AWS Want Listing. Make a want. It is likely to be granted… | by Teri Radichel | Cloud Safety | Sep, 2022 | Acumen Tech

nearly AWS Want Listing. Make a want. It is likely to be granted… | by Teri Radichel | Cloud Safety | Sep, 2022 will cowl the newest and most present counsel all however the world. achieve entry to slowly in view of that you just perceive capably and accurately. will lump your information dexterously and reliably


Make a want. It may very well be granted! #awswishlist

It is a one-minute break in my collection on automating safety metrics to let you know in regards to the AWS Want Listing.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~

Interlude: I’m nonetheless ready for the copyrighted supplies to be faraway from these websites. I’ve added info on tips on how to report copyright infringement to Google’s authorized staff right here:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~

Once I labored at Capital One on the cloud engineering staff, one of many issues I used to be requested to do was handle the listing of AWS options that Capital One wished AWS to implement. After all, Capital One had a whole lot of leverage with AWS on the time as a result of it was the primary main financial institution in the US to maneuver to AWS. And sure, they did have a breach, however cloud safety is sophisticated and that is what my newest weblog collection is attempting to handle.

In any case, Capital One helped make some necessary enhancements to the safety of AWS. One of many issues with AWS S3 is that it required functions to traverse the Web to place or get objects. This was one thing that Capital One was not desirous about doing as earlier than the cloud, any connection to a supplier required a personal line (MPLS for these acquainted) to do enterprise with the financial institution. Sending knowledge over the Web simply wasn’t nice.

Capital one requested a function that might enable corporations to maintain info off the web because it traversed the community from an AWS VPC to an S3 bucket and again. That function turned S3 endpoints. From there, S3 endpoints have developed into Community Endpoints. Now you can ship knowledge from utility sources to storage sources inside your VPC or not less than hold it on the AWS spine because it traverses the community. It’ll rely on the providers you might be utilizing and whether or not they hold all knowledge throughout areas on the AWS spine or not.

Clearly, Capital One had just a little extra leverage than you or I to implement new options in AWS, however AWS listens to prospects. If sufficient individuals ask, they will roll out new options and repair points. There are other ways to submit requests to AWS, however one of the seen is the AWS Want Listing.

At some point, once I was annoyed about one thing I could not do or wasn’t working correctly, I randomly tweeted it on Twitter with the hashtag #awswishlist. I did not understand another person had completed that earlier than. Out of curiosity I seemed up that tag and found that different individuals had completed one thing related.

It seems that AWS created a complete web site only for #awswishlist. You’ll be able to see who’s contributing and a number of the needs which were fulfilled.

You can too head over to Twitter to see what’s on the wishlist and like or retweet your favorites. AWS is more likely to discover if a selected tweet will get a whole lot of likes and retweets.

A number of the different methods you may request options or fixes on AWS, although I’ve had little success with a few of these that are not an enormous company:

  • AWS Assist within the AWS Console
  • The suggestions hyperlink on the AWS web site – I have been submitting requested adjustments for SSO, Management Tower and Organizations and sadly I do not see any of them having any impact.
  • A number of the AWS providers have Github accounts the place they publish their roadmap and other people can submit suggestions instantly on a roadmap for a selected service.

You probably have a TAM (account supervisor) with AWS, and particularly for those who’re a big firm that pays some huge cash, you will probably have extra success with direct function requests along with your account supervisor. I used to maintain monitor of all our function requests throughout the group with the assistance of our TAM in a spreadsheet, who submitted them, and when AWS was planning a launch of that function (or in the event that they could not).

There are some issues that AWS stated have been “completely unattainable” again then which can be attainable at present. For instance, we obtained a rise within the variety of safety group guidelines, however there was no approach to enhance the variety of guidelines for a subnet’s Community Entry Management Listing (NACL). I not too long ago seen you could now request a rise (albeit nonetheless restricted) to the NACL ingress and egress guidelines, however be warned that this would possibly result in efficiency degradation. So by no means say by no means in terms of a request. It might take some time for AWS to revamp issues, but when sufficient individuals ask, needs come true!

Errors and error messages

I have been engaged on a brand new batch of code in AWS currently and generally it is the smallest factor that takes so lengthy to determine. If the error message was clear, I might have fastened the issue very quickly and rewritten the code that really accomplishes my objective. As an alternative, I am digging round Google and the AWS documentation for solutions to obscure points with unclear error messages. I not too long ago began writing a weblog publish each time I encounter one in all these obscurities to assist myself sooner or later and anybody else with the identical downside. I’m documenting them on this new weblog — Bugs that Chunk:

I am not sending all of those in emails as a result of they might not apply to everybody and who needs a listing of bugs? The errors and error messages aren’t all associated to AWS, it is simply the platform I am engaged on in the intervening time. If I have been to modify to Azure or Google, I’d run into an equal or higher variety of issues as a result of I’ve them, whereas getting ready for lessons or doing safety assessments or penetration assessments on these platforms.

My total want for AWS is that they (and everybody else on the planet who writes software program as a result of I discover bugs EVERYWHERE) take the time to completely take a look at the code and write the correct error messages. Additionally, error handlers could be very useful in offering a correct response to errors. I do not wish to put each one in all these on the want listing as a result of a few of them are too sophisticated to elucidate in a tweet, plus there are such a lot of and I do not wish to muddle the listing with little bugs as a substitute of main options. or adjustments.

I’ve made a common request that AWS evaluate this listing and deal with a few of these points. If you happen to’ve ever skilled one in all these error messages or points and really feel like a greater error message would assist, please clap your palms for the story to the highest of the listing.

A request to alter the foundations for penetration testing on AWS

My favourite merchandise on the AWS want listing was the request to carry out a penetration take a look at with out submitting a request kind. I feel I could have despatched that request a number of occasions. This was after I used to be working at Capital One. I mentioned this with somebody in Seattle at AWS who oversaw or labored with that group positioned in South Africa on the time, and he tried to inform me that it simply wasn’t attainable, regardless that Microsoft and Google allowed it.

Then someday I used to be in the course of my first beta class by way of 2nd Sight Lab and realized I forgot to request entry for college kids to take the pentest lab. Shoot! My college students weren’t going to have the ability to do the lab! Oh no… I rapidly despatched an electronic mail to AWS begging them to rapidly course of the request. It was on that day that I used to be instructed in an electronic mail that I now not wanted to make that request. Hallelujah.

I put a replica of the e-mail on Twitter with a press release: Lo and behold… the foundations for Pentesting on AWS have modified… or one thing to that impact. I went to class and once I obtained out the Tweet had about 1500 likes and was being retweeted far and wide, however somebody was questioning it as a result of the AWS web site hadn’t been up to date. I form of freaked out as a result of I assumed, what if I had by some means been despatched a faux electronic mail and I used to be telling the world to hack into AWS? Nevertheless it was true. The web site was up to date a couple of days later.

I bear in mind going to a complicated penetration testing class at SANS Institute and somebody requested the teacher (whose identify is not going to be talked about as a result of he’s now a colleague and buddy) tips on how to do penetration testing on AWS. He gave an incorrect reply, so I raised my hand and defined that he now not must make that request. I used to be publicly reprimanded and humiliated in entrance of the category telling me I used to be flawed. No arduous emotions however… I wasn’t flawed.

Penetration testing is now a lot simpler for patrons because of that change. There are nonetheless limitations on what you are able to do in an AWS Penetration Take a look at, so you’ll want to observe the foundations! Somebody contacted me and stated, “So can I take a look at another person’s account?” No, solely yours.

Now… about that However Bounty request… 🙂

Teri Radichel

If you happen to like this story please applaud Y proceed:

Medium: Teri Radichel or Electronic mail Listing: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests providers through LinkedIn: Teri Radichel or IANS Analysis

© second sight lab 2022

All posts on this collection:

____________________________________________

Creator:

Cybersecurity for executives within the cloud period at Amazon

Do you want cloud safety coaching? 2nd Sight Lab Cloud Safety Coaching

Is your cloud safe? Rent 2nd Sight Lab for a penetration take a look at or safety evaluation.

Do you have got a query about cybersecurity or cloud safety? Ask Teri Radichel by scheduling a name with IANS Analysis.

Cybersecurity and Cloud Safety Assets by Teri Radichel: Cybersecurity and cloud safety lessons, articles, white papers, displays, and podcasts


I hope the article very almost AWS Want Listing. Make a want. It is likely to be granted… | by Teri Radichel | Cloud Safety | Sep, 2022 provides sharpness to you and is helpful for totaling to your information

AWS Wish List. Make a wish. It might be granted… | by Teri Radichel | Cloud Security | Sep, 2022