scottpiper.bsky.social
Cloud security historian.
Developed http://flaws.cloud, CloudMapper, and Parliament.
Founding team for fwdcloudsec.org
Principal Cloud Security Researcher at Wiz.
135 posts
1,731 followers
75 following
Prolific Poster
Conversation Starter
comment in response to
post
CISO of GCP is still open!
comment in response to
post
Sponsoring gets eyes on you and conversations with hundreds of cloud security folks, which is good not only for vendors, but also recruiting. The EU conference is still looking for sponsors!
fwdcloudsec.org/conference/e...
comment in response to
post
❤️
comment in response to
post
It also has me wondering if the transition we saw in the US from OSS led to vendor, was a technology maturity shift or fiscal (ZIRP era).
comment in response to
post
Examples:
Security Monkey, but with Rego <> github.com/antgroup/Clo...
Pacu, but with an MCP <> github.com/wgpsec/cloud...
From day 1 they are multi-cloud against Alibaba, Baidu, Tencent, Huawei, and more.
comment in response to
post
Another
- "arn:aws:sagemaker:REGION:aws:hub/SageMakerPublicHub"
docs.aws.amazon.com/sagemaker/la...
I wonder if there a monolithic account behind the scenes for this, or how it works. 🤔
comment in response to
post
Examples:
- arn:aws:imagebuilder:REGION:aws:component/... docs.aws.amazon.com/imagebuilder...
- arn:aws:cloudformation:REGION:aws:transform/Serverless-2016-10-31 docs.aws.amazon.com/serverless-a...
2/2
comment in response to
post
Other regions don't support all the services for VPC endpoints. Ex. us-east-2 only supports endpoints for 319 services. us-west-2 supports 372. Their AZ coverage is not full for either, but they only have one "bad" AZ in each of those regions (usw2-az4 and use2-az3).
comment in response to
post
some of the lack of AZ support appears random. use1-az6 (the newest AZ) is surprisingly the best, with 383 services supported, but there is no AZ that has all endpoint interfaces.
comment in response to
post
This does ignore other AZ requirements, such as not being impacted by power, fiber, flooding, and other natural disaster disruptions, which I suspect would severely reduce the max number of AZs without forcing AWS to actually build those capabilities themselves.
comment in response to
post
You could pack more tightly using that type of concept, but the us-east-1 part of the world doesn't have very tall buildings to make that strategy significant.
comment in response to
post
This does assume 2 dimensions, but to my knowledge AWS has not yet started drilling for AZs or placing entire AZs in geosynchronous orbits, and the tallest building in the world is still under 1km, so you couldn't put one AZ on the ground floor and one on the roof.
comment in response to
post
What is the most AZ's that a region can have? 🤔 Each must be "many kilometers (km) from any other", so let's assume 3km, but "all are within 100 km". So the question becomes how many 3km circles can fit within a 100km circle? Looks like 963 is the max AZs, using this: planetcalc.com/7473/
comment in response to
post
DOGE demanded root access.
Not auditor access. Not admin.
They were given “tenant owner” privileges in Azure — full control over the NLRB’s cloud, above the CIO himself.
This is never supposed to happen.
comment in response to
post
There are some write-ups of accidental infinite loops with Lambda: asankha.medium.com/lambda-progr...
In 2023 AWS added some recursive loop detection to try to mitigate this: aws.amazon.com/blogs/comput...
comment in response to
post
I haven't looked too closely, but this looks like the same data that is already in the SDK repos. I'm curious if there is something more in here that isn't in those.
comment in response to
post
SNL's skit on Washington's Dream is helpful for understanding AWS naming conventions. www.youtube.com/watch?v=JYqf...
comment in response to
post
In case anyone else was curious whether the Paris region might actually have been hiding in Paris, Texas instead of France, I checked the data and all the locations are what you should expect (the Paris region is in France).