Rowan
@rowanu.bsky.social
AWS IAM, cloud security, and serverless
AWS IAM updates last week:
- SecurityAudit got an update 🥳 mostly S3 tables
- network-firewall getting flow operations
- route53-recovery-control-config (???) getting resource policies
I'm still not sure why every week there seem to be version updates to some policies, but without actual changes?!
- SecurityAudit got an update 🥳 mostly S3 tables
- network-firewall getting flow operations
- route53-recovery-control-config (???) getting resource policies
I'm still not sure why every week there seem to be version updates to some policies, but without actual changes?!
March 31, 2025 at 9:33 PM
AWS IAM updates last week:
- SecurityAudit got an update 🥳 mostly S3 tables
- network-firewall getting flow operations
- route53-recovery-control-config (???) getting resource policies
I'm still not sure why every week there seem to be version updates to some policies, but without actual changes?!
- SecurityAudit got an update 🥳 mostly S3 tables
- network-firewall getting flow operations
- route53-recovery-control-config (???) getting resource policies
I'm still not sure why every week there seem to be version updates to some policies, but without actual changes?!
Vibe coding digrams #FAIL
GenAI remains a key part of my daily workflow, but it feels like I'm running in to more limitations - anyone else?
In this case, the LLM kept trying the same thing, even though it detected there was a problem with it (very neat!)
GenAI remains a key part of my daily workflow, but it feels like I'm running in to more limitations - anyone else?
In this case, the LLM kept trying the same thing, even though it detected there was a problem with it (very neat!)
March 26, 2025 at 7:19 PM
Vibe coding digrams #FAIL
GenAI remains a key part of my daily workflow, but it feels like I'm running in to more limitations - anyone else?
In this case, the LLM kept trying the same thing, even though it detected there was a problem with it (very neat!)
GenAI remains a key part of my daily workflow, but it feels like I'm running in to more limitations - anyone else?
In this case, the LLM kept trying the same thing, even though it detected there was a problem with it (very neat!)
As more "stuff" gets made (code/blogs/etc) by AI, don't underestimate the power of giving presentations/speaking to advance your career!
Speaking at meetups and conferences has given me such a high ROI for the effort, and it gets easier the more you do it!
Speaking at meetups and conferences has given me such a high ROI for the effort, and it gets easier the more you do it!
March 26, 2025 at 6:48 AM
As more "stuff" gets made (code/blogs/etc) by AI, don't underestimate the power of giving presentations/speaking to advance your career!
Speaking at meetups and conferences has given me such a high ROI for the effort, and it gets easier the more you do it!
Speaking at meetups and conferences has given me such a high ROI for the effort, and it gets easier the more you do it!
Interesting (maybe) AWS IAM action/policy updates from last week (ending 23/3):
- deeplens gone 🔪🤖
- cleanrooms gets protected (?) jobs
- connect gets data lake integration
15 separate updates detected this week, which is more than usual, but not to show for it...
- deeplens gone 🔪🤖
- cleanrooms gets protected (?) jobs
- connect gets data lake integration
15 separate updates detected this week, which is more than usual, but not to show for it...
March 24, 2025 at 11:19 AM
Interesting (maybe) AWS IAM action/policy updates from last week (ending 23/3):
- deeplens gone 🔪🤖
- cleanrooms gets protected (?) jobs
- connect gets data lake integration
15 separate updates detected this week, which is more than usual, but not to show for it...
- deeplens gone 🔪🤖
- cleanrooms gets protected (?) jobs
- connect gets data lake integration
15 separate updates detected this week, which is more than usual, but not to show for it...
Here's my dependency diagram for YourPublic.Cloud
Each one of these is its own AWS CloudFormation stack, with its own deployment, tests, etc
The complexity of SaaS is 🤯 no wonder it took me so long... and it's not finished yet!
Each one of these is its own AWS CloudFormation stack, with its own deployment, tests, etc
The complexity of SaaS is 🤯 no wonder it took me so long... and it's not finished yet!
March 21, 2025 at 3:46 AM
Here's my dependency diagram for YourPublic.Cloud
Each one of these is its own AWS CloudFormation stack, with its own deployment, tests, etc
The complexity of SaaS is 🤯 no wonder it took me so long... and it's not finished yet!
Each one of these is its own AWS CloudFormation stack, with its own deployment, tests, etc
The complexity of SaaS is 🤯 no wonder it took me so long... and it's not finished yet!
Interesting AWS IAM action updates from last week:
- Bedrock gets prompt routing
- Support will allow starting and getting interactions
- Batch will get consumable resources (?)
- Can't set challenge questions for your account anymore
It's not often you see IAM actions removed, but it can happen!
- Bedrock gets prompt routing
- Support will allow starting and getting interactions
- Batch will get consumable resources (?)
- Can't set challenge questions for your account anymore
It's not often you see IAM actions removed, but it can happen!
March 17, 2025 at 11:11 PM
Interesting AWS IAM action updates from last week:
- Bedrock gets prompt routing
- Support will allow starting and getting interactions
- Batch will get consumable resources (?)
- Can't set challenge questions for your account anymore
It's not often you see IAM actions removed, but it can happen!
- Bedrock gets prompt routing
- Support will allow starting and getting interactions
- Batch will get consumable resources (?)
- Can't set challenge questions for your account anymore
It's not often you see IAM actions removed, but it can happen!
Early bird sponsorship for AWS Community Day Australia 2025 is only available for another week!
It's on August 15 in Brisbane.
A bunch of sponsorship packages have already been sold, so if you want to get the best price reach out ASAP!
awscommunitydayaus.com/
It's on August 15 in Brisbane.
A bunch of sponsorship packages have already been sold, so if you want to get the best price reach out ASAP!
awscommunitydayaus.com/
March 17, 2025 at 2:37 AM
Early bird sponsorship for AWS Community Day Australia 2025 is only available for another week!
It's on August 15 in Brisbane.
A bunch of sponsorship packages have already been sold, so if you want to get the best price reach out ASAP!
awscommunitydayaus.com/
It's on August 15 in Brisbane.
A bunch of sponsorship packages have already been sold, so if you want to get the best price reach out ASAP!
awscommunitydayaus.com/
And the winner of the Longest AWS Service Name Award goes to... AWS Chatbot! 🤖
March 12, 2025 at 2:07 AM
And the winner of the Longest AWS Service Name Award goes to... AWS Chatbot! 🤖
Bitten by a subtle async bug today, and Claude.ai saved me
Using the array index notion on what would *eventually* be an array was instead trying to access the Promise object... and failing silently 🤦♂️
It didn't pick it up until I asked very specifically about this logic, but the answer was spot on
Using the array index notion on what would *eventually* be an array was instead trying to access the Promise object... and failing silently 🤦♂️
It didn't pick it up until I asked very specifically about this logic, but the answer was spot on
March 11, 2025 at 10:26 AM
Bitten by a subtle async bug today, and Claude.ai saved me
Using the array index notion on what would *eventually* be an array was instead trying to access the Promise object... and failing silently 🤦♂️
It didn't pick it up until I asked very specifically about this logic, but the answer was spot on
Using the array index notion on what would *eventually* be an array was instead trying to access the Promise object... and failing silently 🤦♂️
It didn't pick it up until I asked very specifically about this logic, but the answer was spot on
Interesting AWS IAM policy & action updates from last week:
- New iotmanagedintegrations action namespace
- New gameliftstreams action namespace
- CloudWatch RUM getting resource policies soon
- AWSFaultInjectionSimulatorECSAccess new version, but only the CreateDate changed? 🤨
- New iotmanagedintegrations action namespace
- New gameliftstreams action namespace
- CloudWatch RUM getting resource policies soon
- AWSFaultInjectionSimulatorECSAccess new version, but only the CreateDate changed? 🤨
March 10, 2025 at 9:07 AM
Interesting AWS IAM policy & action updates from last week:
- New iotmanagedintegrations action namespace
- New gameliftstreams action namespace
- CloudWatch RUM getting resource policies soon
- AWSFaultInjectionSimulatorECSAccess new version, but only the CreateDate changed? 🤨
- New iotmanagedintegrations action namespace
- New gameliftstreams action namespace
- CloudWatch RUM getting resource policies soon
- AWSFaultInjectionSimulatorECSAccess new version, but only the CreateDate changed? 🤨
Shout out to Brigid Johnson for one of the best explainers of AWS Resource Control Policies (RCPs) out there!
Eventually I'll have time to go through the docs in detail 😆
Eventually I'll have time to go through the docs in detail 😆
March 6, 2025 at 6:26 AM
Shout out to Brigid Johnson for one of the best explainers of AWS Resource Control Policies (RCPs) out there!
Eventually I'll have time to go through the docs in detail 😆
Eventually I'll have time to go through the docs in detail 😆
How did you learn to use AWS?
This thread made me realise I was lucky - I learnt AWS when there were only a few services (not even IAM!)
I guess there's got to be *some* upside to getting old 👴
This thread made me realise I was lucky - I learnt AWS when there were only a few services (not even IAM!)
I guess there's got to be *some* upside to getting old 👴
March 5, 2025 at 2:26 AM
How did you learn to use AWS?
This thread made me realise I was lucky - I learnt AWS when there were only a few services (not even IAM!)
I guess there's got to be *some* upside to getting old 👴
This thread made me realise I was lucky - I learnt AWS when there were only a few services (not even IAM!)
I guess there's got to be *some* upside to getting old 👴
I wanted one scan per day (for free accounts - paid get more), but I also want to fail reports that take too long.
Unfortunately I used the same interval for both checks, so a report would be PENDING up until the interval, then it would be marked FAILED.
Super.
Efficient.
Fail.
#buildinpublic
Unfortunately I used the same interval for both checks, so a report would be PENDING up until the interval, then it would be marked FAILED.
Super.
Efficient.
Fail.
#buildinpublic
March 4, 2025 at 11:26 AM
I wanted one scan per day (for free accounts - paid get more), but I also want to fail reports that take too long.
Unfortunately I used the same interval for both checks, so a report would be PENDING up until the interval, then it would be marked FAILED.
Super.
Efficient.
Fail.
#buildinpublic
Unfortunately I used the same interval for both checks, so a report would be PENDING up until the interval, then it would be marked FAILED.
Super.
Efficient.
Fail.
#buildinpublic
I'm thinking about running another workshop: For beginners, covering ALL the different AWS policy types (I'm looking at you, Resource Control Policies!) with plenty of service-specific examples.
Let me know if that's interesting to you, or tag someone who might be!
Let me know if that's interesting to you, or tag someone who might be!
February 25, 2025 at 11:04 AM
I'm thinking about running another workshop: For beginners, covering ALL the different AWS policy types (I'm looking at you, Resource Control Policies!) with plenty of service-specific examples.
Let me know if that's interesting to you, or tag someone who might be!
Let me know if that's interesting to you, or tag someone who might be!
Always check the scale!
I made an AWS IAM permissions error in my Lambda function that broke signups.
If I can still get it wrong after writing awsiamguide.com, then anyone can...
I made an AWS IAM permissions error in my Lambda function that broke signups.
If I can still get it wrong after writing awsiamguide.com, then anyone can...
February 24, 2025 at 8:03 AM
Always check the scale!
I made an AWS IAM permissions error in my Lambda function that broke signups.
If I can still get it wrong after writing awsiamguide.com, then anyone can...
I made an AWS IAM permissions error in my Lambda function that broke signups.
If I can still get it wrong after writing awsiamguide.com, then anyone can...
This is a nice summary of recent AWS IAM policy changes www.awsiamactions.io/statistics
February 5, 2025 at 12:41 AM
This is a nice summary of recent AWS IAM policy changes www.awsiamactions.io/statistics
I finally got yourpublic.cloud ready for public beta!
It's free to connect your account and do a daily scan of publicly accessible AWS resources. There's half a dozen of the most common resources, with more to follow soon!
It's free to connect your account and do a daily scan of publicly accessible AWS resources. There's half a dozen of the most common resources, with more to follow soon!
February 4, 2025 at 12:43 AM
I finally got yourpublic.cloud ready for public beta!
It's free to connect your account and do a daily scan of publicly accessible AWS resources. There's half a dozen of the most common resources, with more to follow soon!
It's free to connect your account and do a daily scan of publicly accessible AWS resources. There's half a dozen of the most common resources, with more to follow soon!
Starting to see this warning in my AWS IAM console
While I appreciate the notice, it's IAM that's forcing me to use "*" when using conditions key eg. aws:PrincipalOrgID
I wish there was a better/limited way to specify a principal in my org #awswishlist
While I appreciate the notice, it's IAM that's forcing me to use "*" when using conditions key eg. aws:PrincipalOrgID
I wish there was a better/limited way to specify a principal in my org #awswishlist
January 29, 2025 at 1:01 AM
Starting to see this warning in my AWS IAM console
While I appreciate the notice, it's IAM that's forcing me to use "*" when using conditions key eg. aws:PrincipalOrgID
I wish there was a better/limited way to specify a principal in my org #awswishlist
While I appreciate the notice, it's IAM that's forcing me to use "*" when using conditions key eg. aws:PrincipalOrgID
I wish there was a better/limited way to specify a principal in my org #awswishlist
New root account sessions are definitely one of my favourite announcements from this year's re:Invent! It gives you short-term/time-limited credentials to perform the 5 most common reasons to ever use the AWS root account, AND you can now delete the long-term root credentials completely!
December 12, 2024 at 12:56 AM
New root account sessions are definitely one of my favourite announcements from this year's re:Invent! It gives you short-term/time-limited credentials to perform the 5 most common reasons to ever use the AWS root account, AND you can now delete the long-term root credentials completely!
AWS IAM getting the sts:AssumeRoot permission!
That could be very useful... 🎩
That could be very useful... 🎩
November 15, 2024 at 4:07 AM
AWS IAM getting the sts:AssumeRoot permission!
That could be very useful... 🎩
That could be very useful... 🎩
Everyone else is using AI to get more productive, and here I am just procrastinating harder 😬
November 15, 2024 at 1:07 AM
Everyone else is using AI to get more productive, and here I am just procrastinating harder 😬
I love a good AWS service comparison table!
This one about serverless API choices is a big one, and definitely worth being aware of blog.theserverlessterminal.com/serverless-a... It's really nice to have it all in one table.
This one about serverless API choices is a big one, and definitely worth being aware of blog.theserverlessterminal.com/serverless-a... It's really nice to have it all in one table.
November 6, 2024 at 9:35 PM
I love a good AWS service comparison table!
This one about serverless API choices is a big one, and definitely worth being aware of blog.theserverlessterminal.com/serverless-a... It's really nice to have it all in one table.
This one about serverless API choices is a big one, and definitely worth being aware of blog.theserverlessterminal.com/serverless-a... It's really nice to have it all in one table.
Wow, was not expecting that either
I mean, CloudFront's always been good to me, but it's just ONE of many things AWS does, so I wasn't expecting them to beat out others...
I mean, CloudFront's always been good to me, but it's just ONE of many things AWS does, so I wasn't expecting them to beat out others...
October 23, 2024 at 10:32 PM
Wow, was not expecting that either
I mean, CloudFront's always been good to me, but it's just ONE of many things AWS does, so I wasn't expecting them to beat out others...
I mean, CloudFront's always been good to me, but it's just ONE of many things AWS does, so I wasn't expecting them to beat out others...