grumpy_platform_engineer

As someone who manages AWS platforms I feel my only job is to build stuff that provides what AWS services should out of the box 😳🙄

Incredible news! hackingthe.cloud has hit 1,000 stars on GitHub! I really appreciate the community support and all of the amazing contributors!

@itsguilleojeda Yeah I agree with the problem statement but not sure if X-ray is way to go. Any serious app will require something with much better DX/UX. If you spend money - why not go for something more mature.

AWS X-Ray is especially useful for event-driven architectures, where understanding how requests travel through the system is particularly difficult. It helps you trace requests and events, view performance metrics, and generate reports. #AWS #XRay

A few weeks ago I wrote how vulns in cloud service providers were going to be more and more common as the industry matures. This week’s @CloudSecList seems to exemplify that with several entries involving all 3 major providers.

mv 2022/todo.txt 2023/todo.txt

Console only. No SDK support. :(

After watching 289 talks, I can now confidently share my re:Invent 2022 recap 🕵️‍♂️ Verdict: I am whelmed. Not underwhelmed or overwhelmed, just whelmed. Since there were a bunch of other "unboxing" recaps already, here's a thread with an ✨actionable✨ recap.

@kmcquade3 And/or improve infra! Applications are for the wicked, infra is where it’s at 🍾🙈

The DevOps urge to hide from writing application code by improving your CI/CD pipeline

@thdxr Guys! Show me! FOMO is killing me!

saw a demo of something today that kills AWS Step Functions will never be using it again

I’ve been playing with GPT-3 for months now so let me save you a bit of time. It’s a bullshitter. I mean this in the technical philosophical sense. It produces words that are precisely engineered to sound convincing with zero guarantees that they’re related to reality.

I wrote a short post on finding/abusing exposed EBS snapshots. Somewhat unique to these is that you can enumerate all public ones via the API. It's important to have capabilities to detect/respond when resources are exposed in your cloud environments. hackingthe.cloud/aws/enumeratio…

I've been neck-deep in AWS billing data all day and all the technical debt AWS has here is somewhat amusing. And, also, I feel for them so hard. Some things that stand out 🧵

Step Functions Distributed Maps are awesome 💫 Combined with DynamoDB Parallel scans, they enable blazingly fast, whole-table data migrations and transformations. Here's a CDK-based PoC of a migrations framework I have in mind and will be working on 👇 github.com/dynobase/dynam…

This sounds really interesting. I'm curious how it authenticates back to the AWS mothership? If it's the same auth scheme as SSM, an adversary could potentially kill it/send uninteresting responses.

@FunWithTheCloud And they couldn’t call OpenSearch “Elastic” (which is what it is) so had to pick serverless in the product name 😌

Lukewarm day for #reInvent2022 releases. Few standouts, each with large caveats: 1. "Serverless" OpenSearch. Better value than managed, but not properly serverless 2. AWS VPC Lattice. Restricted to HTTP only services 3. AWS Data Zone. No documentation or pricing info available

@FunWithTheCloud Also lattice can’t really talk to anything without some sort of “breakout” that you need to spin on EC2 if you need to talk to a EP that’s currently not supported on Lattice 😒

*activates the @fwdcloudsec bat signal*

@colmmacc @ben11kehoe @__steele Nothing screams cloud native as much as POSIX 😜🤷🏻‍♂️

@ben11kehoe @__steele Now I'm curious! Would you say that EBS isn't cloud native?

Ultra hot take: AWS EFS is becoming *too good* and people are going to build new apps that rely on it instead of something like S3. aws.amazon.com/blogs/aws/new-…

@colmmacc @ben11kehoe @__steele EBS is as cloud native as EC2.

EFS team is on 🔥 this year with two crazy releases! Cold storage and elastic throughput. Both of these are game changing for EFS customers and make EFS an affordable option for workloads that might have broken the bank before.

Sometimes I want to sign up for an unpaid internship at AWS just so I can rebuild SSO and Cognito but not in Java from 2009. I would accept profit sharing from the literal oceans of cash they would get from providing an AWS native auth solution THAT ALLOWS YOU TO LOGOUT.