Posts
-
CloudFront-triggered S3 data event formats
-
CloudTrail wishlist: filtering by principal ARN
-
Surprising behaviour in AWS web console session duration
-
Gotcha: always use ARNs for S3 SSE-KMS
-
When AWS invariants aren't [invariant]
-
Deep dive into AWS CloudShell
-
How ima.ge.cx works
-
An AWS IAM Identity Center vulnerability
-
Reversing AWS IAM unique IDs
-
AWS role session tags for GitHub Actions
-
Useful flags for Go Lambda functions
-
Lambda CloudTrail data events
-
A role for all your EC2 instances
-
Improve GitHub Actions OIDC security posture with custom issuer
-
Centralised logging: from CloudWatch to Kinesis Firehose
-
Lambda extension environment variables
-
Configuration in the cloud
-
CloudFront and Lambda function URLs
-
Cheap serverless containers using API Gateway
-
openrolesanywhere - an IAM Roles Anywhere client
-
AWS VPC data exfiltration using CodeBuild
-
AWS GWLB: Deep Packet Manipulation
-
IPv6 and TOTP
-
Shared VPCs are underrated
-
CloudWatch EMF in Honeycomb
-
No need for AWS IAM users
-
Two approaches to cross-account EventBridge
-
AWS SigV4 caching
-
cgo for ARM64 Lambda Functions
-
Nested Express Step Functions
-
AWS IAM OIDC IDPs need more controls
-
Graviton2: ARM comes to Lambda
-
AWS federation comes to GitHub Actions
-
API Gateway HTTP APIs and SQS MessageAttributes
-
Give me a role in your AWS account
-
AWS Lambda $LATEST is dangerous
-
Cursory AWS KMS research
-
Nitro Enclaves - First Impressions
-
AWS IAM needs aws:ResourceOrgID
-
AWS Access Key ID formats
-
Yet another blog
-
Security September: Cataclysms in the Cloud Formations
-
Security September: Escaping CodeBuild - The compromise that wasn't
subscribe via RSS