(Prevent) Hacking into a CloudService - About security, ECS and terraform AWS UserGroup Hannover Online Meetup Feb, 4th 2021

Yoni: Oftentimes, when we think about protecting resources in the cloud, we immediately think about the typical ways in - via public-facing applications or abuse of credentials. In this talk, we will look at one additional way: through the work unit parameters of a service. During the development of Indeni’s Cloudrail SaaS product, Yoni was responsible for trying to find ways to hack into the service. One of the ways he found, raises questions about how secure ECS workloads really are.

Why I had to update my mental model of DynamoDB streams

In a recent training I learned something about DynamoDB streams that surprised me. I had expected that any PutItem, UpdateItem or DeleteItem API call would cause a record to appear in the stream of my table, but that’s not the case. The stream works a little different from what I expected and in this short article I’m going to explain to you how.

Cross Account Resource Access - Invalid Principal in Policy

Keeping accounts decoupled is important in cross account scenarios. Setting permissions in the wrong way can lead to unwanted behavior. Better avoid setting a principal in a resource policy to a specific ARN as it may lead to ‘Invalid Principal’-errors. Using conditions provides you a more reliable and least privileged architecture.

Reliable Data Streaming on AWS

Reliable Data Streaming on AWS We should agree that in our digital world streaming and especially data streaming becomes more and more important if it isn’t already. Besides performance/throughput and security for a data streaming system reliability is a major point to be considered.

Using CloudFormation Modules for Serverless Standard Architecture

Serverless - a Use Case for CloudFormation Modules? Let´s agree to “infrastructure as code” is a good thing. The next question is: What framework do you use? To compare the frameworks, we have the tRick-benchmark repository, where we model infrastructure with different frameworks. Here is a walk through how to use CloudFormation Modules. This should help you to compare the different frameworks.