קטגוריה: Amazon AWS for DevOps

Sweet findings in AWS Inspector

Taking a look at the AWS Inspector intro  by Alex Lucas I could see several sweet features all DevOps security minded pros would love (and of course it includes even more goodies).

  1. Covers all the CVE stuff, finds, reports, act (patch, etc) and many more best practices the AWS team had gathered all along.
  2. Recording of activities inside your instances and tracking of suspicious or activities that may harm your defense.
  3. Automation via the AWS CLI, API, including workflow control for vulnerabilities and their mitigation actions (you can mark a vulnerability as clear manually for example, or tag one as needing a review by Auditor, etc)
  4.  Able to catch real time system call operations, analyze and report – such as setting a library file with wide open permissions that is owned by root…
  5. Requires an agent that is ready for Amazon and Ubuntu AMIs for now (more platforms including Windows to follow
  6. Simple and cheap to try, no need to spend time and money on massive software suites. I know that's AWS core concept, but in the vulnerability scanning world its even more enticing.
  7. Did you know that Amazon Linux instances will automatically patch themselves on any reboot (at least for critical security patches I guess)? Alex mentions this as one of the "obstacles" he had, while he was trying to setup a vulnerable instance that does not have critical patches installed…

Open topics:

  1. What is the Agent's overhead?
  2. Support for Cloud Watch Integration yet to come
  3. People in the YouTube session seem to be either sleepy or something, because they did not jump of their sits in enthusiasm as I would 🙂

Slide deck is here:

Amazon AWS lifts the limit on SQS meesage delivery size to from 256k to 2GB!

Another cool leverage of AWS S3 service, this time for Amazon SQS

"…Amazon Simple Queue Service (SQS) now has an Extended Client Library that enables you to send and receive messages with payloads up to 2GB. Previously, message payloads were limited to 256KB. Using the Extended Client Library, message payloads larger than 256KB are stored in an Amazon Simple Storage Service (S3) bucket, using SQS to send and receive a reference to the payload location…"

Deep AWS CLI stuff..

If you are an AWS DevOps girl or guy, you want to check this video out soon

Highlights I liked:

  1. Using JMESPath to exercise AWS CLI Queries
  2. AWS CLI Wait-for (successful completion of a command) new option
  3. AWS CLI Generate Skeleton to create a JSON file you can customise later on and feed to another command
  4. Using the new "Assume Role" authentication option

And more…