AWS re:Play, circa 2016

AWS pre:Invent 2022

My third annual pre:Invent roundup is posted over on Steampipe’s blog. You can also check out 2021 and 2020 if you’re so inclined.

Back in 2018, I wrote a semi-serious post on what you as a security practitioner should be looking for as it relates to re:Invent announcements.

There were a few hot-takes that didn’t warrant mention on my work post, so I’ll include them here for your general amusement.

Other random announcements I feel the need to make fun of.

AWS DataSync adds support for self-signed certificates

Announced On: 2022-10-25

AWS DataSync now supports the use of self-signed certificates when connecting to object storage locations via HTTPS. When configuring an object storage location, you can specify a self-signed X.509 (.pem) certificate that the DataSync agent will use to secure the TLS connection to your self-managed object storage server. With this launch, you can now configure DataSync to use secure HTTPS connections with self-managed object storage systems that do not provide certificates from a trusted Certificate Authority (CA).

Self-Signed Certs? Really? We’re now at “Security is Job Zero unless it’s hard”.

AWS Fault Injection Simulator now supports network connectivity disruption

Announced On: 2022-10-26

AWS Fault Injection Simulator (FIS) now supports network connectivity disruption as a new FIS action type. Using the new disrupt connectivity action in AWS FIS, you can inject a variety of connectivity issues as part of an AWS FIS experiment. Supported connectivity issues include disrupting all traffic, or, limiting the disruption to traffic to/from a specific Availability Zone, VPC, custom prefix list, or service (including Amazon S3 and DynamoDB). This helps you validate that your applications are resilient to a total or partial loss of connectivity.

AWS has released a feature that simulates your local back-hoe operator. golf-clap

AWS Console Mobile Application adds support for AWS CloudShell

Announced On: 2022-10-27

AWS Console Mobile Application users can now access AWS CloudShell in the iOS and Android applications. The Console Mobile App provides AWS CloudShell in a mobile-friendly interface that enables users to run scripts with the AWS command-line interface (AWS CLI) to interact with 250+ AWS services while on-the-go. Users also have access to an extended mobile keyboard when using AWS CloudShell in the Console Mobile App. The extended mobile keyboard provides users with key inputs (e.g. tab, ctrl, alt, esc) that are available in the AWS CloudShell console on desktop.

This is great news for Twitter employees who can now push code while on the toilet at work.

AWS Security Hub adds Wiz as a new integration partner

Announced On: 2022-11-04

AWS Security Hub has added Wiz as a new integration partner to help you with your cloud security posture monitoring. Wiz sends findings about critical risks in your cloud environment to Security Hub to help you maintain your security posture and compliance events. Integration with Wiz brings Security Hub to 82 partner integrations.

It’s unclear if Security Hub added Wiz as a new integration partner, or Wiz found a cross-tenancy issue in Security Hub and added itself. I’ve emailed AWS PR for clarification, but I’ve gotten no response at the time this went to print.

Amazon EC2 increases size limit for AMI store and restore operations

Announced On: 2022-11-16

Starting today, you can now store and restore up to 5TB Amazon Machine Images (AMIs) to and from an Amazon S3 bucket. This enables storing and transferring of larger AMIs between partitions. The old limit was 1TB.

Today I learned you could move AMIs into S3. Seriously, I missed when that became a feature. They do like 2000 announcements a year, I’m allowed to miss a few.