rev up your AWS know-how in this high-octane episode of AWS Bites Podcast, where we take you under the hood to fine-tune your AWS applications configuration! Kicking things off, we rev our engines and stress the vital role of slick configuration management in the world of cloud-based applications, leaving those old-school methods in the dust. Buckle up as we steer you through the twists and turns, starting with the straightforward horsepower of environment variables, giving you the lowdown on what fuels them and when to put the brakes on. We then shift gears to introduce AWS Systems Manager Parameter Store as a simple, yet effective solution that can provide you with all the torque you need. Secrets Manager rolls in next, guarding your valuable secrets with KMS encryption and IAM. The track leads to AppConfig, where they fine-tune your configuration game, ensuring smooth deployments and no pit stops for errors. For the daredevils out there, we open the toolbox and show you how to custom-build your own configuration engine, putting you in the driver's seat. Finally, we rev up the engine one last time and hit the gas with our recommendations, offering you a turbocharged approach to AWS configuration, tailored to your application's needs. So, tighten those bolts and get ready for a ride that'll leave your AWS configuration skills purring like a finely-tuned machine!

Screaming in the Cloud
Centralizing Cloud Security Breach Information with Chris Farris

Screaming in the Cloud

Play Episode Listen Later Jun 8, 2023 35:06


Chris Farris, Cloud Security Nerd at PrimeHarbor Technologies, LLC, joins Corey on Screaming in the Cloud to discuss his new project, breaches.cloud, and why he feels having a centralized location for cloud security breach information is so important. Corey and Chris also discuss what it means to dive into entrepreneurship, including both the benefits of not having to work within a corporate structure and the challenges that come with running your own business. Chris also reveals what led him to start breaches.cloud, and what he's learned about some of the biggest cloud security breaches so far. About ChrisChris Farris is a highly experienced IT professional with a career spanning over 25 years. During this time, he has focused on various areas, including Linux, networking, and security. For the past eight years, he has been deeply involved in public-cloud and public-cloud security in media and entertainment, leveraging his expertise to build and evolve multiple cloud security programs.Chris is passionate about enabling the broader security team's objectives of secure design, incident response, and vulnerability management. He has developed cloud security standards and baselines to provide risk-based guidance to development and operations teams. As a practitioner, he has architected and implemented numerous serverless and traditional cloud applications, focusing on deployment, security, operations, and financial modeling.He is one of the organizers of the fwd:cloudsec conference and presented at various AWS conferences and BSides events. Chris shares his insights on security and technology on social media platforms like Twitter, Mastodon and his website https://www.chrisfarris.com.Links Referenced: fwd:cloudsec: https://fwdcloudsec.org/ breaches.cloud: https://breaches.cloud Twitter: https://twitter.com/jcfarris Company Site: https://www.primeharbor.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud, I'm Corey Quinn. My returning guest today is Chris Farris, now at PrimeHarbor, which is his own consultancy. Chris, welcome back. Last time we spoke, you were a Turbot, and now you've decided to go independent because you don't like sleep anymore.Chris: Yeah, I don't like sleep.Corey: [laugh]. It's one of those things where when I went independent, at least in my case, everyone thought that it was, oh, I have this grand vision of what the world could be and how I could look at these things, and that's going to just be great and awesome and everyone's going to just be a better world for it. In my case, it was, no, just there was quite literally nothing else for me to do that didn't feel like an exact reframing of what I'd already been doing for years. I'm a terrible employee and setting out on my own was important. It was the only way I found that I could wind up getting to a place of not worrying about getting fired all the time because that was my particular skill set. And I look back at it now, almost seven years in, and it's one of those things where if I had known then what I know now, I never would have started.Chris: Well, that was encouraging. Thank you [laugh].Corey: Oh, of course. And in sincerity, it's not one of those things where there's any one thing that stops you, but it's the, a lot of people get into the independent consulting dance because they want to do a thing and they're very good at that thing and they love that thing. The problem is, when you're independent, and at least starting out, I was spending over 70% of my time on things that were not billable, which included things like go and find new clients, go and talk to existing clients, the freaking accounting. One of the first hires I made was a fractional CFO, which changed my life. Up until that, my business partner and I were more or less dead reckoning of looking at the bank account and how much money is in there to determine if we could afford things. That's a very unsophisticated way of navigating. It's like driving by braille.Chris: Yeah, I think I went into it mostly as a way to define my professional identity outside of my W-2 employer. I had built cloud security programs for two major media companies and felt like that was my identity: I was the cloud security person for these companies. And so, I was like, ehh, why don't I just define myself as myself, rather than define myself as being part of a company that, in the media space, they are getting overwhelmed by change, and job security, job satisfaction, wasn't really something that I could count on.Corey: One of the weird things that I found—it's counterintuitive—is that when you're independent, you have gotten to a point where you have hit a point of sustainability, where you're not doing the oh, I'm just going to go work for 40 billable hours a week for a client. It's just like being an employee without a bunch of protections and extra steps. That doesn't work super well. But now, at the point where I'm at where the largest client we have is a single-digit percentage of revenue, I can't get fired anymore, without having a whole bunch of people suddenly turn on me because I've done something monstrous, in which case, I probably deserve not to have business anymore, or there's something systemic in the macro environment, which given that I do the media side and I do the cost-cutting side, I work on the way up, I work on the way down, I'm questioning what that looks like in a scenario that doesn't involve me hunting for food. But it's counterintuitive to people who have been employees their whole life, like I was, where, oh, it's risky and dangerous to go out on your own.Chris: It's risky and dangerous to be, you know, tied to a single, yeah, W-2 paycheck. So.Corey: Yeah. The question I'd like to ask is, how many people need to be really pissed off before you have one of those conversations with HR that doesn't involve giving you a cup of coffee? That's the tell: when you don't get coffee, it's a bad conversation.Chris: Actually, that you haven't seen [unintelligible 00:04:25] coffee these days. You don't want the cup of coffee, you know. That's—Corey: Even when they don't give you the crappy percolator navy coffee, like, midnight hobo diner style, it's still going to be a bad meeting because [unintelligible 00:04:37] pretend the coffee's palatable.Chris: Perhaps, yes. I like not having to deal with my own HR department. And I do agree that yeah, getting out of the W-2 space allows me to work on side projects that interests me or, you know, volunteer to do things like continuing the fwd:cloudsec, developing breaches.cloud, et cetera.Corey: I'll never forget, one of my last jobs I had a boss who walked past and saw me looking at Reddit and asked me if that was really the best use of my time. At first—it was in, I think, the sysadmin forum at the time, so yes, it was very much the best use of my time for the problem I was focusing on, but also, even if it wasn't, I spent an inordinate amount of time on social media, just telling stories and building audiences, on some level. That's the weird thing is that what counts as work versus what doesn't count as work gets very squishy when you're doing your own marketing.Chris: True. And even when I was a W-2 employee, I spent a lot of time on Twitter because Twitter was an intel source for us. It was like, “Hey, who's talking about the latest cloud security misconfigurations? Who's talking about the latest data breach? What is Mandiant tweeting about?” It was, you know—I consider it part of my job to be on Twitter and watching things.Corey: Oh, people ask me that. “So, you're on Twitter an awful lot. Don't you have a newsletter to write?” Like, yeah, where do you think that content comes from, buddy?Chris: Exactly. Twitter and Mastodon. And Reddit now.Corey: There's a whole argument to be had about where to find various things. For me at least, because I'm only security adjacent, I was always trying to report the news that other people had, not make the news myself.Chris: You don't want to be the one making the news in security.Corey: Speaking of, I'd like to talk a bit about what you just alluded to breaches.cloud. I don't think I've seen that come across my desk yet, which tells me that it has not been making a big splash just yet.Chris: I haven't been really announcing it; it got published the other night and so basically, yeah, is this is sort of a inaugural marketing push for breaches.cloud. So, what we're looking to do is document all the public cloud security breaches, what happened, why, and more importantly, what the companies did or didn't do that led to the security incident or the security breach.Corey: How are you slicing the difference between broad versus deep? And what I mean by that is, there are some companies where there are indictments and massive deep dives into everything that happens with timelines and blows-by-blows, and other times you wind up with the email that shows up one day of, “Security is very important to us. Now, listen to how we completely dropped the ball on it.” And it just makes the biggest description that they can get away with of what happened. Occasionally, you find out oh, it was an open S3 buckets, or they'll allude to something that sounds like it. Does that count for inclusion? Does it not? How do you make those editorial decisions?Chris: So, we haven't yet built a page around just all of the recipients of the Bucket Negligence Award. We're looking at the specific ones where there's been something that's happened that's usually involving IAM credentials—oftentimes involving IAM credentials found in GitHub—and what led to that. So, in a lot of cases, if there's a detailed company postmortem that they send their customers that said, “Hey, we goofed up, but complete transparency—” and then they hit all the bullet points of how they goofed up. Or in the case of certain others, like Uber, “Hey, we have court transcripts that we can go to,” or, “We have federal indictments,” or, “We have court transcripts, and federal indictments and FTC civil actions.” And so, we go through those trying to suss out what the company did or did not do that led to the breach. And really, the goal here is to be able to articulate as security practitioners, hey, don't attach S3 full access to this role on EC2. That's what got Capital One in trouble.Corey: I have a lot of sympathy for the Capital One breach and I wish they would talk about it more than they do, for obvious reasons, just because it was not, someone showed up and made a very obvious dumb decision, like, “Oh, that was what that giant red screaming thing in the S3 console means.” It was a series of small misconfigurations that led to another one, to another one, to another one, and eventually gets to a point where a sophisticated attacker was able to chain them all together. And yes, it's bad, yes, they're a bank and the rest, but I look at that and it's—that's the sort of exploit that you look at and it's okay, I see it. I absolutely see it. Someone was very clever, and a bunch of small things that didn't rise to the obvious. But they got dragged and castigated as if they basically had a four-character password that they'd left on the back of the laptop on a Post-It note in an airport lounge when their CEO was traveling. Which is not the case.Chris: Or all of the highlighting the fact that Paige Thompson was a former Amazon employee, making it seem like it was her insider abilities that lead to the incident, rather than she just knew that, hey, there's a metadata service and it gives me creds if I ask it.Corey: Right. That drove me nuts. There was no maleficence as an employee. And to be very direct, from what I understand of internal AWS controls, had there been, it would have been audited, flagged, caught, interdicted. I have talked to enough Amazonians that either a lot of them are lying to me very consistently despite not knowing each other, or they're being honest when they say that you can't get access to customer data using secret inside hacks.Chris: Yeah. I have reasonably good faith in AWS and their ability to not touch customer data in most scenarios. And I've had cases that I'm not allowed to talk about where Amazon has gone and accessed customer data, and the amount of rigmarole and questions and drilling that I got as a customer to have them do that was pretty intense and somewhat, actually, annoying.Corey: Oh, absolutely. And, on some level, it gets frustrating when it's a, look, this is a test account. I have nothing of sensitive value in here. I want the thing that isn't working to start working. Can I just give you a whole, like, admin-powered user account and we can move on past all of this? And their answer is always absolutely not.Chris: Yes. Or, “Hey, can you put this in our bucket?” “No, we can't even write to a public bucket or a bucket that, you know, they can share too.” So.Corey: An Amazonian had to mail me a hard drive because they could not send anything out of S3 to me.Chris: There you go.Corey: So, then I wound up uploading it back to S3 with, you know, a Snowball Edge because there's no overkill like massive overkill.Chris: No, the [snowmobile 00:11:29] would have been the massive overkill. But depending on where you live, you know, you might not have been able to get a permit to park the snowmobile there.Corey: They apparently require a loading dock. Same as with the outposts. I can't fake having one of those on my front porch yet.Chris: Ah. Well, there you go. I mean, you know it's the right height though, and you don't mind them ruining your lawn.Corey: So, help me understand. It makes sense to me at least, on some level, why having a central repository of all the various cloud security breaches in one place that's easy to reference is valuable. But what caused you to decide, you know, rather than saying it'd be nice to have, I'm going to go build that thing?Chris: Yeah, so it was actually right before the last time we spoke, Nicholas Sharp was indicted. And there was like, hey, this person was indicted for, you know, this cloud security case. And I'm like, that name rings a bell, but I don't remember who this person was. And so, I kind of realized that there's so many of these things happening now that I forget who is who. And so, when a new piece of news comes along, I'm like, where did this come from and how does this fit into what my knowledge of cloud security is and cloud security cases?So, I kind of realized that these are all running together in my mind. The Department of Justice only referenced ‘Company One,' so it wasn't clear to me if this even was a new cloud incident or one I already knew about. And so basically, I decided, okay, let's build this. Breaches.cloud was available; I think I kind of got the idea from hackingthe.cloud.And I had been working with some college students through the Collegiate Cyber Defense Competition, and I was like, “Hey, anybody want a spring research project that I will pay you for?” And so yeah, PrimeHarbor funded two college students to do quite a bit of the background research for me, I mentored them through, “Hey, so here's what this means,” and, “Hey, have we noticed that all of these seem to relate to credentials found in GitHub? You know, maybe there's a pattern here.” So, if you're not yet scanning for secrets in GitHub, I recommend you start scanning for secrets in your GitHub, private and public repos.Corey: Also, it makes sense to look at the history. Because, oh, I committed a secret. I'm going to go ahead and revert that commit and push that. That solves the problem, right?Chris: No, no, it doesn't. Yes, apparently, you can force push and delete an entire commit, but you really want to use a tool that's going to go back through the commit history and dig through it because as we saw in the Uber incident, when—the second Uber incident, the one that led to the CSOs conviction—yeah, the two attackers, [unintelligible 00:14:09] stuffed a Uber employee's personal GitHub account that they were also using for Uber work, and yeah, then they dug through all the source code and dug through the commit histories until they found a set of keys, and that's what they used for the second Uber breach.Corey: Awful when that hits. It's one of those things where it's just… [sigh], one thing leads to another leads to another. And on some level, I'm kind of amazed by the forensics that happen around all of these things. With the counterpoint, it is so… freakishly difficult, I think, for lack of a better term, just to be able to say what happened with any degree of certainty, so I can't help but wonder in those dark nights when the creeping dread starts sinking in, how many things like this happen that we just never hear about because they don't know?Chris: Because they don't turn on CloudTrail. Probably a number of them. Once the data gets out and shows up on the dark web, then people start knocking on doors. You know, Troy Hunt's got a large collection of data breach stuff, and you know, when there's a data breach, people will send him, “Hey, I found these passwords on the dark web,” and he loads them into Have I Been Pwned, and you know, [laugh] then the CSO finds out. So yeah, there's probably a lot of this that happens in the quiet of night, but once it hits the dark web, I think that data starts becoming available and the victimized company finds out.Corey: I am profoundly cynical, in case that was unclear. So, I'm wondering, on some level, what is the likelihood or commonality, I suppose, of people who are fundamentally just viewing security breach response from a perspective of step one, make sure my resume is always up to date. Because we talk about these business continuity plans and these DR approaches, but very often it feels like step one, secure your own mask before assisting others, as they always say on the flight. Where does personal preservation come in? And how does that compare with company preservation?Chris: I think down at the [IaC 00:16:17] level, I don't know of anybody who has not gotten a job because they had Equifax on their resume back in, what, 2017, 2018, right? Yes, the CSO, the CEO, the CIO probably all lost their jobs. And you know, now they're scraping by book deals and speaking engagements.Corey: And these things are always, to be clear, nuanced. It's rare that this is always one person's fault. If you're a one-person company, okay, yeah, it's kind of your fault, let's be clear here, but there are controls and cost controls and audit trails—presumably—for all of these things, so it feels like that's a relatively easy thing to talk around, that it was a process failure, not that one person sucked. “Well, didn't you design and implement the process?” “Yes. But it turned out there were some holes in it and my team reported that those weren't there and it turned out that they were and, well, live and learn.” It feels like that's something that could be talked around.Chris: It's an investment failure. And again, you know, if we go back to Harry Truman, “The buck stops here,” you know, it's the CEO who decides that, hey, we're going to buy a corporate jet rather than buy a [SIIM 00:17:22]. And those are the choices that happen at the top level that define, do you have a capable security team, and more importantly, do you have a capable security culture such that your security team isn't the only ones who are actually thinking about security?Corey: That's, I guess, a fair question. I saw a take on Twitter—which is always a weird thing—or maybe was Blue-ski or somewhere else recently, that if you don't have a C-level executive responsible for security with security in their title, your company does not take security seriously. And I can see that past a certain point of scale, but as a one-person company, do you have a designated CSO?Chris: As a one-person company and as a security company, I sort of do have a designated CSO. I also have, you know, the person who's like, oh, I'm going to not put MFA on the root of this one thing because, while it's an experiment and it's a sandbox and whatever else, but I also know that that's not where I'm going to be putting any customer data, so I can measure and evaluate the risk from both a security perspective and a business existential investment perspective. When you get to the larger the organization, the more detached the CEO gets from the risk and what the company is building and what the company is doing, is where you get into trouble. And lots of companies have C-level somebody who's responsible for security. It's called the CSO, but oftentimes, they report four levels down, or even more, from the chief executive who is actually the one making the investment decisions.Corey: On some level, the oh yeah, that's my responsibility, too, but it feels like it's a trap that falls into. Like, well, the CTO is responsible for security at a publicly traded company. Like, well… that tends to not work anymore, past certain points of scale. Like when I started out independently, yes, I was the CSO. I was also the accountant. I was also the head of marketing. I was also the janitor. There's a bunch of different roles; we all wear different hats at different times.I'm also not a big fan of shaming that oh, yeah. This is a universal truth that applies to every company in existence. That's also where I think Twitter started to go wrong where you would get called out whenever making an observation or witticism or whatnot because there was some vertex case to which it did not necessarily apply and then people would ‘well, actually,' you to death.Chris: Yeah. Well, and I think there's a lot of us in the security community who are in the security one-percenters. We're, “Hey, yes, I'm a cloud security person on a 15-person cloud security team, and here's this awesome thing we're doing.” And then you've got most of the other companies in this country that are probably below the security poverty line. They may or may not have a dedicated security person, they certainly don't have a SIIM, they certainly don't have anybody who's monitoring their endpoints for malware attacks or anything else, and those are the companies that are getting hit all the time with, you know, a lot of this ransomware stuff. Healthcare is particularly vulnerable to that.Corey: When you take a look across the industry, what is it that you're doing now at PrimeHarbor that you feel has been an unmet need in the space? And let me be clear, as of this recording earlier today, we signed a contract with you for a project. There's more to come on that in the future. So, this is me asking you to tell a story, not challenging, like, what do you actually do? This is not a refund request, let's be very clear here. But what's the unmet need that you saw?Chris: I think the unmet need that I see is we don't talk to our builder community. And when I say builder, I mean, developers, DevOps, sysadmins, whatever. AWS likes the term builder and I think it works. We don't talk to our builder community about risk in a way that makes sense to them. So, we can say, “Hey, well, you know, we have this security policy and section 24601 says that all data's classifications must be signed off by the data custodian,” and a developer is going to look at you with their head tilted, and be like, “Huh? What? I just need to get the sprint done.”Whereas if we can articulate the risk—and one of the reasons I wanted to do breaches.cloud was to have that corpus of articulated risk around specific things—I can articulate the risk and say, “Hey, look, you know how easy it is for somebody to go in and enumerate an S3 bucket? And then once they've enumerated and guessed that S3 bucket exists, they list it, and oh, hey, look, now that they've listed it, they know all of the objects and all of the juicy PII that you just made public.” If you demonstrate that to them, then they're going to be like, “Oh, I'm going to add the extra story point to this story to go figure out how to do CloudFront origin access identity.” And now you've solved, you know, one more security thing. And you've done in a way that not just giving a man a fish or closing the bucket for them, but now they know, hey, I should always use origin access identity. This is why I need to do this particular thing.Corey: One of the challenges that I've seen in a variety of different sites that have tried to start cataloging different breaches and other collections of things happening in public is the discoverability or the library management problem. The most obvious example of this is, of course, the AWS console itself, where when it paginates things like, oh, there are 3000 things here, ten at a time, through various pages for it. Like, the marketplace is just a joke of discoverability. How do you wind up separating the stuff that is interesting and notable, rather than, well, this has about three sentences to it because that's all the company would say?Chris: So, I think even the ones where there's three sentences, we may actually go ahead and add it to the repo, or we may just hold it as a draft, so that we know later on when, “Hey, look, here's a federal indictment for Company Three. Oh, hey, look. Company Three was actually this breach announcement that we heard about three months ago,” or even three years ago. So like, you know, Chegg is a great example of, you know, one of those where, hey, you know, there was an incident, and they disclosed something, and then, years later, FTC comes along and starts banging them over the head. And in the FTC documentation, or in the FTC civil complaint, we got all sorts of useful data.Like, not only were they using root API keys, every contractor and employee there was sharing the root API keys, so when they had a contractor who left, it was too hard to change the keys and share it with everybody, so they just didn't do that. The contractor still had the keys, and that was one of the findings from the FTC against Chegg. Similar to that, Cisco didn't turn off contractors' access, and I think—this is pure speculation—I think the poor contractor one day logged into his Google Cloud Shell, cd'ed into a Terraform directory, ran ‘terraform destroy', and rather than destroying what he thought he was destroying, it had the access keys back to Cisco WebEx and took down 400 EC2 instances that made up all of WebEx. These are the kinds of things that I think it's worth capturing because the stories are going to come out over time.Corey: What have you seen in your, I guess, so far, a limited history of curating this that—I guess, first what is it you've learned that you've started seeing as far as patterns go, as far as what warrants inclusion, what doesn't, and of course, once you started launching and going a bit more public with it, I'm curious to hear what the response from companies is going to be.Chris: So, I want to be very careful and clear that if I'm going to name somebody, that we're sourcing something from the criminal justice system, that we're not going to say, “Hey, everybody knows that it was Paige Thompson who was behind it.” No, no, here's the indictment that said it was Paige Thompson that was, you know, indicted for this Capital One sort of thing. All the data that I'm using, it all comes from public sources, it's all sited, so it's not like, hey, some insider said, “Hey, this is what actually happened.” You know? I very much learned from the Ubiquiti case that I don't want to be in the position of Brian Krebs, where it's the attacker themselves who's updating the site and telling us everything that went wrong, when in fact, it's not because they're in fact the perpetrator.Corey: Yeah, there's a lot of lessons to be learned. And fortunately, for what it's s—at least it seems… mostly, that we've moved past the battle days of security researchers getting sued on a whim from large companies for saying embarrassing things about them. Of course, watch me be tempting fate and by the time this publishes, I'll get sued by some company, probably Azure or whatnot, telling me that, “Okay, we've had enough of you saying bad things about our security.” It's like, well, cool, but I also read the complaint before you file because your security is bad. Buh-dum-tss. I'm kidding. I'm kidding. Please don't sue me.Chris: So, you know, whether it's slander or libel, depending on whether you're reading this or hearing it, you know, truth is an actual defense, so I think Microsoft doesn't have a case against you. I think for what we're doing in breaches, you know—and one of the reasons that I'm going to be very clear on anybody who contributes—and just for the record, anybody is welcome to contribute. The GitHub repo that runs breaches.cloud is public and anybody can submit me a pull request and I will take their write-ups of incidents. But whatever it is, it has to be sourced.One of the things that I'm looking to do shortly, is start soliciting sponsorships for breaches so that we can afford to go pull down the PACER documents. Because apparently in this country, while we have a right to a speedy trial, we don't have a right to actually get the court transcripts for less than ten cents a page. And so, part of what we need to do next is download those—and once we've purchased them, we can make them public—download those, make them public, and let everybody see exactly what the transcript was from the Capital One incident, or the Joey Sullivan trial.Corey: You're absolutely right. It drives me nuts that I have to wind up budgeting money for PACER to pull up court records. And at ten cents a page, it hasn't changed in decades, where it's oh, this is the cost of providing that data. It's, I'm not asking someone to walk to the back room and fax it to me. I want to be very clear here. It just feels like it's one of those areas where the technology and government is not caught up and it's—part of the problem is, of course, having no competition.Chris: There is that. And I think I read somewhere that the ent—if you wanted to download the entire PACER, it would be, like, $100 million. Not that you would do that, but you know, it is the moneymaker for the judicial system, and you know, they do need to keep the lights on. Although I guess that's what my taxes are for. But again, yes, they're a monopoly; they can do that.Corey: Wildly frustrating, isn't it?Chris: Yeah [sigh]… yeah, yeah, yeah. Yeah, I think there's a lot of value in the court transcripts. I've held off on publishing the Capital One case because one, well, already there's been a lot of ink spilled on it, and two, I think all the good detail is going to be in the trial transcripts from Paige Thompson's trial.Corey: So, I am curious what your take is on… well, let's called the ‘FTX thing.' I don't even know how to describe it at this point. Is it a breach? Is it just maleficence? Is it 15,000 other things? But I noticed that it's something that breaches.cloud does talk about a bit.Chris: Yeah. So, that one was a fascinating one that came out because as I was starting this project, I heard you know, somebody who was tweeting was like, “Hey, they were storing all of the crypto private keys in AWS Secrets Manager.” And I was like, “Errr?” And so, I went back and I read John J. Ray III's interim report to the creditors.Now, John Ray is the man who was behind the cleaning up of Enron, and his comment was “FTX is the”—“Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy information as occurred here.” And as part of his general, broad write-up, they went into, in-depth, a lot of the FTX AWS practices. Like, we talk about, hey, you know, your company should be multi-account. FTX was worse. They had three or four different companies all operating in the same AWS account.They had their main company, FTX US, Alameda, all of them had crypto keys in Secrets Manager and there was no access control between any of those. And what ended up happening on the day that SBF left and Ray came in as CEO, the $400 million worth of crypto somehow disappeared out of FTX's wallets.Corey: I want to call this out because otherwise, I will get letters from the AWS PR spin doctors. Because on the surface of it, I don't know that there's necessarily a lot wrong with using Secrets Manager as the backing store for private keys. I do that with other things myself. The question is, what other controls are there? You can't just slap it into Secrets Manager and, “Well, my job is done. Let's go to lunch early today.”There are challenges [laugh] around the access levels, there are—around who has access, who can audit these things, and what happens. Because most of the secrets I have in Secrets Manager are not the sort of thing that is, it is now a viable strategy to take that thing and abscond to a country with a non-extradition treaty for the rest of my life, but with private keys and crypto, there kind of is.Chris: That's it. It's like, you know, hey, okay, the RDS database password is one thing, but $400 million in crypto is potentially another thing. Putting it in and Secrets Manager might have been the right answer, too. You get KMS customer-managed keys, you get full auditability with CloudTrail, everything else, but we didn't hear any of that coming out of Ray's report to the creditors. So again, the question is, did they even have CloudTrail turned on? He did explicitly say that FTX had not enabled GuardDuty.Corey: On some level, even if GuardDuty doesn't do anything for you, which in my case, it doesn't, but I want to be clear, you should still enable it anyway because you're going to get dragged when there's inevitable breach because there's always a breach somewhere, and then you get yelled at for not having turned on something that was called GuardDuty. You already sound negligent, just with that sentence alone. Same with Security Hub. Good name on AWS's part if you're trying to drive service adoption. Just by calling it the thing that responsible people would use, you will see adoption, even if people never configure or understand it.Chris: Yeah, and then of course, hey, you had Security Hub turned on, but you ignore the 80,000 findings in it. Why did you ignore those 80,000 findings? I find Security Hub to probably be a little bit too much noise. And it's not Security Hub, it's ‘Compliance Hub.' Everything—and I'm going to have a blog post coming out shortly—on this, everything that Security Hub looks at, it looks at it from a compliance perspective.If you look at all of its scoring, it's not how many things are wrong; it's how many rules you are a hundred percent compliant to. It is not useful for anybody below that AWS security poverty line to really master or to really operationalize.Corey: I really want to thank you for taking the time to catch up with me once again. Although now that I'm the client, I expect I can do this on demand, which is just going to be delightful. If people want to learn more, where can they find you?Chris: So, they can find breaches.cloud at, well https://breaches.cloud. If you're looking for me, I am either on Twitter, still, at @jcfarris, or you can find me and my consulting company, which is www.primeharbor.com.Corey: And we will, of course, put links to all of that in the [show notes 00:33:57]. Thank you so much for taking the time to speak with me. As always, I appreciate it.Chris: Oh, thank you for having me again.Corey: Chris Farris, cloud security nerd at PrimeHarbor. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry, insulting comment that you're also going to use as the storage back-end for your private keys.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

The Cloud Pod
199: All AI Products Agree, Earnings are down

The Cloud Pod

Play Episode Listen Later Feb 18, 2023 52:59


AI Products & Earnings On this episode of The Cloud Pod, the team talks about the announcement of Amazon VPC resource map, Google's new AI product, the new Bing AI-powered search engine, and why multiple accounts are necessary for data centers to carry out work seamlessly in the cloud. A big thanks to this week's sponsor, Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure.  This week's highlights

The Cloud Pod
195: The Cloud Pod can't wait for Azure Ultra Fungible Storage (Premium)!

The Cloud Pod

Play Episode Listen Later Jan 20, 2023 48:49


On The Cloud Pod this week, Amazon announces massive corporate and tech lay offs and S3 Encrypts New Objects By Default, BigQuery multi-statement transactions are now generally available, and Microsoft announces acquisition of Fungible to accelerate datacenter innovation. Thank you to our sponsor, Foghorn Consulting, which provides top notch cloud and DevOps engineers to the world's most innovative companies. Initiatives stalled because you're having trouble hiring? Foghorn can be burning down your DevOps and Cloud backlogs as soon as next week. General News: Amazon to lay off 18,000 corporate and tech workers. [1:11] Episode Highlights ⏰ Amazon S3 Encrypts New Objects By Default. [3:09] ⏰ Announcing the GA of BigQuery multi-statement transactions. [13:04] ⏰ Microsoft announces acquisition of Fungible to accelerate datacenter innovation. [17:14] Top Quote

AWS Morning Brief
Azure: Less a Cloud Than Performance Art

AWS Morning Brief

Play Episode Listen Later Oct 20, 2022 4:52


Links: A walkthrough that takes us on a whirlwind tour of AWS Secrets Manager and the principle of least-privilege.  Azure Arc-enabled Kubernetes privilege escalation vulnerability Datadog has an report out on the The State of AWS Security Simplifying serverless permissions with AWS SAM Connectors  Tool of the week: trailscraper gets signal from noise when it comes to CloudTrail logs. 

Modernize or Die ® Podcast - CFML News Edition
Modernize or Die® - CFML News for January 18th, 2021 - Episode 131

Modernize or Die ® Podcast - CFML News Edition

Play Episode Listen Later Jan 18, 2022 21:41


2022-01-18 Weekly News - Episode 131Watch the video version on YouTube at https://youtu.be/ktlshecpcG0 Hosts: Eric Peterson  - Senior Software Developer for Ortus SolutionsDaniel Garcia - Senior Software Developer for Ortus SolutionsThanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and almost every other Box out there. A few ways  to say thanks back to Ortus Solutions: Like and subscribe to our videos on YouTube.  Subscribe to our Podcast on your Podcast Apps and leave us a review Sign up for a free or paid account on CFCasts, which is releasing new content every week Buy Ortus's Book - 102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips) Patreon SupportWe have 37 patreons providing 97% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. News and EventsUpcoming Ortus Webinar - cbwire + Alpine.js with Grant CopleyJanuary 28, 2022 - 11:00 AM CT - Central Time (US and Canada)In this webinar, Grant, lead developer for cbwire, will showcase how to build modern, reactive CFML apps easily using very little JavaScript.https://www.ortussolutions.com/events/webinars Log4j UpdateBrad Said: I've removed all use of Log4j 1.x in CommandBox/Runwar's core, updating to 2.17.1 which will ship in our next release.  Please note, Lucee and Adobe CF are still bundling Log4j 1.x in their products, which affect CF engines and the core CLI. #CFML #ColdFusionZac said: Lucee 5.3.9.32-SNAPSHOT uses log4j2 with log4j1 completely removed Adobe WorkshopsMore Adobe #ColdFusion Workshops announced, lead by Damien Bruyndonckx2 dates announced:February 2, 20229.00 AM - 4.30 PM CET (Central European Time)1.30 PM - 9.00 PM IST (Indian Standard Time)March 09, 20229.00 AM - 4.30 PM CET (Central European Time)1.30 PM - 9.00 PM IST (Indian Standard Time)https://cf-workshop.meetus.adobeevents.com/ CFCasts Content Updateshttps://www.cfcasts.com Just ReleasedSoapBox - ColdBox Anniversary Edition with Luis Majano and Jorge Reyes https://www.cfcasts.com/series/modernize-or-die-podcast-soapbox-edition-with-luis-majano/videos/coldbox-anniversary-edition-with-luis-majano   Coming soonInto the Box LATAMSend your suggestions at https://cfcasts.com/supportConferences and TrainingVueJS Nation ConferenceOnline Live EventJanuary 26th & 27th 2022Register for Freehttps://vuejsnation.com/ More conferencesNeed more conferences, this site has a huge list of conferences for almost any language/community.https://confs.tech/Blogs, Tweets and Videos of the WeekBlog - Nolan Erck - ColdFusion Summit 2021 RecapLast month was the ColdFusion Summit 2021 Conference. Like many events lately this one was virtual (as opposed to the usual meetup in Vegas) but I'd say this was still worth attending for anyone near the CFML space.https://southofshasta.com/blog/coldfusion-summit-2021-recap/ https://coldfusion.adobe.com/2021/12/viewing-coldfusion-summit-2021-recordings/Blog - Matthew Clemente - Retrieving Database Credentials from AWS Secrets Manager with CFMLAs a quick follow-up to my last post about storing database credentials in AWS Secrets Manager, I wanted to walk through retrieving them using CFML, so you can actually use them in your application.https://blog.mattclemente.com/2022/01/17/connecting-to-aws-secrets-manager-cfml/Blog - Adam Cameron - If your company (or yourself) makes money using Lucee… you should throw them a boneA few weeks back, right in the thick of the crap about all these Log4J vulnerabilities, I was talking to a few people about the necessity and the effort involved in Lucee getting their situation sorted out, vis-a-vis dealing with outdated library dependencies they had. They were lucky to be safe from the Log4J thing… but only serendipitously-so because they'd not been able to prioritise moving off a really old version of Log4J (which didn't have the problematic code in it yet). They just didn't have the resources to do anything about it, when considering all the rest of the work that kept coming in. The crux of it was that they can only afford so much paid-for dev time, which means tough decisions need to be made when it comes to deciding on what to work on.To their credit, they've now removed the old version of Log4J from the current version of Lucee 5.x, as well as in the upcoming 6.x, replacing it with the fully-patched current version.https://blog.adamcameron.me/2022/01/if-your-company-or-your-self-makes.html Blog - Wil De Bruin - LogBox: Basic Concepts and ConfigurationAs mentioned in my previous post it might be a bit overwhelming when you want to start logging with coldbox. In this post I will show you how to add simple logging capabilities to a coldbox application.https://shiftinsert.nl/logbox-basic-concepts-and-configuration/CFML JobsSeveral positions available on https://www.getcfmljobs.com/Listing over 24 ColdFusion positions from 16 companies across 16 locations in 5 Countries since Nov 25, 20214 new jobs listedFull-Time - Software Developer - ColdFusion at Overland Park, KS - United States Jan 18https://www.getcfmljobs.com/jobs/index.cfm/united-states/Software-Developer-ColdFusion-at-Overland-Park-KS/11411Full-Time - Senior Coldfusion Developer |LATAM| at Colon, PA - United States Jan 15https://www.getcfmljobs.com/jobs/index.cfm/united-states/Senior-Coldfusion-Developer-LATAM-at-Colon-PA/11410Full-Time - Coldfusion Developer at Maryland - United States Jan 14https://www.getcfmljobs.com/jobs/index.cfm/united-states/Coldfusion-Developer-at-Maryland/11409Full-Time - Senior Application Developer UK at Remote - United Kingdom Jan 12https://www.getcfmljobs.com/jobs/index.cfm/united-states/SrAppDeveloper-Remote-UK/11408 Other Job LinksThere is a job posting for a Senior Application Developer at Kemper and I know they are looking for a few people.https://careers.kemper.com/global/en/job/R-21-0017694/Senior-Application-Developerhttps://www.venntro.com/careers ForgeBox Module of the WeekCBValidationThis module is a server side rules validation engine that can provide you with a unified approach to object, struct and form validation. You can construct validation constraint rules and then tell the engine to validate them accordingly.box install cbvalidationLast Update: January 12, 2022 11:01 AM | Downloads: 7,841 | Installs: 304,311 | Views: 10,886 | Versions: 42 https://www.forgebox.io/view/cbvalidationVS Code Hint Tips and Tricks of the WeekMarkdownlintIn a way, markdown is the new HTML. However, it can be cumbersome to deal with when your markdown misses a *, #, or space somewhere. markdownlint deals with formatting inconsistencies that come with writing markdown. It also helps you learn correct markdown by alerting you if you are violating markdown rules.https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint Thank you to all of our Patreon SupportersThese individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox,  ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox. You can support us on Patreon here https://www.patreon.com/ortussolutions Now offering Annual Memberships, pay for the year and save 10% - great for businesses. Bronze Packages and up, now get a ForgeBox Pro and CFCasts subscriptions as a perk for their Patreon Subscription. All Patreon supporters have a Profile badge on the Community Website All Patreon supporters have their own Private Forum access on the Community Website https://community.ortussolutions.com/ PatreonsJohn Wilson - Synaptrix Eric HoffmanGary KnightMario RodriguesGiancarlo GomezDavid Belanger Jonathan PerretJeffry McGee - Sunstar Media6Dean MaunderJoseph Lamoree Don BellamyJan Jannek Laksma Tirtohadi Carl Von StettenDan CardJeremy AdamsJordan ClarkMatthew ClementeDaniel GarciaScott Steinbeck - Agri Tracking SystemsBen NadelMingo HagenBrett DeLineKai KoenigCharlie ArehartJonas ErikssonJason DaigerJeff McClainShawn OdenMatthew DarbyRoss PhillipsEdgardo CabezasPatrick FlynnStephany MongeKevin WrightSteven KlotzYou can see an up to date list of all sponsors on Ortus Solutions' Websitehttps://ortussolutions.com/about-us/sponsors Endnote: It's not Forte, IT'S “FORT” ;-)https://youtu.be/xc6cfJztR8A?t=205★ Support this podcast on Patreon ★

Java Pub House
Episode 99. SHHH! It's a secret! (Storing API Keys / Passwords / tokens!)

Java Pub House

Play Episode Listen Later Jan 1, 2022 78:39


Ok, so is time to talk about something secretive! Like API Passwords, Auth tokens, or keys... these are things that we want to have as a Secret within our microservice. And yeah, adding them into your source code is a big no-no Here we cover the dos (and dont's) of secret management, what are the benefits and drawbacks of the different solutions and we explore some of our favorite open source (and Cloud tools) for keeping secrets. We answer some important questions on how to effectively store and manage these secrets (the short answer is don't try to do it yourself!), and end up with the list of best practices for it. If you are building a non-trivial (or interesting) web service, this is a must-listen episode! http://www.javapubhouse.com/datadog We thank DataDogHQ for sponsoring this podcast episode Don't forget to SUBSCRIBE to our cool NewsCast OffHeap! http://www.javaoffheap.com/ Language Features Using AWS Secrets Manager to manage secrets in Spring Boot https://raymondhlee.wordpress.com/2019/10/11/using-aws-secrets-manager-to-manage-secrets-in-spring-boot-applications/ AWS Secrets Manager https://aws.amazon.com/secrets-manager/ Spring Cloud AWS https://cloud.spring.io/spring-cloud-aws/reference/html/ Sourcegear Vault https://www.sourcegear.com/vault/ Do you like the episodes? Want more? Help us out! Buy us a beer! https://www.javapubhouse.com/beer And Follow us! https://www.twitter.com/javapubhouse  

The Cloud Pod
142: The Cloud Pod spends the Weekend at the Google Data Lakehouse

The Cloud Pod

Play Episode Listen Later Nov 13, 2021 72:59


On The Cloud Pod this week, the team wishes for time-traveling data. Also, GCP announces Data Lakehouse, Azure hosts Ignite 2021, and Microsoft is out for the metaverse.  A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. JumpCloud, which offers a complete platform for identity, access, and device management — no matter where your users and devices are located.  This week's highlights

Melbourne AWS User Group
What's New in March 2021

Melbourne AWS User Group

Play Episode Listen Later May 2, 2021 73:39


Severely delayed once again, but Arjen, Jean-Manuel, and Guy did discuss the news of March once again. An episode full of good names, bad names, and complaints about services while there was also plenty to love. So, a fairly typical month. News Finally in Sydney AWS Snowcone is now available in the AWS Asia Pacific (Sydney) Region in Australia AWS Client VPN announces expanded presence inside six AWS Regions Amazon EMR on EKS is now available in US West (N. California), US East (Ohio), Canada (Central), EU (Frankfurt and London), Asia Pacific (Mumbai, Seoul, Singapore, Sydney, and Tokyo) regions Amazon EC2 D3 instances with dense local HDD storage now available in Asia Pacific (Singapore, Sydney and Tokyo), and Europe (Frankfurt) regions Get to know the first new AWS Heroes of 2021! | AWS News Blog(Community Hero Zainab Maleki from Perth) Serverless Lambda Introducing Amazon S3 Object Lambda – Use Your Code to Process Data as It Is Being Retrieved from S3 | AWS News Blog The AWS Lambda console now features a new navigation design AWS Lambda adds four Trusted Advisor checks Step Functions AWS Step Functions adds tooling support for YAML Announcing AWS Step Functions' integration with Amazon EMR on EKS EventBridge Amazon EventBridge introduces support for API Destinations Containers ECS Amazon ECS now allows you to execute commands in a container running on Amazon EC2 or AWS Fargate AWS - Session Manager and ECS Exec | ig.nore.me AWS Copilot launches v1.4 with support for ECS exec and more EKS Amazon EKS reduces control plane creation time for EKS clusters by 40% Amazon EKS now supports adding KMS envelope encryption to existing clusters to enhance security for secrets Amazon EKS now supports creation and management of add-ons using AWS CloudFormation Amazon EKS now supports P4d instances Amazon EKS now supports Elastic Fabric Adapter Amazon EFS CSI driver now supports dynamic provisioning Other AWS Cloud Map now supports API-only services in namespaces configured with DNS resolution Red Hat OpenShift Service on AWS Now GA | AWS News Blog EC2 & VPC EC2 Troubleshoot Boot and Networking Issues with New EC2 Serial Console | AWS News Blog Announcing new Amazon EC2 X2gd instances powered by AWS Graviton2 processors Amazon EC2 Auto Scaling adds support for local time zones for scheduled scaling Amazon EC2 Auto Scaling Instance Refresh now supports phased deployments Amazon EMR now supports Amazon EC2 Instance Metadata Service v2 VPC Amazon VPC Flow Logs now reflects AWS Service name, Traffic Path and Flow Direction Amazon Timestream now supports Amazon VPC endpoints Dev & Ops CICD AWS CodePipeline now supports 1000 pipelines per account AWS Proton now supports services without pipelines AWS Proton introduces deletion protection for in-use templates AWS Proton makes new fields available for Jinja parametrization Systems Manager AWS Systems Manager OpsCenter now displays an aggregated view of all operational issues for a specified resource AWS Systems Manager Change Manager now supports multi-level approvals Other Now available AWS SSO credential profile support in the AWS Toolkit for VS Code Amazon EventBridge now supports propagation of X-Ray trace context Announcing Kotlin-centric developer experience in Amplify Android Announcing the General Availability of Amazon Corretto 16 AWS announces Developer Preview release of opinionated deployment tool for .NET CLI Security Security Hub AWS Security Hub adds 25 new controls to its Foundational Security Best Practices standard AWS Security Hub integrates with Amazon Macie to automatically ingest sensitive data findings for improved centralized security posture management Config AWS Config Adds 3 New Config Rules for Amazon Secrets Manager AWS Config adds pagination support for advanced queries that contain aggregate functions WAF AWS Shield Advanced now supports resource tagging AWS WAF adds support for Custom Responses AWS WAF adds support for Request Header Insertion Other AWS CloudTrail Adds Logging of Data Events for Amazon DynamoDB AWS Certificate Manager now provides certificate expiry monitoring through Amazon CloudWatch AWS Secrets Manager now provides support to replicate secrets in AWS Secrets Manager to multiple AWS Regions IAM Access Analyzer Update – Policy Validation | AWS News Blog New AWS SSO gallery app simplifies Azure AD set-up with AWS AWS Audit Manager now supports CIS AWS Foundations Benchmark v1.3.0, Level 1 and 2 as a new standard framework Data Storage & Processing S3 Amazon S3 Glacier Price Reduction | AWS News Blog AWS CloudFormation now supports Amazon S3 on Outposts Databases Achieve up to 35% better price/performance with Amazon Aurora using new Graviton2 instances Amazon Aurora PostgreSQL-Compatible edition supports simultaneous authentication with both Microsoft Active Directory (AD) and AWS Identity and Access Management (IAM) AWS Backup adds support for continuous backup and point-in-time recovery of Amazon RDS instances Amazon RDS for PostgreSQL supports managed disaster recovery (DR) with Cross-Region Automated Backups Amazon RDS for MySQL now supports rollback protection for database major version upgrades Amazon RDS Proxy adds read-only endpoints for Amazon Aurora Replicas Amazon RDS Proxy now supports database connectivity from multiple Amazon VPCs Announcing General Availability of Amazon Redshift Cross-database queries Announcing General Availability of Amazon Redshift Data Sharing Amazon DocumentDB (with MongoDB compatibility) now supports Event Subscriptions Other New – Lower Cost Storage Classes for Amazon Elastic File System | AWS News Blog Amazon Elasticsearch Service announces Auto-Tune feature for improved performance and application availability Amazon Elasticsearch Service now publishes events to Amazon CloudWatch and Amazon EventBridge for service software updates AWS Glue Studio now supports transforms defined in SQL AWS Backup adds support for bulk deletion of recovery points AWS Data Exchange providers can now copy product metadata from their existing products to a new product AI & ML SageMaker Announcing support for multiple containers on Amazon SageMaker Inference endpoints, leading to cost savings of up to 80% Leverage state of the art Natural Language Processing with Hugging Face and Amazon SageMaker Amazon SageMaker now supports private Docker registry authentication Amazon SageMaker Autopilot adds Model Explainability Other Detect anomalies in your metrics, and diagnose issues quickly with Amazon Lookout for Metrics – now generally available Announcing General Availability of AWS IoT Device Defender ML Detect Introducing a new API allowing you to stop in-progress workflows in Amazon Forecast Amazon Transcribe supports word-level confidence scores for streaming transcription Other Cool Stuff Regions AWS Asia Pacific (Osaka) Region Now Open to All, with Three AZs and More Services | AWS News Blog Connect Amazon Connect Customer Profiles now supports data sources from Amazon S3 Amazon Connect now supports 15 minute intervals for historical metric reporting Amazon Connect now provides an out-of-the-box chat user interface for your website Other Services/Features AWS Fault Injection Simulator – Use Controlled Experiments to Boost Resilience | AWS News Blog Announcing General Availability of Ethereum on Amazon Managed Blockchain Bundle Management APIs now generally available for Amazon WorkSpaces AWS announces General Availability of Amazon GameLift Queue notifications The Nanos AWS Fargate updates platform version 1.4.0 to be the LATEST version(Arjen) AWS Client VPN announces expanded presence inside six AWS Regions(Jean-Manuel) Sponsors Gold Sponsor Innablr Silver Sponsors AC3 CMD Solutions DoIT International

サーバーワークスが送るAWS情報番組「さばラジ!」
【毎日AWS #190】 AWS Secrets ManagerがKubernetesのSecrets StoreCSIドライバーのプラグインを提供開始 他5件 #サバワ

サーバーワークスが送るAWS情報番組「さばラジ!」

Play Episode Listen Later Apr 27, 2021 7:35


最新情報を "ながら" でキャッチアップ! ラジオ感覚放送 「毎日AWS」 おはようございます、水曜日担当の福島です。 今日は 4/27 に出たアップデートをピックアップしてご紹介 感想は Twitter にて「#サバワ」をつけて投稿してください! ■ トークスクリプト https://blog.serverworks.co.jp/aws-update-2021-04-27 ■ UPDATE PICKUP AWS Secrets ManagerがKubernetesのSecrets StoreCSIドライバーのプラグインを提供開始 Amazon SNSは、メッセージフィルタリングで利用できる演算子を追加 AWS Glue Studioは、データシンク機能を提供開始 PostgreSQL互換のAmazon Auroraのパッチが追加 AWS ControlTower用のサードパーティ製品の一覧を確認できるように AWS TransitGatewayが大阪リージョンで利用可能に ■ サーバーワークスSNS Twitter / Facebook ■ サーバーワークスブログ サーバーワークスエンジニアブログ

aws kubernetes aws secrets manager
サーバーワークスが送るAWS情報番組「さばラジ!」
【毎日AWS #153】 AWS Network Firewall が東京を含む複数リージョンで利用可能に 他7件 #サバワ

サーバーワークスが送るAWS情報番組「さばラジ!」

Play Episode Listen Later Mar 7, 2021 10:48


最新情報を "ながら" でキャッチアップ! ラジオ感覚放送 「毎日AWS」 おはようございます、月曜日担当パーソナリティの加藤です。 今日は 3/5 に出たアップデートをピックアップしてご紹介。 感想は Twitter にて「#サバワ」をつけて投稿してください! ■ アンケートのご協力お願いします! https://forms.gle/tapCvDfCbjXHjSMf8 ■ UPDATE PICKUP AWS Network Firewall が東京を含む複数リージョンで利用可能に Amazon EventBridge で任意のデータ送信先を定義できるように Amazon EC2 P4d インスタンスが東京リージョンで利用可能に Amazon EMR on Amazon EKS が東京リージョンで利用可能に AWS Secrets Manager がシークレットを複数リージョンに複製できるように AWS Systems Manager Change Managerで承認の順次リクエスト機能をサポート ソリューション実装 Serverless Bot Framework を更新 AWS Step Functions がステートマシン定義の YAML サポートを追加 ■ サーバーワークスSNS Twitter / Facebook ■ サーバーワークスブログ サーバーワークスエンジニアブログ

network aws firewalls yaml amazon eks aws secrets manager amazon emr
サーバーワークスが送るAWS情報番組「さばラジ!」
【毎日AWS #127】Amazon SageMaker Autopilot が Deep Learning に対応 他7件 #サバワ

サーバーワークスが送るAWS情報番組「さばラジ!」

Play Episode Listen Later Dec 21, 2020 8:04


最新情報を "ながら" でキャッチアップ! ラジオ感覚放送 「毎日AWS」 おはようございます、サーバーワークスの加藤です。 今日は 12/18 に出たアップデートをピックアップしてご紹介。 感想は Twitter にて「#サバワ」をつけて投稿してください! ■ UPDATE PICKUP Amazon SageMaker Autopilot が Deep Learning モデルを追加 AWS Data Exchange のコンソールが AWS Glue DataBrew と統合 Amazon Chime が Echo Show 8 を使ったミーティング参加に対応 Amazon AppFlow が認証情報をカスタマー管理の AWS Secrets Manager に保存できるように 分散負荷テスト v1.2 をリリース Amazon AMI の最大同時コピー数が対象リージョンごと100に増加 Amazon EC2 C6gn が一般利用可能に AWS Lambda が Amazon MSK の SASL/SCRAM認証をサポート ■ サーバーワークスSNS Twitter / Facebook ■ サーバーワークスブログ サーバーワークスエンジニアブログ

サーバーワークスが送るAWS情報番組「さばラジ!」
【毎日AWS #110】新しいワークフローサービス AWS Managed Workflow for Apache Airflows が登場 他14件 #サバワ

サーバーワークスが送るAWS情報番組「さばラジ!」

Play Episode Listen Later Nov 26, 2020 13:08


※配信プラットフォームが停止しており配信開始遅れました、、、! 最新情報を "ながら" でキャッチアップ! ラジオ感覚放送 「毎日AWS!」 おはようございます、サーバーワークスの加藤です。 今日は 11/24 に出たアップデート15件をご紹介。 感想は Twitter にて「#サバワ」をつけて投稿してください! ■ UPDATE ラインナップ Amazon Managed Workflows for Apache Airflow が登場 Amazon CloudWatch Application Insights が自動アプリケーション検出をサポート Amazon Braket が手動キュービット割当をサポート Amazon CloudWatch Synthetics が Python と Selenium に対応 Amazon Elasticsearch Service が Elasticsearch のバージョン 7.9 に対応 Amazon Elasticsearch Service が Remote Reindex をサポート AWS Storage Gateway Tape Gateway が IBM Spectrum Protect 8.1.10 をサポート AWS Lambda が Advanced Vector Extensiosn 2 をサポート AWS Lambda が Amazon SQS のバッチ処理の待機に対応 Amazon FSx for Lustre がファイルシステムストレージの拡張に対応 AWS Glue がワークロードパーティショニングをサポート AWS Secrets Manager が 秒間リクエスト数を 5000 に拡張 Amazon Comprehend Events を発表 Amazon ECS Cluster Auto Scaling がより応答性の高いスケーリングを提供 Amazon RDS for SQL Server がビジネスインテリジェンススイートをサポート ■ サーバーワークスSNS Twitter / Facebook ■ サーバーワークスブログ サーバーワークスエンジニアブログ

Melbourne AWS User Group
What's New in July 2020

Melbourne AWS User Group

Play Episode Listen Later Aug 17, 2020 56:21


July was a busy month with many (small) releases, and even an announcement about re:Invent! So it's up to Arjen, Jean-Manuel, and Guy to try to make sense of it all. The News Finally in Sydney AWS IoT Analytics is now available in the Sydney AWS Region AWS Snowball Edge Compute Optimized is now available in 11 additional AWS Regions AWS Secrets Manager has been IRAP assessed and accepted for PROTECTED level Serverless Amazon RDS Proxy – Now Generally Available | AWS News Blog Announcing AWS Serverless Application Model (SAM) CLI now generally available for production use Amplify CLI adds support for Lambda layers to easily share code  assets across Lambda functions Amazon Athena adds support for Partition Projection Containers AWS App2Container – A New Containerizing Tool for Java and .NET Applications | AWS News Blog Amazon ECS announces AWS Copilot, a new CLI to deploy and operate containers in AWS Docker and AWS collaborate to help deploy applications to Amazon ECS on AWS Fargate Amazon EKS now supports Kubernetes version 1.17 AWS App Mesh launches ingress support with virtual gateways Introducing Ingress support in AWS App Mesh | Containers (detailed blogpost) Amazon EFS CSI Driver is now generally available Amazon ECS announces increased service quotas Fluent bit container logs to Elastcsearch ECR now supports encryption of images using AWS KMS keys EC2 & VPC Kernel Live Patching for Amazon Linux 2 is now generally available Introducing EC2 Launch v2 to simplify customizing Windows instances AWS Transit Gateway now supports more granular CloudWatch Metrics for improved network monitoring EC2 Image Builder can now produce and distribute encrypted AMIs EC2 Image Builder can now stream logs to CloudWatch Announcing Amazon CloudWatch metrics for Amazon EC2 On-Demand Capacity Reservations AWS Global Accelerator launches One-Click Acceleration for Application Load Balancers Amazon VPC Resources Now Support Tag on Create New – Amazon EC2 Instances based on AWS Graviton2 with local NVMe-based SSD storage | AWS News Blog Amazon Lightsail now offers cPanel  WHM instance blueprint AWS Cloud Map simplifies Amazon EC2 instance registration Dev & Ops Find Your Most Expensive Lines of Code – Amazon CodeGuru Is Now Generally Available | AWS News Blog Announcing the Porting Assistant for .NET | AWS News Blog AWS CodeDeploy now enables automated installation and scheduled updates of the CodeDeploy Agent Announcing CDK Pipelines Preview, continuous delivery for AWS CDK applications CDK Pipelines: Continuous delivery for AWS CDK applications | AWS Developer Blog (detailed blogpost) CDK for Terraform: Enabling Python & TypeScript Support AWS CodeBuild now supports accessing Build Environments with AWS Session Manager AWS CodeBuild supports code coverage reporting AWS CodeBuild now supports parallel and coordinated executions of a build project Amazon S3 features now available in the AWS Toolkits for Visual Studio Code Security Amazon Fraud Detector is now Generally Available | AWS News Blog Easily manage your content policies for AI services with AWS Organizations AWS Firewall Manager launches managed rules to audit VPC security groups AWS WAF Security Automations now supports WAFv2 API AWS Config Launches 28 Additional Managed rules   AWS Secrets Manager now enables you to attach resource-based policies to secrets from the AWS Secrets Manager console and uses Zelkova to validate these policies Identify, arrange, and manage secrets easily using enhanced search in AWS Secrets Manager Amazon CloudFront announces new TLS1.2 security policy for viewer connections Amazon Detective enhances VPC flow visibility Now gain longer access to your AWS resources when switching roles in the AWS Management Console Amazon MQ Adds Support for LDAP Authentication And Authorization AWS Security Hub launches new automated security controls AWS Firewall Manager now supports centralized logging of AWS WAF logs Storage & Databases Amazon Elastic File System increases file system minimum throughput Amazon DocumentDB (with MongoDB compatibility) now supports T3 medium instances AWS Storage Gateway simplifies cache management for File Gateway AWS Storage Gateway increases local cache storage by 4x for File Gateway Amazon RDS Application Programming Interface supports AWS PrivateLink Amazon Keyspaces now enables you to back up your table data continuously by using point-in-time-recovery (PITR) Create Snapshots From Any Block Storage Using EBS Direct APIs | AWS News Blog Amazon DocumentDB (with MongoDB compatibility) adds support for cross-region snapshot copy Announcing automatic backups for Amazon Elastic File System New Amazon Elastic File System console simplifies file system creation and management Amazon EBS Fast Snapshot Restore for Shared EBS Snapshots | AWS News Blog Amazon Elastic File System increases per-client throughput by 100% Amazon Elasticsearch Service now supports Learning to Rank to improve search relevancy ranking AWS DataSync adds support for on-premises object storage | AWS News Blog HTTP compression support now available in Amazon Elasticsearch Service Amazon RDS for SQL Server lowers the cost for High Availability DB Instances AWS Database Migration Service now supports enhanced premigration assessments Amazon Kinesis Data Firehose now supports data delivery to New Relic, Datadog, HTTP endpoints, and MongoDB Cloud AI & ML AWS DeepRacer Evo and Sensor Kit now available for purchase Amazon Comprehend Medical adds relationship extraction to medical condition Amazon Personalize adds improved handling of missing metadata Amazon EMR now supports encrypting log files using Customer-managed CMKs in AWS Key Management Service (KMS) Amazon Forecast now supports generating predictions for 10X more items Amazon EMR now supports Managed Scaling – automatically resizing clusters to lower cost New – Label Videos with Amazon SageMaker Ground Truth | AWS News Blog Announcing AWS PrivateLink Support for Amazon Kendra AWS RoboMaker releases rosbag upload cloud extension for Robot Operating System (ROS)  Amazon Comprehend launches real time Custom Entity Recognition Amazon Forecast now supports resource tagging Amazon EMR now supports Amazon EC2 G4 Instances which provides up to 4.5X faster and 5.4X cheaper XGBoost Training Amazon SageMaker Ground Truth and Amazon Augmented AI add support for OpenID Connect (OIDC) authentication of private workers Amazon Translate now supports Office documents | AWS News Blog Other cool stuff New – Create Amazon RDS DB Instances on AWS Outposts | AWS News Blog Announcing the New AWS Community Builders Program! | AWS News Blog AWS IoT SiteWise – Now Generally Available | AWS News Blog Amazon Interactive Video Service – Add Live Video to Your Apps and Websites | AWS News Blog Contact Lens for Amazon Connect is now generally available Recording of the Connect/Contact Lens talk by Rian Brooks-Kane at the User Group (starts around 50 minutes) AWS IoT Core now supports multiple shadows for a single IoT device Amazon Connect allows you to continue engaging with your customer after an agent hangs-up Amazon Chime SDK supports audio and video calling from mobile browsers AWS Marketplace now offers integrated third-party software solutions for AWS Control Tower Updates to the AWS Well-Architected Framework and the AWS Well-Architected Tool Amazon Connect adds call recording APIs Introducing AWS Purchase Order Management (Preview)   Sponsors Gold Sponsor Innablr Silver Sponsors AC3 CMD Solutions DoIT International

サーバーワークスが送るAWS情報番組「さばラジ!」
【毎日AWS #019】認証情報のアクセス元を制御 AWS Secrets Manager でリソースベースポリシーが設定可能に 他11件

サーバーワークスが送るAWS情報番組「さばラジ!」

Play Episode Listen Later Jul 13, 2020 15:12


最新情報を "ながら" でキャッチアップ! ラジオ感覚放送 「毎日AWS!」 おはようございます、サーバーワークスの加藤です。 今日は 7/10 に出た12件のアップデートをご紹介。 感想は Twitter にて「#サバワ」をつけて投稿してください! ■ UPDATE ラインナップ AWS Secrets Manager がリソースベースのアクセスポリシーをシークレットに設定できるように AWS Secrets Manager の検索機能が強化 Amazon RDS for Oracle が Oracle Spatial をサポート Amazon AppFlow がフローのステータスを通知できるように AWS Launch Wizard for SAP がアップデート - Route53 との統合とプロキシ機能の追加を発表 EC2 Image Builder が AWS CloudWatch にログを流すように AWS CloudFormation で管理できるリソースに Amazon Athena のデータカタログが追加 AWS Managed Services が Oracle Linux 7.5 および以降のマイナーバージョンをサポート Amazon QuickSight の SPICE エンジンが最大2億5000万行のデータをサポートするように AWS Config と AWS Systems Manager が統合 - SSM 管理のインスタンス上のファイル変更をトラッキングできるように AWS Service Catalog で Provisioned product outputs を利用可能に Amazon DocumentDB でクロスリージョンスナップショットコピーがサポート ■ サーバーワークスSNS Twitter / Facebook ■ サーバーワークスブログ サーバーワークスエンジニアブログ

aws amazon athena aws secrets manager amazon documentdb
Melbourne AWS User Group
What's New in April 2020

Melbourne AWS User Group

Play Episode Listen Later May 5, 2020 46:11


A month passed before we could blink, and once again Arjen is joined by Jean-Manuel and Guy to discuss the highlights of the April announcements. Co-starring interrupted chatbots and terrifying music. The News Finally in Sydney Sellers, consulting partners, and data providers from Australia and New Zealand now available in AWS Marketplace and AWS Data Exchange AWS Ground Station is now available in the Asia Pacific (Sydney) Region in Australia AWS Transit Gateway now Supports Inter-Region Peering in 11 additional regions EKS Adds Fargate Support in Frankfurt, Oregon, Singapore, and Sydney AWS Regions Amazon Aurora with PostgreSQL Compatibility for PostgreSQL 11 is available in all commercial AWS Regions Serverless Amazon RDS Proxy with PostgreSQL Compatibility (Preview) (not in Sydney) Exporting HTTP APIs as OpenAPI 3.0 Now Supported by Amazon API Gateway AWS Lambda now supports .NET Core 3.1 The AWS Toolkit for Visual Studio Code now supports AWS Step Functions Amplify CLI adds support for additional Lambda runtimes (Java, Go, .NET and Python) and Lambda cron jobs AWS X-Ray SDK for Go is now generally available Containers Amazon ECS and AWS Fargate support for Amazon EFS File Systems now generally available AWS App Mesh adds support to connect services deployed in multiple AWS accounts into a shared mesh Amazon EKS Now Supports Service-Linked Roles Amazon EKS managed node groups allow fully private cluster networking Databases Amazon Keyspaces (for Apache Cassandra) is now generally available Amazon RDS Now Supports PostgreSQL 12 Amazon RDS now supports MariaDB 10.4 AWS Database Migration Service now supports replicating data to Apache Kafka streaming platform (Keyspaces) Amazon Neptune now supports the T3.medium instance type Dev & Ops AWS Chatbot Now Generally Available Receive Notifications for AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy, and AWS CodePipeline in Slack EC2 Image Builder adds support for Ubuntu, RHEL, CentOS, and SLES Amazon CloudWatch Synthetics is now generally available Amazon CloudWatch Synthetics now supports monitoring private endpoints in a VPC Security Amazon Detective is now generally available Review and remediate unintended access allowed on your AWS resources from outside your AWS organization Amazon Cognito Identity Pools now supports Sign in with Apple Track changes to secrets stored in AWS Secrets Manager using AWS Config and AWS Config Rules AWS Security Hub launches the Foundational Security Best Practices standard VPC & EC2 Amazon Elastic File System announces 400% increase in read operations for General Purpose mode file systems AWS Elastic Beanstalk Launches support for AWS PrivateLink AWS Elastic Beanstalk adds API support for listing platform branches AWS Elastic Beanstalk Announces General Availability of Amazon Linux 2 Based Docker, Corretto, and Python Platforms New AWS Elastic Beanstalk console now available AI & ML AWS DeepComposer is now generally available Introducing Amazon Augmented AI (A2I) for human reviews of machine learning predictions Introducing TorchServe: a PyTorch model serving framework Amazon Transcribe Medical now supports batch transcription of medical audio files Amazon Personalize now provides scores for recommended items Other Cool Stuff You can now use AWS Control Tower to set up new multi-account AWS environments in AWS Organizations Announcing the new AWS Africa (Cape Town) Region AWS Canada (Central) Region Adds Third Availability Zone Introducing AWS Cost Categories Amazon CloudWatch Contributor Insights is now generally available Introducing the AWS Transfer Family with fully managed support for SFTP, FTPS, and FTP Announcing general availability of Amazon Pinpoint Custom Channels Amazon Kinesis Data Firehose adds support for streaming data delivery to an Amazon Elasticsearch Service domain in an Amazon Virtual Private Cloud (VPC) AWS IQ waives fees until June 30, 2020 Amazon Connect adds custom terminating keypress for DTMF Amazon Connect now enables customers to interrupt Amazon Lex Chatbots Introducing Amazon Chime Proxy Phone Sessions AWS Snowball Edge Storage Optimized now delivers 25% faster data transfer performance AWS Snowball adds task automation with AWS Systems Manager AWS Snowball now supports local AWS IAM Introducing AWS OpsHub for Snow Family, a graphical user interface to manage AWS Snowball devices Other links AWS DeepComposer - Oasis - Wonderwall - Experiment #001 by The Dirk I Think Breath Noise is an Interesting One | Ambassador Lounge Podcast Episode #4 AWS Inside the Region | ig.nore.me  Sponsors Gold Sponsor Innablr Silver Sponsors AC3 CMD Solutions

Mobycast
Automate all the things - Updating container secrets using CloudWatch Events + Lambda

Mobycast

Play Episode Listen Later Mar 4, 2020 68:15


In this episode, we cover the following topics: Developing a system for automatically updating containers when secrets are updated is a two-part solution. First, we need to be notified when secrets are updated. Then, we need to trigger an action to update the ECS service. CloudWatch Events can be used to receive notifications when secrets are updated. We explain CloudWatch Events and its primary components: events, rules and targets. Event patterns are used to filter for the specific events that the rule cares about. We discuss how to write event patterns and the rules of matching events. The event data structure will be different for each type of emitter. We detail a handy tip for determining the event structure of an emitter. We discuss EventBridge and how it relates to CloudWatch Events. We explain how to create CloudWatch Event rules for capturing update events emitted by both Systems Manager Parameter Store and AWS Secrets Manager. AWS Lambda can be leveraged as a trigger of CloudWatch Events. We explain how to develop a Lambda function that invokes the ECS API to recycle all containers. We finish up by showing how this works for a common use case: using the automatic credential rotation feature of AWS Secrets Manager with a containerized app running on ECS that connects to a RDS database. Detailed Show NotesWant the complete episode outline with detailed notes? Sign up here: https://mobycast.fm/show-notes/Support Mobycasthttps://glow.fm/mobycastEnd SongNight Sea Journey by Derek RussoMore InfoFor a full transcription of this episode, please visit the episode webpage.We'd love to hear from you! You can reach us at: Web: https://mobycast.fm Voicemail: 844-818-0993 Email: ask@mobycast.fm Twitter: https://twitter.com/hashtag/mobycast Reddit: https://reddit.com/r/mobycast

Mobycast
Psst... Secrets Handling for Cloud-Native Apps - Part 2

Mobycast

Play Episode Listen Later Jan 8, 2020 46:42


In this episode, we cover the following topics: AWS offers not one, but two, managed services for secrets management. Systems Manager Parameter Store and AWS Secrets Manager have similar functionality, making it sometimes confusing to know which to use. We compare and contrast the two services to help guide your choice. The three types of sensitive data injection supported by Elastic Container Service (ECS). Understanding when sensitive data is injected into the container and how to handle updates to secrets (such as credential rotation). The required configuration changes and IAM permissions you need to enable ECS integration with Parameter Store and Secrets Manager. A walkthrough of the specific steps you need to take to update your ECS application to support secrets integration. Detailed Show NotesWant the complete episode outline with detailed notes? Sign up here: https://mobycast.fm/show-notes/Support Mobycasthttps://glow.fm/mobycastEnd SongStraddling by Derek RussoMore InfoFor a full transcription of this episode, please visit the episode webpage.We'd love to hear from you! You can reach us at: Web: https://mobycast.fm Voicemail: 844-818-0993 Email: ask@mobycast.fm Twitter: https://twitter.com/hashtag/mobycast Reddit: https://reddit.com/r/mobycast

Devchat.tv Master Feed
DevOps 012: Containerizing an Application

Devchat.tv Master Feed

Play Episode Listen Later Oct 8, 2019 46:42


On this episode of Adventures in DevOps the panelists talk about how to containerize an app in a container using services such as Docker or Kubernetes. Charles mentions that he is wanting to host a Ruby on Rails application and Scott has experience with web deployments in Python and Django. They share that regardless of the languages and technologies used, the principles behind deploying a containerized application are the same. The next topic covered by the DevOps panelists is how to create containerized instances using Docker. The discussion centers on creating the container instances on a network and best practices that can be used for managing and maintaining them. The DevOps panelists cover the difference between an internal network deployment and what is needed to push a containerized application to a cloud instance using Kubernetes, Docker, DigitalOcean, or another service. Scott asks Charles if he is using a good CI/CD (continuous integration/ continuous delivery) mechanism, to which Charles shares that he is using Cloud 66 for its ease of use. When it comes to storage, they discuss whether to use the cloud services storage option or using a container to run a Postgres engine. They also go over the best way to run the shell commands for configuring their environment. The topic then moves to security and asset management when using Docker. Charles mentions that he tries to avoid putting API keys or other secrets into the Docker file and Scott shares how he uses a secrets management platform such as AWS Parameter Store, AWS Secrets Management, and others. They discuss the benefits that are provided by secrets management platforms. The DevOps panelists also talked about how a CI/CD platform can help with the portability of a containerized application Charles asks Scott how to begin with helping someone who wants to take their existing application and containerize it using the Docker approach. Scott responds with describing how he would look at where there application is and help them configure their containerized instance and set it up on a container service such as Docker or Kubernetes. Scott mentions that the strength of moving an application to a container service helps the application to scale up and down as needed. The container model helps a team to locally replicate their CI/CD model and be able to test it locally before the application is pushed to the cloud instance. The panelists talk about reverse proxies for pushing a Ruby on Rails app. Chuck prefers nginx and Scott emphasizes that it is important when pushing to production to spend some time verifying that the reverse proxy configuration is correct and won’t expose the application in a way that it shouldn’t be. Chuck shares that the use of a cloud platform such as GCP (Google Cloud Platform) of Microsoft Azure reduces the overhead with configuring containers and building images so that when he hands it off to the platform, it will take care of a large part of the setup including creation of the reverse proxy.  Panelists Charles Max Wood Scott Nixon Sponsors Sustain Our Software Views on Vue Dev Ed Links Docker Kubernetes Ruby on Rails Python Django Cloud 66 PostgreSQL DigitalOcean Bitbucket Google Cloud Platform Microsoft Azure AWS Parameter Store AWS Secrets Manager Nginx Picks Charles Max Wood Height Adjustable VESA Adapter Velcro Strips Scott Nixon The Gymkhana Files The Grand Tour

Adventures in DevOps
DevOps 012: Containerizing an Application

Adventures in DevOps

Play Episode Listen Later Oct 8, 2019 46:42


On this episode of Adventures in DevOps the panelists talk about how to containerize an app in a container using services such as Docker or Kubernetes. Charles mentions that he is wanting to host a Ruby on Rails application and Scott has experience with web deployments in Python and Django. They share that regardless of the languages and technologies used, the principles behind deploying a containerized application are the same. The next topic covered by the DevOps panelists is how to create containerized instances using Docker. The discussion centers on creating the container instances on a network and best practices that can be used for managing and maintaining them. The DevOps panelists cover the difference between an internal network deployment and what is needed to push a containerized application to a cloud instance using Kubernetes, Docker, DigitalOcean, or another service. Scott asks Charles if he is using a good CI/CD (continuous integration/ continuous delivery) mechanism, to which Charles shares that he is using Cloud 66 for its ease of use. When it comes to storage, they discuss whether to use the cloud services storage option or using a container to run a Postgres engine. They also go over the best way to run the shell commands for configuring their environment. The topic then moves to security and asset management when using Docker. Charles mentions that he tries to avoid putting API keys or other secrets into the Docker file and Scott shares how he uses a secrets management platform such as AWS Parameter Store, AWS Secrets Management, and others. They discuss the benefits that are provided by secrets management platforms. The DevOps panelists also talked about how a CI/CD platform can help with the portability of a containerized application Charles asks Scott how to begin with helping someone who wants to take their existing application and containerize it using the Docker approach. Scott responds with describing how he would look at where there application is and help them configure their containerized instance and set it up on a container service such as Docker or Kubernetes. Scott mentions that the strength of moving an application to a container service helps the application to scale up and down as needed. The container model helps a team to locally replicate their CI/CD model and be able to test it locally before the application is pushed to the cloud instance. The panelists talk about reverse proxies for pushing a Ruby on Rails app. Chuck prefers nginx and Scott emphasizes that it is important when pushing to production to spend some time verifying that the reverse proxy configuration is correct and won’t expose the application in a way that it shouldn’t be. Chuck shares that the use of a cloud platform such as GCP (Google Cloud Platform) of Microsoft Azure reduces the overhead with configuring containers and building images so that when he hands it off to the platform, it will take care of a large part of the setup including creation of the reverse proxy.  Panelists Charles Max Wood Scott Nixon Sponsors Sustain Our Software Views on Vue Dev Ed Links Docker Kubernetes Ruby on Rails Python Django Cloud 66 PostgreSQL DigitalOcean Bitbucket Google Cloud Platform Microsoft Azure AWS Parameter Store AWS Secrets Manager Nginx Picks Charles Max Wood Height Adjustable VESA Adapter Velcro Strips Scott Nixon The Gymkhana Files The Grand Tour

AWS Podcast
#328: August 2019 Update Show #1

AWS Podcast

Play Episode Listen Later Aug 18, 2019 55:44


It is a MASSIVE episode of updates that Simon and Nikki do their best to cover! There is also an EXTRA SPECIAL bonus just for AWS Podcast listeners! Special Discount for Intersect Tickets: https://int.aws/podcast use discount code 'podcast' - note that tickets are limited! Chapters: 02:19 Infrastructure 03:07 Storage 05:34 Compute 13:47 Network 14:54 Databases 17:45 Migration 18:36 Developer Tools 21:39 Analytics 29:25 IoT 33:24 End User Computing 34:08 Machine Learning 40:21 AR and VR 41:11 Application Integration 43:57 Management and Governance 48:04 Customer Engagement 49:13 Media 50:17 Mobile 50:36 Security 51:26 Gaming 51:39 Robotics 52:13 Training Shownotes: Special Discount for Intersect Tickets: https://int.aws/podcast use discount code 'podcast' - note that tickets are limited! Topic || Infrastructure Announcing the new AWS Middle East (Bahrain) Region | https://aws.amazon.com/about-aws/whats-new/2019/07/announcing-the-new-aws-middle-east--bahrain--region-/ Topic || Storage EBS default volume type updated to GP2 | https://aws.amazon.com/about-aws/whats-new/2019/07/ebs-default-volume-type-updated-to-gp2/ AWS Backup will Automatically Copy Tags from Resource to Recovery Point | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-backup-will-automatically-copy-tags-from-resource-to-recovery-point/ Configuration update for Amazon EFS encryption of data in transit | https://aws.amazon.com/about-aws/whats-new/2019/07/configuration-update-for-amazon-efs-encryption-data-in-transit/ AWS Snowball and Snowball Edge available in Seoul – Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-snowball-and-aws-snowball-edge-available-in-asia-pacific-seoul-region/ Amazon S3 adds support for percentiles on Amazon CloudWatch Metrics | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-s3-adds-support-for-percentiles-on-amazon-cloudwatch-metrics/ Amazon FSx Now Supports Windows Shadow Copies for Restoring Files to Previous Versions | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-fsx-now-supports-windows-shadow-copies-for-restoring-files-to-previous-versions/ Amazon CloudFront Announces Support for Resource-Level and Tag-Based Permissions | https://aws.amazon.com/about-aws/whats-new/2019/08/cloudfront-resource-level-tag-based-permission/ Topic || Compute Amazon EC2 AMD Instances are Now Available in additional regions | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ec2-amd-instances-available-in-additional-regions/ Amazon EC2 P3 Instances Featuring NVIDIA Volta V100 GPUs now Support NVIDIA Quadro Virtual Workstation | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ec2-p3-nstances-featuring-nvidia-volta-v100-gpus-now-support-nvidia-quadro-virtual-workstation/ Introducing Amazon EC2 I3en and C5n Bare Metal Instances | https://aws.amazon.com/about-aws/whats-new/2019/08/introducing-amazon-ec2-i3en-and-c5n-bare-metal-instances/ Amazon EC2 C5 New Instance Sizes are Now Available in Additional Regions | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-ec2-c5-new-instance-sizes-are-now-available-in-additional-regions/ Amazon EC2 Spot Now Available for Red Hat Enterprise Linux (RHEL) | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ec2-spot-now-available-red-hat-enterprise-linux-rhel/ Amazon EC2 Now Supports Tagging Launch Templates on Creation | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ec2-now-supports-tagging-launch-templates-on-creation/ Amazon EC2 On-Demand Capacity Reservations Can Now Be Shared Across Multiple AWS Accounts | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ec2-on-demand-capacity-reservations-shared-across-multiple-aws-accounts/ Amazon EC2 Fleet Now Lets You Modify On-Demand Target Capacity | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-ec2-fleet-modify-on-demand-target-capacity/ Amazon EC2 Fleet Now Lets You Set A Maximum Price For A Fleet Of Instances | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-ec2-fleet-now-lets-you-submit-maximum-price-for-fleet-of-instances/ Amazon EC2 Hibernation Now Available on Ubuntu 18.04 LTS | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ec2-hibernation-now-available-ubuntu-1804-lts/ Amazon ECS services now support multiple load balancer target groups | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ecs-services-now-support-multiple-load-balancer-target-groups/ Amazon ECS Console now enables simplified AWS App Mesh integration | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ecs-console-enables-simplified-aws-app-mesh-integration/ Amazon ECR now supports increased repository and image limits | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ecr-now-supports-increased-repository-and-image-limits/ Amazon ECR Now Supports Immutable Image Tags | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ecr-now-supports-immutable-image-tags/ Amazon Linux 2 Extras now provides AWS-optimized versions of new Linux Kernels | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-linux-2-extras-provides-aws-optimized-versions-of-new-linux-kernels/ Lambda@Edge Adds Support for Python 3.7 | https://aws.amazon.com/about-aws/whats-new/2019/08/lambdaedge-adds-support-for-python-37/ AWS Batch Now Supports the Elastic Fabric Adapter | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-batch-now-supports-elastic-fabric-adapter/ Topic || Network Elastic Fabric Adapter is officially integrated into Libfabric Library | https://aws.amazon.com/about-aws/whats-new/2019/07/elastic-fabric-adapter-officially-integrated-into-libfabric-library/ Now Launch AWS Glue, Amazon EMR, and AWS Aurora Serverless Clusters in Shared VPCs | https://aws.amazon.com/about-aws/whats-new/2019/08/now-launch-aws-glue-amazon-emr-and-aws-aurora-serverless-clusters-in-shared-vpcs/ AWS DataSync now supports Amazon VPC endpoints | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-datasync-now-supports-amazon-vpc-endpoints/ AWS Direct Connect Now Supports Resource Based Authorization, Tag Based Authorization, and Tag on Resource Creation | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-direct-connect-now-supports-resource-based-authorization-tag-based-authorization-tag-on-resource-creation/ Topic || Databases Amazon Aurora Multi-Master is Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-aurora-multimaster-now-generally-available/ Amazon DocumentDB (with MongoDB compatibility) Adds Aggregation Pipeline and Diagnostics Capabilities | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-documentdb-with-mongodb-compatibility-adds-aggregation-pipeline-and-diagnostics-capabilities/ Amazon DynamoDB now helps you monitor as you approach your account limits | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-dynamodb-now-helps-you-monitor-as-you-approach-your-account-limits/ Amazon RDS for Oracle now supports new instance sizes | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-rds-for-oracle-now-supports-new-instance-sizes/ Amazon RDS for Oracle Supports Oracle Management Agent (OMA) version 13.3 for Oracle Enterprise Manager Cloud Control 13c | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-rds-for-oracle-supports-oracle-management-agent-oma-version133-for-oracle-enterprise-manager-cloud-control13c/ Amazon RDS for Oracle now supports July 2019 Oracle Patch Set Updates (PSU) and Release Updates (RU) | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-rds-for-oracle-supports-july-2019-oracle-patch-set-and-release-updates/ Amazon RDS SQL Server now supports changing the server-level collation | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-rds-sql-server-supports-changing-server-level-collation/ PostgreSQL 12 Beta 2 Now Available in Amazon RDS Database Preview Environment | https://aws.amazon.com/about-aws/whats-new/2019/08/postgresql-beta-2-now-available-in-amazon-rds-database-preview-environment/ Amazon Aurora with PostgreSQL Compatibility Supports Publishing PostgreSQL Log Files to Amazon CloudWatch Logs | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-aurora-with-postgresql-compatibility-support-logs-to-cloudwatch/ Amazon Redshift Launches Concurrency Scaling in Five additional AWS Regions, and Enhances Console Performance Graphs in all supported AWS Regions | https://aws.amazon.com/about-aws/ whats-new/2019/08/amazon-redshift-launches-concurrency-scaling-five-additional-regions-enhances-console-performance-graphs/ Amazon Redshift now supports column level access control with AWS Lake Formation | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-redshift-spectrum-now-supports-column-level-access-control-with-aws-lake-formation/ Topic || Migration AWS Migration Hub Now Supports Import of On-Premises Server and Application Data From RISC Networks to Plan and Track Migration Progress | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-migration-hub-supports-import-of-on-premises-server-application-data-from-risc-networks-to-track-migration-progress/ Topic || Developer Tools AWS CodePipeline Achieves HIPAA Eligibility | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-codepipeline-achieves-hipaa-eligibility/ AWS CodePipeline Adds Pipeline Status to Pipeline Listing | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-codepipeline-adds-pipeline-status-to-pipeline-listing/ AWS Amplify Console adds support for automatically deploying branches that match a specific pattern | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-amplify-console-support-git-based-branch-pattern-detection/ Amplify Framework Adds Predictions Category | https://aws.amazon.com/about-aws/whats-new/2019/07/amplify-framework-adds-predictions-category/ Amplify Framework adds local mocking and testing for GraphQL APIs, Storage, Functions, and Hosting | https://aws.amazon.com/about-aws/whats-new/2019/08/amplify-framework-adds-local-mocking-and-testing-for-graphql-apis-storage-functions-hostings/ Topic || Analytics AWS Lake Formation is now generally available | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-lake-formation-is-now-generally-available/ Announcing PartiQL: One query language for all your data | https://aws.amazon.com/blogs/opensource/announcing-partiql-one-query-language-for-all-your-data/ AWS Glue now supports the ability to run ETL jobs on Apache Spark 2.4.3 (with Python 3) | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-glue-now-supports-ability-to-run-etl-jobs-apache-spark-243-with-python-3/ AWS Glue now supports additional configuration options for memory-intensive jobs submitted through development endpoints | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-glue-now-supports-additional-configuration-options-for-memory-intensive-jobs-submitted-through-deployment-endpoints/ AWS Glue now provides the ability to bookmark Parquet and ORC files using Glue ETL jobs | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-glue-now-provides-ability-to-bookmark-parquet-and-orc-files-using-glue-etl-jobs/ AWS Glue now provides FindMatches ML transform to deduplicate and find matching records in your dataset | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-glue-provides-findmatches-ml-transform-to-deduplicate/ Amazon QuickSight adds support for custom colors, embedding for all user types and new regions! | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-quicksight-adds-support-for-custom-colors-embedding-for-all-user-types-and-new-regions/ Achieve 3x better Spark performance with EMR 5.25.0 | https://aws.amazon.com/about-aws/whats-new/2019/08/achieve-3x-better-spark-performance-with-emr-5250/ Amazon EMR now supports native EBS encryption | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon_emr_now_supports_native_ebs_encryption/ Amazon Athena adds Support for AWS Lake Formation Enabling Fine-Grained Access Control on Databases, Tables, and Columns | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-athena-adds-support-for-aws-lake-formation-enabling-fine-grained-access-control-on-databases-tables-columns/ Amazon EMR Integration With AWS Lake Formation Is Now In Beta, Supporting Database, Table, and Column-level access controls for Apache Spark | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-emr-integration-with-aws-lake-formation-now-in-beta-supporting-database-table-column-level-access-controls/ Topic || IoT AWS IoT Device Defender Expands Globally | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-iot-device-defender-expands-globally/ AWS IoT Device Defender Supports Mitigation Actions for Audit Results | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-iot-device-defender-supports-mitigation-actions-for-audit-results/ AWS IoT Device Tester v1.3.0 is Now Available for Amazon FreeRTOS 201906.00 Major | https://aws.amazon.com/about-aws/whats-new/2019/07/aws_iot_device_tester_v130_for_amazon_freertos_201906_00_major/ AWS IoT Events actions now support AWS Lambda, SQS, Kinesis Firehose, and IoT Events as targets | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-iot-events-supports-invoking-actions-to-lambda-sqs-kinesis-firehose-iot-events/ AWS IoT Events now supports AWS CloudFormation | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-iot-events-now-supports-aws-cloudformation/ Topic || End User Computing AWS Client VPN now adds support for Split-tunnel | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-client-vpn-now-adds-support-for-split-tunnel/ Introducing AWS Chatbot (beta): ChatOps for AWS in Amazon Chime and Slack Chat Rooms | https://aws.amazon.com/about-aws/whats-new/2019/07/introducing-aws-chatbot-chatops-for-aws/ Amazon AppStream 2.0 Adds CLI Operations for Programmatic Image Creation | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-appstream-2-adds-cli-operations-for-programmatic-image-creation/ NICE DCV Releases Version 2019.0 with Multi-Monitor Support on Web Client | https://aws.amazon.com/about-aws/whats-new/2019/08/nice-dcv-releases-version-2019-0-with-multi-monitor-support-on-web-client/ New End User Computing Competency Solutions | https://aws.amazon.com/about-aws/whats-new/2019/08/end-user-computing-competency-solutions/ Amazon WorkDocs Migration Service | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon_workdocs_migration_service/ Topic || Machine Learning SageMaker Batch Transform now enables associating prediction results with input attributes | https://aws.amazon.com/about-aws/whats-new/2019/07/sagemaker-batch-transform-enable-associating-prediction-results-with-input-attributes/ Amazon SageMaker Ground Truth Adds Data Labeling Workflow for Named Entity Recognition | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-sagemaker-ground-truth-adds-data-labeling-workflow-for-named-entity-recognition/ Amazon SageMaker notebooks now available with pre-installed R kernel | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-sagemaker-notebooks-available-with-pre-installed-r-kernel/ New Model Tracking Capabilities for Amazon SageMaker Are Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/08/new-model-tracking-capabilities-for-amazon-sagemaker-now-generally-available/ Amazon Comprehend Custom Entities now supports multiple entity types | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-comprehend-custom-entities-supports-multiple-entity-types/ Introducing Predictive Maintenance Using Machine Learning | https://aws.amazon.com/about-aws/whats-new/2019/07/introducing-predictive-maintenance-using-machine-learning/ Amazon Transcribe Streaming Now Supports WebSocket | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-transcribe-streaming-now-supports-websocket/ Amazon Polly Launches Neural Text-to-Speech and Newscaster Voices | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-polly-launches-neural-text-to-speech-and-newscaster-voices/ Manage a Lex session using APIs on the client | https://aws.amazon.com/about-aws/whats-new/2019/08/manage-a-lex-session-using-apis-on-the-client/ Amazon Rekognition now detects violence, weapons, and self-injury in images and videos; improves accuracy for nudity detection | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-rekognition-now-detects-violence-weapons-and-self-injury-in-images-and-videos-improves-accuracy-for-nudity-detection/ Topic || AR and VR Amazon Sumerian Now Supports Physically-Based Rendering (PBR) | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-sumerian-now-supports-physically-based-rendering-pbr/ Topic || Application Integration Amazon SNS Message Filtering Adds Support for Attribute Key Matching | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-sns-message-filtering-adds-support-for-attribute-key-matching/ Amazon SNS Adds Support for AWS X-Ray | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-sns-adds-support-for-aws-x-ray/ Temporary Queue Client Now Available for Amazon SQS | https://aws.amazon.com/about-aws/whats-new/2019/07/temporary-queue-client-now-available-for-amazon-sqs/ Amazon MQ Adds Support for AWS Key Management Service (AWS KMS), Improving Encryption Capabilities | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-mq-adds-support-for-aws-key-management-service-improving-encryption-capabilities/ Amazon MSK adds support for Apache Kafka version 2.2.1 and expands availability to EU (Stockholm), Asia Pacific (Mumbai), and Asia Pacific (Seoul) | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-msk-adds-support-apache-kafka-version-221-expands-availability-stockholm-mumbai-seoul/ Amazon API Gateway supports secured connectivity between REST APIs & Amazon Virtual Private Clouds in additional regions | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-api-gateway-supports-secured-connectivity-between-reset-apis-and-amazon-virtual-private-clouds-in-additional-regions/ Topic || Management and Governance AWS Cost Explorer now Supports Usage-Based Forecasts | https://aws.amazon.com/about-aws/whats-new/2019/07/usage-based-forecasting-in-aws-cost-explorer/ Introducing Amazon EC2 Resource Optimization Recommendations | https://aws.amazon.com/about-aws/whats-new/2019/07/introducing-amazon-ec2-resource-optimization-recommendations/ AWS Budgets Announces AWS Chatbot Integration | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-budgets-announces-aws-chatbot-integration/ Discovering Documents Made Easy in AWS Systems Manager Automation | https://aws.amazon.com/about-aws/whats-new/2019/07/discovering-documents-made-easy-in-aws-systems-manager-automation/ AWS Systems Manager Distributor makes it easier to create distributable software packages | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-systems-manager-distributor-makes-it-easier-to-create-distributable-software-packages/ Now use AWS Systems Manager Maintenance Windows to select resource groups as targets | https://aws.amazon.com/about-aws/whats-new/2019/07/now-use-aws-systems-manager-maintenance-windows-to-select-resource-groups-as-targets/ Use AWS Systems Manager to resolve operational issues with your .NET and Microsoft SQL Server Applications | https://aws.amazon.com/about-aws/whats-new/2019/08/use-aws-systems-manager-to-resolve-operational-issues-with-your-net-and-microsoft-sql-server-applications/ CloudWatch Logs Insights adds cross log group querying | https://aws.amazon.com/about-aws/whats-new/2019/07/cloudwatch-logs-insights-adds-cross-log-group-querying/ AWS CloudFormation now supports higher StackSets limits | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-cloudformation-now-supports-higher-stacksets-limits/ Topic || Customer Engagement Introducing AI-Driven Social Media Dashboard | https://aws.amazon.com/about-aws/whats-new/2019/07/introducing-ai-driven-social-media-dashboard/ New Amazon Connect integration for ChoiceView from Radish Systems on AWS | https://aws.amazon.com/about-aws/whats-new/2019/07/new-amazon-connect-integration-for-choiceview-from-radish-systems-on-aws/ Amazon Pinpoint Adds Campaign and Application Metrics APIs | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-pinpoint-adds-campaign-and-application-metrics-apis/ Topic || Media AWS Elemental Appliances and Software Now Available in the AWS Management Console | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-elemental-appliances-and-software-now-available-in-aws-management-console/ AWS Elemental MediaConvert Expands Audio Support and Improves Performance | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-elemental-mediaconvert-expands-audio-support-and-improves-performance/ AWS Elemental MediaConvert Adds Ability to Prioritize Transcoding Jobs | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-elemental-mediaconvert-adds-ability-to-prioritize-transcoding-jobs/ AWS Elemental MediaConvert Simplifies Editing and Sharing of Settings | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-elemental-mediaconvert-simplifies-editing-and-sharing-of-settings/ AWS Elemental MediaStore Now Supports Resource Tagging | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-elemental-mediastore-now-supports-resource-tagging/ AWS Elemental MediaLive Enhances Support for File-Based Inputs for Live Channels | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-elemental-medialive-enhances-support-for-file-based-inputs-for-live-channels/ Topic || Mobile AWS Device Farm improves device start up time to enable instant access to devices | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-device-farm-improves-device-start-up-time-to-enable-instant-access-to-devices/ Topic || Security Introducing the Amazon Corretto Crypto Provider (ACCP) for Improved Cryptography Performance | https://aws.amazon.com/about-aws/whats-new/2019/07/introducing-the-amazon-corretto-crypto-provider/ AWS Secrets Manager now supports VPC endpoint policies | https://aws.amazon.com/about-aws/whats-new/2019/07/AWS-Secrets-Manager-now-supports-VPC-endpoint-policies/ Topic || Gaming Lumberyard Beta 1.20 Now Available | https://aws.amazon.com/about-aws/whats-new/2019/07/lumberyard-beta-120-now-available/ Topic || Robotics AWS RoboMaker now supports offline logs and metrics for the AWS RoboMaker CloudWatch cloud extension | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-robomaker-now-supports-offline-logs-metrics-aws-robomaker-cloudwatch-cloud-extension/ Topic || Training New AWS Certification Exam Vouchers Make Certifying Groups Easier | https://aws.amazon.com/about-aws/whats-new/2019/07/new-aws-certification-exam-vouchers-make-certifying-groups-easier/ Announcing New Resources and Website to Accelerate Your Cloud Adoption | https://aws.amazon.com/about-aws/whats-new/2019/07/announcing-new-resources-and-website-to-accelerate-your-cloud-adoption/ AWS Developer Series Relaunched on edX | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-developer-series-relaunched-on-edx/

AWS Podcast
#314: May 2019 Update Show 2

AWS Podcast

Play Episode Listen Later May 26, 2019 32:09


Simon hosts an update show with lots of great new features and capabilities! Chapters: Developer Tools 0:26 Storage 3:02 Compute 5:10 Database 10:31 Networking 13:41 Analytics 16:38 IoT 18:23 End User Computing 20:19 Machine Learning 21:12 Application Integration 24:02 Management and Governance 24:23 Migration 26:05 Security 26:56 Training and Certification 29:57 Blockchain 30:27 Quickstarts 31:06 Shownotes: Topic || Developer Tools Announcing AWS X-Ray Analytics – An Interactive approach to Trace Analysis | https://aws.amazon.com/about-aws/whats-new/2019/04/aws_x_ray_interactive_approach_analyze_traces/ Quickly Search for Resources across Services in the AWS Developer Tools Console | https://aws.amazon.com/about-aws/whats-new/2019/05/search-resources-across-services-developer-tools-console/ AWS Amplify Console adds support for Incoming Webhooks | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-amplify-console-adds-support-for-incoming-webhooks/ AWS Amplify launches an online community for fullstack serverless app developers | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-amplify-launches-an-online-community-for-fullstack-serverless-app-developers/ AWS AppSync Now Enables More Visibility into Performance and Health of GraphQL Operations | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-appsync-now-enables-more-visibility-into-performance-and-hea/ AWS AppSync Now Supports Configuring Multiple Authorization Types for GraphQL APIs | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-appsync-now-supports-configuring-multiple-authorization-type/ Topic || Storage Amazon S3 Introduces S3 Batch Operations for Object Management | https://aws.amazon.com/about-aws/whats-new/2019/04/Amazon-S3-Introduces-S3-Batch-Operations-for-Object-Management/ AWS Snowball Edge adds block storage – Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-snowball-edge-adds-block-storage-for-edge-computing-workload/ Amazon FSx for Windows File Server Adds Support for File System Monitoring with Amazon CloudWatch | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-fsx-for-windows-file-server-adds-support-for-cloudwatch/ AWS Storage Gateway enhances access control for SMB shares to store and access objects in Amazon S3 buckets | https://aws.amazon.com/about-aws/whats-new/2019/05/AWS-Storage-Gateway-enhances-access-control-for-SMB-shares-to-access-objects-in-Amazon-s3/ Topic || Compute AWS Lambda adds support for Node.js v10 | https://aws.amazon.com/about-aws/whats-new/2019/05/aws_lambda_adds_support_for_node_js_v10/ AWS Serverless Application Model (SAM) supports IAM permissions and custom responses for Amazon API Gateway | https://aws.amazon.com/about-aws/whats-new/2019/aws_serverless_application_Model_support_IAM/ AWS Step Functions Adds Support for Workflow Execution Events | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-step-functions-adds-support-for-workflow-execution-events/ Amazon EC2 I3en instances, offering up to 60 TB of NVMe SSD instance storage, are now generally available | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-ec2-i3en-instances-are-now-generally-available/ Now Create Amazon EC2 On-Demand Capacity Reservations Through AWS CloudFormation | https://aws.amazon.com/about-aws/whats-new/2019/04/now-create-amazon-ec2-on-demand-capacity-reservations-through-aws-cloudformation/ Share encrypted AMIs across accounts to launch instances in a single step | https://aws.amazon.com/about-aws/whats-new/2019/05/share-encrypted-amis-across-accounts-to-launch-instances-in-a-single-step/ Launch encrypted EBS backed EC2 instances from unencrypted AMIs in a single step | https://aws.amazon.com/about-aws/whats-new/2019/05/launch-encrypted-ebs-backed-ec2-instances-from-unencrypted-amis-in-a-single-step/ Amazon EKS Releases Deep Learning Benchmarking Utility | https://aws.amazon.com/about-aws/whats-new/2019/05/-amazon-eks-releases-deep-learning-benchmarking-utility-/ Amazon EKS Adds Support for Public IP Addresses Within Cluster VPCs | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-eks-adds-support-for-public-ip-addresses-within-cluster-v/ Amazon EKS Simplifies Kubernetes Cluster Authentication | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-eks-simplifies-kubernetes-cluster-authentication/ Amazon ECS Console support for ECS-optimized Amazon Linux 2 AMI and Amazon EC2 A1 instance family now available | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-ecs-console-support-for-ecs-optimized-amazon-linux-2-ami-/ AWS Fargate PV1.3 now supports the Splunk log driver | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-fargate-pv1-3-now-supports-the-splunk-log-driver/ Topic || Databases Amazon Aurora Serverless Supports Capacity of 1 Unit and a New Scaling Option | https://aws.amazon.com/about-aws/whats-new/2019/04/amazon_aurora_serverless_now_supports_a_minimum_capacity_of_1_unit_and_a_new_scaling_option/ Aurora Global Database Expands Availability to 14 AWS Regions | https://aws.amazon.com/about-aws/whats-new/2019/05/Aurora_Global_Database_Expands_Availability_to_14_AWS_Regions/ Amazon DocumentDB (with MongoDB compatibility) now supports per-second billing | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-documentdb-now-supports-per-second-billing/ Performance Insights is Generally Available on Amazon Aurora MySQL 5.7 | https://aws.amazon.com/about-aws/whats-new/2019/05/Performance-Insights-GA-Aurora-MySQL-57/ Performance Insights Supports Counter Metrics on Amazon RDS for Oracle | https://aws.amazon.com/about-aws/whats-new/2019/05/performance-insights-countermetrics-on-oracle/ Performance Insights Supports Amazon Aurora Global Database | https://aws.amazon.com/about-aws/whats-new/2019/05/performance-insights-global-datatabase/ Amazon ElastiCache for Redis adds support for Redis 5.0.4 | https://aws.amazon.com/about-aws/whats-new/2019/05/elasticache-redis-5-0-4/ Amazon RDS for MySQL Supports Password Validation | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-rds-for-mysql-supports-password-validation/ Amazon RDS for PostgreSQL Supports New Minor Versions 11.2, 10.7, 9.6.12, 9.5.16, and 9.4.21 | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-rds-postgresql-supports-minor-version-112/ Amazon RDS for Oracle now supports April Oracle Patch Set Updates (PSU) and Release Updates (RU) | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-rds-for-oracle-now-supports-april-oracle-patch-set-updates-psu-and-release-updates-ru/ Topic || Networking Elastic Fabric Adapter Is Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/04/elastic-fabric-adapter-is-now-generally-available/ Migrate Your AWS Site-to-Site VPN Connections from a Virtual Private Gateway to an AWS Transit Gateway | https://aws.amazon.com/about-aws/whats-new/2019/04/migrate-your-aws-site-to-site-vpn-connections-from-a-virtual-private-gateway-to-an-aws-transit-gateway/ Announcing AWS Direct Connect Support for AWS Transit Gateway | https://aws.amazon.com/about-aws/whats-new/2019/04/announcing-aws-direct-connect-support-for-aws-transit-gateway/ Amazon CloudFront announces 11 new Edge locations in India, Japan, and the United States | https://aws.amazon.com/about-aws/whats-new/2019/05/cloudfront-11locations-7may2019/ Amazon VPC Endpoints Now Support Tagging for Gateway Endpoints, Interface Endpoints, and Endpoint Services | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-vpc-endpoints-now-support-tagging-for-gateway-endpoints-interface-endpoints-and-endpoint-services/ Topic || Analytics Amazon EMR announces Support for Multiple Master nodes to enable High Availability for EMR applications | https://aws.amazon.com/about-aws/whats-new/2019/04/amazon-emr-announces-support-for-multiple-master-nodes-to-enable-high-availability-for-EMR-applications/ Amazon EMR now supports Multiple Master nodes to enable High Availability for HBase clusters | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-emr-now-supports-multiple-master-nodes-to-enable-high-availability-for-hbase-clusters/ Amazon EMR announces Support for Reconfiguring Applications on Running EMR Clusters | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-emr-announces-support-for-reconfiguring-applications-on-running-emr-clusters/ Amazon Kinesis Data Analytics now allows you to assign AWS resource tags to your real-time applications | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon_kinesis_data_analytics_now_allows_you_to_assign_aws_resource_tags_to_your_real_time_applications/ AWS Glue crawlers now support existing Data Catalog tables as sources | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-glue-crawlers-now-support-existing-data-catalog-tables-as-sources/ Topic || IoT AWS IoT Analytics Now Supports Faster SQL Data Set Refresh Intervals | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-iot-analytics-now-supports-faster-sql-data-set-refresh-intervals/ AWS IoT Greengrass Adds Support for Python 3.7, Node v8.10.0, and Expands Support for Elliptic-Curve Cryptography | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-iot-greengrass-adds-support-python-3-7-node-v-8-10-0-and-expands-support-elliptic-curve-cryptography/ AWS Releases Additional Preconfigured Examples for FreeRTOS on Armv8-M | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-releases-additional-freertos-preconfigured-examples-armv8m/ AWS IoT Device Defender supports monitoring behavior of unregistered devices | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-iot-device-defender-supports-monitoring-behavior-of-unregistered-devices/ AWS IoT Analytics Now Supports Data Set Content Delivery to Amazon S3 | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-iot-analytics-now-supports-data-set-content-delivery-to-amaz/ Topic || End User Computing Amazon AppStream 2.0 adds configurable timeouts for idle sessions | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-appstream-2-0-adds-configurable-timeouts-for-idle-session/ Monitor Emails in Your Workmail Organization Using Cloudwatch Metrics and Logs | https://aws.amazon.com/about-aws/whats-new/2019/05/monitor-emails-in-your-workmail-organization-using-cloudwatch-me/ You can now use custom chat bots with Amazon Chime | https://aws.amazon.com/about-aws/whats-new/2019/05/you-can-now-use-custom-chat-bots-with-amazon-chime/ Topic || Machine Learning Developers, start your engines! The AWS DeepRacer Virtual League kicks off today. | https://aws.amazon.com/about-aws/whats-new/2019/04/AWSDeepRacerVirtualLeague/ Amazon SageMaker announces new features to the built-in Object2Vec algorithm | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-sagemaker-announces-new-features-to-the-built-in-object2v/ Amazon SageMaker Ground Truth Now Supports Automated Email Notifications for Manual Data Labeling | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-sagemaker-ground-truth-now-supports-automated-email-notif/ Amazon Translate Adds Support for Hindi, Farsi, Malay, and Norwegian | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon_translate_support_hindi_farsi_malay_norwegian/ Amazon Transcribe now supports Hindi and Indian-accented English | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-transcribe-supports-hindi-indian-accented-english/ Amazon Comprehend batch jobs now supports Amazon Virtual Private Cloud | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-comprehend-batch-jobs-now-supports-amazon-virtual-private-cloud/ New in AWS Deep Learning AMIs: PyTorch 1.1, Chainer 5.4, and CUDA 10 support for MXNet | https://aws.amazon.com/about-aws/whats-new/2019/05/new-in-aws-deep-learning-amis-pytorch-1-1-chainer-5-4-cuda10-for-mxnet/ Topic || Application Integration Amazon MQ Now Supports Resource-Level and Tag-Based Permissions | https://aws.amazon.com/about-aws/whats-new/2019/04/amazon-mq-now-supports-resource-level-and-tag-based-permissions/ Amazon SNS Adds Support for Cost Allocation Tags | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-sns-adds-support-for-cost-allocation-tags/ Topic || Management and Governance Reservation Expiration Alerts Now Available in AWS Cost Explorer | https://aws.amazon.com/about-aws/whats-new/2019/05/reservation-expiration-alerts-now-available-in-aws-cost-explorer/ AWS Systems Manager Patch Manager Supports Microsoft Application Patching | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-systems-manager-patch-manager-supports-microsoft-application-patching/ AWS OpsWorks for Chef Automate now supports Chef Automate 2 | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-opsworks-for-chef-automate-now-supports-chef-automate-2/ AWS Service Catalog Connector for ServiceNow supports CloudFormation StackSets | https://aws.amazon.com/about-aws/whats-new/2019/05/service-catalog-servicenow-connector-now-supports-stacksets/ Topic || Migration AWS Migration Hub EC2 Recommendations | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-migration-hub-ec2-recommendations/ Topic || Security Amazon GuardDuty Adds Two New Threat Detections | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-guardduty-adds-two-new-threat-detections/ AWS Security Token Service (STS) now supports enabling the global STS endpoint to issue session tokens compatible with all AWS Regions | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-security-token-service-sts-now-supports-enabling-the-global-sts-endpoint-to-issue-session-tokens-compatible-with-all-aws-regions/ AWS WAF Security Automations Now Supports Log Analysis | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-waf-security-automations-now-supports-log-analysis/ AWS Certificate Manager Private Certificate Authority Increases Certificate Limit To One Million | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-certificate-manager-private-certificate-authority-increases-certificate-limit-to-one-million/ Amazon Cognito launches enhanced user password reset API for administrators | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-cognito-launches-enhanced-user-password-reset-api-for-administrators/ AWS Secrets Manager supports more client-side caching libraries to improve secrets availability and reduce cost | https://aws.amazon.com/about-aws/whats-new/2019/05/Secrets-Manager-Client-Side-Caching-Libraries-in-Python-NET-Go/ Create fine-grained session permissions using AWS Identity and Access Management (IAM) managed policies | https://aws.amazon.com/about-aws/whats-new/2019/05/session-permissions/ Topic || Training and Certification New VMware Cloud on AWS Navigate Track | https://aws.amazon.com/about-aws/whats-new/2019/04/vmware-navigate-track/ Topic || Blockchain Amazon Managed Blockchain What's New | https://aws.amazon.com/about-aws/whats-new/2019/04/introducing-amazon-managed-blockchain/ Topic || Quick Starts New Quick Start deploys SAP S/4HANA on AWS | https://aws.amazon.com/about-aws/whats-new/2019/05/new-quick-start-deploys-sap-s4-hana-on-aws/

united states amazon health english japan performance model indian launch services oracle i am norwegian governance api certification python aws hindi automate tb amazon web services smb amis node logs farsi sts emr servicenow mongodb splunk malay ecs cuda redis ebs amazon s3 ec2 high availability graphql apis access management iam performance insights sap s 4hana aws amplify nvme ssd amazon rds generally available aws glue chainer aws identity amazon linux freertos amazon cloudfront mxnet hbase amazon cognito amazon api gateway amazon chime aws secrets manager amazon transcribe amazon elasticache aws regions amazon cloudwatch amazon comprehend amazon emr aws transit gateway amazon fsx elliptic curve cryptography amazon ec2 a1 aws storage gateway aws opsworks topic training amazon virtual private cloud amazon kinesis data analytics aws amplify console
345 Tech Talks
6: Episode 6: Our 10 Principles for DevOps (Part One)

345 Tech Talks

Play Episode Listen Later Mar 8, 2019 69:05


If you work in software development, and if you haven't been living in a cave since 1994, you'll have heard about DevOps. Everyone talks about it, everyone has their own idea about what's involved and everyone assumes that everyone else has got it better. Maybe it's more like sex than we thought... This is another big topic and we've split the discussion across two episodes. In this episode we're introducing DevOps and looking at principles 1-5. In the next episode we'll look at principles 6-10 and wrap up. This is a feast of content for those who work in software, and you're in for a treat if you like to draw on the experience of people with decades of industry experience. Here are the highlights of the episode: Principle #1: Automate everything  Spare everyone from the toil of repetitive work. Humans should focus on solving problems not cranking the handle on the machine. Automation is a prerequisite for quality. Without automation there is no repeatability, and without repeatability there is no quality. Our automation includes the following:  Testing Static code analysis Building and packaging applications Deploying and configuring infrastructure  Principle #2: Git it the source of truth  Everything goes through a Git repository (well, almost - see #3). We create appropriate security boundaries around our knowledge and IP. We have an audit record of changes, who did what, who approved what, and when. Avoids issues from dispersed knowledge and information.  Principle #3: No sensitive data or values are stored in Git  Applies to application secrets, keys, certificates with a private key, personal data, tokens. You can get into big trouble very easily if you have credentials in the wrong place! Paul gives an example of someone who left their AWS keys in a Git repo that accidentally became public. Use secure stores such as AWS Secrets Manager, AWS KMS, HSM's, K8s Secrets. Adopt a rotation policy for secrets and make sure your DevOps process can handle rotating secrets. Think about how you will secure your sensitive informaition, how it is processed and who has access to it.  Principle #4: Adopt an infrastructure as code (IaC) approach  Infrastructure becomes declared as templates and can be automated. Changes to infrastructure are captured and can be rebuilt when needed. Principle #5: Adopt an immutable infrastructure approach  VM nodes and containers are replaced rather than changed. This approach prevents configuration drift, which is a danger with mutable infrastructure tools such as Chef and Puppet. Updated images can be tested and verified prior to deployment. Live production infrastructure is not updated while running, which improves availability. This approach gives you the ability to roll back, perform canary deployments, blue/green deployments etc. We use desired state for services (e.g. cloud services) where we are not provisioning the infrastructure ourselves. An example of this is AWS EKS. 

AWS TechChat
Episode 41 - Supercharging Developer & Operational Productivity

AWS TechChat

Play Episode Listen Later Mar 4, 2019 42:21


In this episode of AWS TechChat, Shane and Dr. Pete reflect on changes to the AWS platform that have occurred over the years. They review the services that often go hidden away. Whilst often niche to the masses, they are important and are the unsung heroes which can affect developer and operational productivity. Shane talks about patterns and anti-patterns for AWS Secrets Manager and AWS Systems Manager Parameter Store. They then pivot to AWS Certificate Manager and explain a little bit about public and private certificates, and how AWS Certificate Manager regardless if you are a developer or an operational person makes your life easier. Lastly, they cover AWS Simple Email Service which is a reliable and simple way to send email and how it can easily slot in to you landscape.

productivity developers aws operational supercharging aws secrets manager aws certificate manager
AWS Podcast
#299: February 2019 Updates

AWS Podcast

Play Episode Listen Later Feb 17, 2019 30:51


Simon guides you through lots of new features, services and capabilities that you can take advantage of. Including the new AWS Backup service, more powerful GPU capabilities, new SLAs and much, much more! Chapters: Service Level Agreements 0:17 Storage 0:57 Media Services 5:08 Developer Tools 6:17 Analytics 9:54 AI/ML 12:07 Database 14:47 Networking & Content Delivery 17:32 Compute 19:02 Solutions 21:57 Business Applications 23:38 AWS Cost Management 25:07 Migration & Transfer 25:39 Application Integration 26:07 Management & Governance 26:32 End User Computing 29:22 Links: Topic || Service Level Agreements 0:17 Amazon Kinesis Data Firehose Announces 99.9% Service Level Agreement | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-kinesis-data-firehose-announces-99-9-service-level-agreement/ Amazon Kinesis Data Streams Announces 99.9% Service Level Agreement | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-kinesis-data-streams-announces-99-9-service-level-agreement/ Amazon Kinesis Video Streams Announces 99.9% Service Level Agreement | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-kinesis-video-streams-announces-99-9-service-level-agreement/ Amazon EKS Announces 99.9% Service Level Agreement | https://aws.amazon.com/about-aws/whats-new/2019/01/-amazon-eks-announces-99-9--service-level-agreement-/ Amazon ECR Announces 99.9% Service Level Agreement | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-ecr-announces-99-9--service-level-agreement/ Amazon Cognito Announces 99.9% Service Level Agreement | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-cognito-announces-99-9-service-level-agreement/ AWS Step Functions Announces 99.9% Service Level Agreement | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-step-functions-announces-service-level-agreement/ AWS Secrets Manager Announces Service Level Agreement | https://aws.amazon.com/about-aws/whats-new/2019/01/AWS-Secrets-Manager-announces-service-level-agreement/ Amazon MQ Announces 99.9% Service Level Agreement | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-mq-announces-service-level-agreement/ Topic || Storage 0:57 Introducing AWS Backup | https://aws.amazon.com/about-aws/whats-new/2019/01/introducing-aws-backup/ Introducing Amazon Elastic File System Integration with AWS Backup | https://aws.amazon.com/about-aws/whats-new/2019/01/introducing-amazon-elastic-file-system-integration-with-aws-backup/ AWS Storage Gateway Integrates with AWS Backup - Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-storage-gateway-integrates-with-aws-backup-to-protect-volume/ AWS Backup Integrates with Amazon DynamoDB for Centralized and Automated Backup Management | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-backup-integrates-with-amazon-DynamoDB-for-centralized-and-automated-backup-management/ Amazon EBS Integrates with AWS Backup to Protect Your Volumes | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-ebs-integrates-with-aws-backup-to-protect-your-volumes/ AWS Storage Gateway Volume Detach & Attach - Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-storage-gateway-introduces-volume-detach-and-attach-feature-/ AWS Storage Gateway - Tape Gateway Performance | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-storage-gateway-announces-increased-throughput-performance-for-tape-gateway/ Amazon FSx for Lustre Offers New Options and Faster Speeds for Working with S3 Data | https://aws.amazon.com/about-aws/whats-new/2019/02/amazon-fsx-for-lustre-offers-new-options-and-faster-speeds/ Topic || Media Services 5:08 AWS Elemental MediaConvert Adds IMF Input and Enhances Caption Burn-In Support | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-elemental-mediaconvert-adds-imf-input-enhances-caption-burn-in-support/ AWS Elemental MediaLive Adds Support for AWS CloudTrail | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-elemental-medialive-adds-support-for-aws-cloudtrail/ AWS Elemental MediaLive Now Supports Resource Tagging | https://aws.amazon.com/about-aws/whats-new/2019/02/aws-elemental-medialive-now-supports-resource-tagging/ AWS Elemental MediaLive Adds I-Frame-Only HLS Manifests and JPEG Outputs | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-elemental-medialive-add-i-frame-only-hls-manifest-and-jpeg-outputs/ Topic || Developer Tools 6:17 Amazon Corretto is Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-corretto-is-now-generally-available/ AWS CodePipeline Now Supports Deploying to Amazon S3 | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-codepipeline-now-supports-deploying-to-amazon-s3/ AWS Cloud9 Supports AWS CloudTrail Logging | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-cloud9-supports-aws-cloudtrail-logging/ AWS CodeBuild Now Supports Accessing Images from Private Docker Registry | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-codebuild-now-supports-accessing-images-from-private-docker-registry/ Develop and Test AWS Step Functions Workflows Locally | https://aws.amazon.com/about-aws/whats-new/2019/02/develop-and-test-aws-step-functions-workflows-locally/ AWS X-Ray SDK for .NET Core is Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/02/aws-x-ray-net-core-sdk-generally-available/ Topic || Analytics 9:54 Amazon Elasticsearch Service doubles maximum cluster capacity with 200 node cluster support | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-elasticsearch-service-doubles-maximum-cluster-capacity-with-200-node-cluster-support/ Amazon Elasticsearch Service announces support for Elasticsearch 6.4 | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-elasticsearch-service-announces-support-for-elasticsearch-6-4/ Amazon Elasticsearch Service now supports three Availability Zone deployments | https://aws.amazon.com/about-aws/whats-new/2019/02/amazon-elasticsearch-service-now-supports-three-availability-zone-deployments/ Now bring your own KDC and enable Kerberos authentication in Amazon EMR | https://aws.amazon.com/about-aws/whats-new/2019/01/now_bring_your_own_kdc_and_enable_kerberos_authentication_in_amazon_emr/ Source code for the AWS Glue Data Catalog client for Apache Hive Metastore is now available for download | https://aws.amazon.com/about-aws/whats-new/2019/02/source-code-for-the-aws-glue-data-catalog-client-for-apache-hive-metatore-is-now-available-for-download/ Topic || AI/ML 12:07 Amazon Comprehend is now Integrated with AWS CloudTrail | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-comprehend-is-now-integrated-with-aws-cloudtrail/ Object Bounding Boxes and More Accurate Object and Scene Detection are now Available for Amazon Rekognition Video | https://aws.amazon.com/about-aws/whats-new/2019/01/object-bounding-boxes-and-more-accurate-object-and-scene-detection-are-now-available-for-amazon-rekognition-video/ Amazon Elastic Inference Now Supports TensorFlow 1.12 with a New Python API | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-elastic-inference-supports-tensorflow-1-12-with-a-python-api/ New in AWS Deep Learning AMIs: Updated Elastic Inference for TensorFlow, TensorBoard 1.12.1, and MMS 1.0.1 | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-deep-learning-amis-now-support-elastic-inference-for-tensorflow-tensorboard1-12-1-mms101/ Amazon SageMaker Batch Transform Now Supports TFRecord Format | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-sagemaker-batch-transform-now-supports-tfrecord-format/ Amazon Transcribe Now Supports US Spanish Speech-to-Text in Real Time | https://aws.amazon.com/about-aws/whats-new/2019/02/amazon-transcribe-now-supports-us-spanish-speech-to-text-in-real-time/ Topic || Database 14:47 Amazon Redshift now runs ANALYZE automatically | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-redshift-auto-analyze/ Introducing Python Shell Jobs in AWS Glue | https://aws.amazon.com/about-aws/whats-new/2019/01/introducing-python-shell-jobs-in-aws-glue/ Amazon RDS for PostgreSQL Now Supports T3 Instance Types | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-rds-postgresql-now-supports-t3-instance-types/ Amazon RDS for Oracle Now Supports T3 Instance Types | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-rds-for-oracle-now-supports-t3-instance-types/ Amazon RDS for Oracle Now Supports SQLT Diagnostics Tool Version 12.2.180725 | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-rds-oracle-now-supports-sqlt-diagnostics-tool-122180725/ Amazon RDS for Oracle Now Supports January 2019 Oracle Patch Set Updates (PSU) and Release Updates (RU) | https://aws.amazon.com/about-aws/whats-new/2019/02/amazon-rds-oracle-supports-jan-2019-oracle-psu/ Amazon DynamoDB Local Adds Support for Transactional APIs, On-Demand Capacity Mode, and 20 GSIs | https://aws.amazon.com/about-aws/whats-new/2019/02/amazon-dynamodb-local-adds-support-for-transactional-apis-on-demand-capacity-mode-and-20-gsis/ Topic || Networking & Content Delivery 17:32 Network Load Balancer Now Supports TLS Termination | https://aws.amazon.com/about-aws/whats-new/2019/01/network-load-balancer-now-supports-tls-termination/ Amazon CloudFront announces six new Edge locations across United States and France | https://aws.amazon.com/about-aws/whats-new/2019/02/cloudfront-feb2019-6locations/ AWS Site-to-Site VPN Now Supports IKEv2 | https://aws.amazon.com/about-aws/whats-new/2019/02/aws-site-to-site-vpn-now-supports-ikev2/ VPC Route Tables Support up to 1,000 Static Routes | https://forums.aws.amazon.com/ann.jspa?annID=6554 Topic || Compute 19:02 Announcing a 25% price reduction for Amazon EC2 X1 Instances in the Asia Pacific (Mumbai) AWS Region | https://aws.amazon.com/about-aws/whats-new/2019/02/announcing-a-25-percent-price-reduction-for-amazon-ec2-x1-instances-in-the-asia-pacific-mumbai-aws-region/ Amazon EKS Achieves ISO and PCI Compliance | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-eks-achieves-iso-and-pci-compliance/ AWS Fargate Now Has Support For AWS PrivateLink | https://aws.amazon.com/about-aws/whats-new/2019/02/aws-fargate-now-has-support-for-aws-privatelink/ AWS Elastic Beanstalk Adds Support for Ruby 2.6 | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-elastic-beanstalk-adds-support-for-ruby-26/ AWS Elastic Beanstalk Adds Support for .NET Core 2.2 | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-elastic-beanstalk-adds-support-for-net-core-22/ Amazon ECS and Amazon ECR now have support for AWS PrivateLink | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-fargate--amazon-ecs--and-amazon-ecr-now-have-support-for-aws/ GPU Support for Amazon ECS now Available | https://aws.amazon.com/about-aws/whats-new/2019/02/gpu-support-for-amazon-ecs-now-available/ AWS Batch now supports Amazon EC2 A1 Instances and EC2 G3s Instances | https://aws.amazon.com/about-aws/whats-new/2019/02/aws-batch-now-supports-amazon-ec2-a1-instances-and-ec2-g3s-insta/ Topic || Solutions 21:57 Deploy Micro Focus Enterprise Server on AWS with New Quick Start | https://aws.amazon.com/about-aws/whats-new/2019/01/deploy-micro-focus-enterprise-server-on-aws-with-new-quick-start/ AWS Public Datasets Now Available from UK Meteorological Office, Queensland Government, University of Pennsylvania, Buildzero, and Others | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-public-datasets-now-available/ Quick Start Update: Active Directory Domain Services on the AWS Cloud | https://aws.amazon.com/about-aws/whats-new/2019/02/quick-start-update-active-directory-domain-services-on-aws/ Introducing the Media2Cloud solution | https://aws.amazon.com/about-aws/whats-new/2019/01/introducing-the-media2cloud-solution/ Topic || Business Applications 23:38 Alexa for Business now offers IT admins simplified workflow to setup shared devices | https://aws.amazon.com/about-aws/whats-new/2019/01/alexa-for-business-now-offers-it-admins-simplified-workflow-to-s/ Topic || AWS Cost Management 25:07 Introducing Normalized Units Information for Amazon EC2 Reservations in AWS Cost Explorer | https://aws.amazon.com/about-aws/whats-new/2019/02/normalized-units-information-for-amazon-ec2-reservations-in-aws-cost-explorer/ Topic || Migration & Transfer 25:39 AWS Migration Hub Now Supports Importing On-Premises Server and Application Data to Track Migration Progress | https://aws.amazon.com/about-aws/whats-new/2019/01/AWSMigrationHubImport/ Topic || Application Integration 26:07 Amazon SNS Message Filtering Adds Support for Multiple String Values in Blacklist Matching | https://aws.amazon.com/about-aws/whats-new/2019/02/amazon-sns-message-filtering-adds-support-for-multiple-string-values-in-blacklist-matching/ Topic || Management & Governance 26:32 AWS Trusted Advisor Expands Functionality With New Best Practice Checks | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-trusted-advisor-expands-functionality/ AWS Systems Manager State Manager Now Supports Management of In-Guest and Instance-Level Configuration | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-systems-manager-state-manager-now-supports-management-of-in-guest-and-instance-level-configuration/ AWS Config Increases Default Limits for AWS Config Rules | https://aws.amazon.com/about-aws/whats-new/2019/01/aws-config-increases-default-limits-for-aws-config-rules/ Introducing AWS CloudFormation UpdateReplacePolicy Attribute | https://aws.amazon.com/about-aws/whats-new/2019/01/introducing-aws-cloudformation-updatereplacepolicy-attribute/ Automate WebSocket API Creation in Amazon API Gateway Using AWS CloudFormation | https://aws.amazon.com/about-aws/whats-new/2019/02/automate-websocket-api-creation-in-api-gateway-with-cloudformation/ AWS OpsWorks for Chef Automate and AWS OpsWorks for Puppet Enterprise Now Support AWS CloudFormation | https://aws.amazon.com/about-aws/whats-new/2019/02/aws-opsworks-for-chef-automate-and-aws-opsworks-for-puppet-enter/ Find And Update Access Keys, Password, And MFA Settings Easily Using The AWS Management Console | https://aws.amazon.com/about-aws/whats-new/2019/01/my-security-credentials/ Amazon CloudWatch Agent Adds Support for Procstat Plugin and Multiple Configuration Files | https://aws.amazon.com/about-aws/whats-new/2019/01/amazon-cloudwatch-agent-adds-support-for-procstat-plugin-and-multiple-configuration-files/ Improve Security Of Your AWS SSO Users Signing In To The User Portal By Using Email-based Verification | https://aws.amazon.com/about-aws/whats-new/2019/01/email-based-verification-for-sso/ Topic || End User Computing 29:22 Introducing Amazon WorkLink | https://aws.amazon.com/about-aws/whats-new/2019/01/introducing-amazon-worklink/ AppStream 2.0 enables custom scripts before session start and after session termination | https://aws.amazon.com/about-aws/whats-new/2019/02/appstream-2-0-enables-custom-scripts-before-session-start-and-af/

united states university business france pennsylvania develop governance real time passwords aws analyze integrated automate gpu verification mms centralized tensorflow elasticsearch slas amazon s3 queensland government net core aws cloud kerberos dynamodb content delivery pci compliance amazon rds kdc service level agreement aws glue amazon dynamodb gsis amazon ecs amazon cloudfront aws cloudtrail aws batch aws secrets manager appstream amazon emr aws privatelink amazon elasticsearch service amazon fsx amazon ecr availability zone aws opsworks amazon rekognition video aws glue data catalog
AWS re:Invent 2018
SRV319: Security & Compliance for Modern Serverless Applications

AWS re:Invent 2018

Play Episode Listen Later Nov 30, 2018 61:16


Serverless architecture and a microservices approach has changed the way we develop applications. Increased composability doesn't have to mean decreased auditability or security. In this talk, we discuss the security model for applications based on AWS Lambda functions and Amazon API Gateway. Learn about the security and compliance that comes with Lambda right out of the box and with no extra charge or management. We also cover services like AWS Config, AWS Identity and Access Management (IAM), Amazon Cognito, and AWS Secrets Manager available on the platform to help manage application security.

AWS re:Invent 2018
SEC304: Best Practices for Managing, Retrieving, & Rotating Secrets at Scale

AWS re:Invent 2018

Play Episode Listen Later Nov 30, 2018 60:17


In this session, learn how to use AWS Secrets Manager to simplify secrets management and empower your developers to move quickly while raising the security bar in your organization. Also, learn how you can use these changes to more easily meet your compliance requirements. Finally, learn how the service enables you to control access to secrets using fine-grained permissions and centrally audit secret rotation for resources in the AWS Cloud, third-party services, and on-premises.

AWS Podcast
#259: August Service Update Show

AWS Podcast

Play Episode Listen Later Aug 19, 2018 45:08


Simon takes you through a great list of new services, functions and capabilities - hopefully something for everyone! Shownotes: AWS Global Infrastructure: https://aws.amazon.com/about-aws/global-infrastructure/ Amazon EFS Now Supports Provisioned Throughput | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-efs-now-supports-provisioned-throughput/ Amazon EFS Achieves PCI DSS Compliance | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-efs-achieves-pci-dss-compliance/ Amazon EC2 P3 instances, one of the most powerful GPU instances in the cloud, now available in 6 additional regions | https://aws.amazon.com/about-aws/whats-new/2018/08/amazon-ec2-p3-instances-now-available-in-6-additional-regions/ New SBE1 Amazon EC2 instances for AWS Snowball Edge | https://aws.amazon.com/about-aws/whats-new/2018/07/new-sbe1-instances-for-snowball-edge/ Introducing Amazon EC2 R5 Instances, the next generation of memory-optimized instances | https://aws.amazon.com/about-aws/whats-new/2018/07/introducing-amazon-ec2-r5-instances/ Introducing Amazon EC2 z1d Instances with a sustained all core frequency of up to 4.0 GHz | https://aws.amazon.com/about-aws/whats-new/2018/07/introducing-amazon-ec2-z1d-instances/ Amazon EC2 M5d Instances are Now Available in Additional Regions | https://aws.amazon.com/about-aws/whats-new/2018/08/amazon-ec2-m5d-instances-are-now-available-in-additional-regions/ Amazon EC2 C5d Instances are Now Available in Additional Regions | https://aws.amazon.com/about-aws/whats-new/2018/08/amazon-ec2-c5d-instances-are-now-available-in-additional-regions/ Amazon EC2 F1 Instances Adds New Features and Performance Improvements | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-ec2-f1-instances-adds-new-features-and-performance-improvements/ Amazon EC2 Fleet Now Supports Two New Allocation Strategies: On-Demand Prioritized List, and Lowest Price | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-ec2-fleet-now-supports-two-new-allocation-strategies/ Amazon EC2 Nitro System Based Instances Now Support Faster Amazon EBS-Optimized Instance Performance | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-ec2-nitro-system-based-instances-now-support-faster-ebs-optimized-performance/ Access Reserved Instance (RI) Purchase Recommendations for your Amazon Redshift, Amazon ElastiCache, and Amazon Elasticsearch Reservations using AWS Cost Explorer | https://aws.amazon.com/about-aws/whats-new/2018/07/reserved-instance-purchase-recommendations-redshift-elasticache-elasticsearch-reservations/ AWS Systems Manager Run Command Now Streams Output to Amazon CloudWatch Logs | https://aws.amazon.com/about-aws/whats-new/2018/07/aws-systems-manager-run-command-streams-output-to-amazon-cloudwatch-logs/ AWS Systems Manager Automation Conditional Branching for Step Failure | https://aws.amazon.com/about-aws/whats-new/2018/07/aws-systems-manager-automation-conditional-branching-for-step-failure/ Amazon EKS AMI Build Scripts Available on GitHub | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-eks-ami-build-scripts-available-on-github/ Add Scaling to Services You Build on AWS | https://aws.amazon.com/about-aws/whats-new/2018/07/add-scaling-to-services-you-build-on-aws/ Announcing Bring Your Own IP for Amazon Virtual Private Cloud (Preview) | https://aws.amazon.com/about-aws/whats-new/2018/07/announcing-bring-your-own-ip-for-amazon-virtual-private-cloud-preview/ Introducing Amazon Data Lifecycle Manager for EBS Snapshots | https://aws.amazon.com/about-aws/whats-new/2018/07/introducing-amazon-data-lifecycle-manager-for-ebs-snapshots/ Amazon S3 Announces Increased Request Rate Performance | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-s3-announces-increased-request-rate-performance/ Amazon CloudFront announces four new Edge locations, including its first location in Cape Town, South Africa | https://aws.amazon.com/about-aws/whats-new/2018/07/cloudfront-capetown-launch/ Amazon CloudFront announces nine new Edge locations globally across major cities in North America, Europe, and Asia | https://aws.amazon.com/about-aws/whats-new/2018/07/cloudfront-nine-edge-locations-july2018/ Amazon Route 53 Expands Into Africa With New Edge Locations in Cape Town and Johannesburg | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-route-53-expands-into-africa-with-new-edge-locations-in-cape-town-and-johannesburg/ Amazon API Gateway Increases API Limits | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-api-gateway-increases-api-limits/ Amazon API Gateway Usage Plans Now Support Method Level Throttling | https://aws.amazon.com/about-aws/whats-new/2018/07/api-gateway-usage-plans-support-method-level-throttling/ Amazon API Gateway Supports Request/Response Parameters and Status Overrides | https://aws.amazon.com/about-aws/whats-new/2018/07/api-gateway-supports-request-response-parameters-and-status-overrides/ Automate Amazon GuardDuty Provisioning Over Multiple Accounts and Regions with AWS CloudFormation StackSets Integration | https://aws.amazon.com/about-aws/whats-new/2018/07/automate-amazon-guardduty-provisioning-over-multiple-accounts-and-regions-with-aws-cloudformation-stacksets-integration/ AWS Secrets Manager Now Supports AWS PrivateLink | https://aws.amazon.com/about-aws/whats-new/2018/07/aws-secrets-manager-now-supports-aws-privatelink/ AWS Systems Manager Parameter Store integrates with AWS Secrets Manager, and adds labeling for easy configuration updates | https://aws.amazon.com/about-aws/whats-new/2018/07/aws-systems-manager-parameter-store-integrates-with-aws-secrets-manager-and-adds-parameter-version-labeling/ Delegate Permission Management to Employees by Using IAM Permissions Boundaries | https://aws.amazon.com/about-aws/whats-new/2018/07/delegate-permission-management-to-employees-by-using-IAM-permissions-boundaries/ AWS Lambda Supports .NET Core 2.1 | https://aws.amazon.com/about-aws/whats-new/2018/06/lambda-supports-dotnetcore-twopointone/ AWS Glue now provides additional ETL job metrics | https://aws.amazon.com/about-aws/whats-new/2018/07/aws-glue-now-provides-additional-ETL-job-metrics/ AWS Glue now supports reading from Amazon DynamoDB tables | https://aws.amazon.com/about-aws/whats-new/2018/07/aws-glue-now-supports-reading-from-amazon-dynamodb-tables/ The Data Lake Solution Now Transforms and Analyzes Data | https://aws.amazon.com/about-aws/whats-new/2018/07/the-data-lake-solution-now-transforms-and-analyzes-data/ AWS Marketplace Helps Customers Quickly Map Products in Their Existing Software Inventory | https://aws.amazon.com/about-aws/whats-new/2018/07/aws-marketplace-helps-customers-quickly-map-products-in-their-existing-software-inventory/ Amazon SageMaker Now Supports Resource Tags for More Efficient Access Control | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-sagemaker-now-supports-resource-tags-for-more-efficient-access-control/ Amazon SageMaker Supports High Throughput Batch Transform Jobs for Non-Real Time Inferencing | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-sagemaker-supports-high-throughput-batch-transform-jobs-for-non-real-time-inferencing/ Amazon SageMaker Now Supports Pipe Input Mode for Built-In TensorFlow Containers | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-sagemaker-supports-pipe-input-mode-for-built-in-tensorflow-containers/ Amazon SageMaker Now Supports k-Nearest-Neighbor and Object Detection Algorithms | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-sagemaker-supports-knn-and-object-detection-algorithms/ Amazon SageMaker Announces Several Enhancements to Built-in Algorithms and Frameworks | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-sagemaker-announces-enhancements-for-built-in-algorithms-and-frameworks/ AWS Service Catalog Now Supports Service Catalog Resources in CloudFormation | https://aws.amazon.com/about-aws/whats-new/2018/07/aws-service-catalog-now-supports-service-catalog-resources-in-cloudformation/ Kinesis Video Streams now supports HTTP Live Streaming (HLS) to playback live and recorded video from devices | https://aws.amazon.com/about-aws/whats-new/2018/07/kinesis-video-adds-hls-support/ Amazon Polly Now Lets You Define the Maximum Amount of Time for Speech to Complete | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-polly-now-lets-you-define-the-maximum-amount-of-time-for-speech-to-complete/ Amazon Polly Now Supports Input Character Limit of 100K and Stores Output Files in S3 | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-polly-now-supports-input-character-limit-of-100k-and-stores-output-files-in-s3/ Amazon Polly Adds Bilingual Indian English/Hindi Language Support | https://aws.amazon.com/about-aws/whats-new/2018/08/amazon-polly-adds-bilingual-indian-english-hindi-language-support/ Amazon Translate Adds Six New Languages | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-translate-adds-six-new-languages/ Amazon Transcribe Now Lets You Designate Your Own Amazon S3 Buckets to Store Transcription Outputs | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-transcribe-now-lets-you-designate-your-own-amazon-s3-buckets-to-store-transcription-outputs/ Amazon Comprehend Now Supports Syntax Analysis | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-comprehend-now-supports-syntax-analysis/ Amazon Rekognition Increases Accuracy of Text-in-Image | https://aws.amazon.com/about-aws/whats-new/2018/08/amazon-rekognition-increases-accuracy-of-text-in-image/ AWS AppSync releases enhanced no-code GraphQL API builder, HTTP resolvers, and new built-in scalar types | https://aws.amazon.com/about-aws/whats-new/2018/07/aws-appsync-releases-enhanced-capabilities-nocode-graphql/ Introducing the Serverless Bot Framework | https://aws.amazon.com/about-aws/whats-new/2018/04/introducing-the-serverless-bot-framework/ AWS SAM CLI Launches New Commands to Simplify Testing and Debugging Serverless Applications | https://aws.amazon.com/about-aws/whats-new/2018/04/aws-sam-cli-launches-new-commands/ AWS Device Farm Adds Integration with AWS CodePipeline | https://aws.amazon.com/about-aws/whats-new/2018/07/aws-device-farm-adds-integration-with-aws-codepipeline/ Amazon Aurora Serverless Brings Serverless Computing to Relational Databases | https://aws.amazon.com/about-aws/whats-new/2018/08/amazon-aurora-serverless-brings-serverless-computing-to-relational-databases/ Amazon RDS now Provides Best Practice Recommendations | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-rds-recommendations/ Copying Amazon RDS Encrypted Snapshots across Regions now Completes Faster with Less Storage | https://aws.amazon.com/about-aws/whats-new/2018/07/rds-crossregion-incremental-encrypted-snapshots/ Amazon RDS Performance Insights on RDS for PostgreSQL | https://aws.amazon.com/about-aws/whats-new/2018/04/rds-performance-insights-on-rds-for-postgresql/ Performance Insights is Available for Amazon Aurora with MySQL Compatibility | https://aws.amazon.com/about-aws/whats-new/2018/08/performance-insights-is-available-for-amazon-aurora-with-mysql-compatibility/ Amazon DynamoDB Accelerator (DAX) SDK Enhancements | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-dynamodb-accelerator--dax--sdk-enhancements/ Amazon DynamoDB Accelerator (DAX) Adds Support for Encryption at Rest | https://aws.amazon.com/about-aws/whats-new/2018/08/amazon-dynamodb-accelerator--dax--adds-support-for-encryption-at/ Amazon DynamoDB Global Tables Now Available in Three Additional Asia Pacific Regions | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-dynamodb-global-tables-regional-expansion/ Amazon Redshift announces free upgrade for DC1 Reserved Instances to DC2 | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon_redshift_announces_free_upgrade_for_dc1_reserved_instances_to_dc2/ Amazon Redshift now provides customized best practice recommendations with Advisor | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-redshift-now-provides-customized-best-practice-recommendations-with-advisor/ Amazon Redshift now supports current and trailing tracks for release updates | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-redshift-now-supports-current-and-trailing-tracks-for-release-updates/ Amazon Redshift announces new metrics to help optimize cluster performance | https://aws.amazon.com/about-aws/whats-new/2018/07/amazon-redshift-announces-new-metrics-to-help-optimize-cluster-performance/ Amazon Redshift announces support for lateral column alias reference | https://aws.amazon.com/about-aws/whats-new/2018/08/amazon-redshift-announces-support-for-lateral-column-alias-reference/ Amazon Redshift automatically enables short query acceleration | https://aws.amazon.com/about-aws/whats-new/2018/08/amazon-redshift-automatically-enables-short-query-acceleration/ Amazon Redshift announces support for nested data with Redshift Spectrum | https://aws.amazon.com/about-aws/whats-new/2018/08/amazon-redshift-announces-support-for-nested-data-with-redshift-spectrum/ Elastic Load Balancing Announces Support for Redirects and Fixed Responses for Application Load Balancer | https://aws.amazon.com/about-aws/whats-new/2018/07/elastic-load-balancing-announces-support-for-redirects-and-fixed-responses-for-application-load-balancer/ AWS IoT Device Defender - Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2018/08/aws-iot-device-defender-now-generally-available/ AWS IoT Rules Engine Now Supports Step Functions Action | https://aws.amazon.com/about-aws/whats-new/2018/07/aws-iot-rules-engine-now-supports-step-functions-action/ Stream data 65% faster with 5x higher fan-out using new Kinesis Data Streams features | https://aws.amazon.com/about-aws/whats-new/2018/08/stream_data_65_faster_with_5x_higher_fan_out_using_new_kinesis_data_streams_features/ Amazon Elasticsearch Service now supports zero downtime, in-place version upgrades | https://aws.amazon.com/about-aws/whats-new/2018/08/amazon_elasticsearch_service_now_supports_zero_downtime_in-place_version_upgrades/ Announcing the New AWS Free Tier Widget on the AWS Billing Dashboard | https://aws.amazon.com/about-aws/whats-new/2018/07/aws-billing-dashboard-free-tier-widget/ New AWS Public Datasets Available from Allen Institute for Brain Science, NOAA, Hubble Space Telescope, and Others | https://aws.amazon.com/about-aws/whats-new/2018/07/new-aws-public-datasets-available/