Forwarded from CloudSec Wine (Artem)
🔶 Diving Deeply into IAM Policy Evaluation
A post going through confounding conditions, double and triple negatives, and principals matched and unmatched to explain a more accurate model of how IAM evaluates permissions internally.
https://ermetic.com/blog/aws/diving-deeply-into-iam-policy-evaluation-highlights-from-aws-reinforce-session-iam433
#aws
A post going through confounding conditions, double and triple negatives, and principals matched and unmatched to explain a more accurate model of how IAM evaluates permissions internally.
https://ermetic.com/blog/aws/diving-deeply-into-iam-policy-evaluation-highlights-from-aws-reinforce-session-iam433
#aws
👍7
Forwarded from AWS User Group Tashkent
⚡️We are excited to announce that we are hosting a first ever meetup of AWS 👩💻 User Group in Tashkent!
Join us at Westminster International University in Tashkent at 18:00 on November 11th, where we are having guest speakers from AWS. Stay tuned for details of each talk!
✅ Registration: Link (seats are limited)
📍 Venue: Westminster International University
📅 Time and Date: November 11th at 18:00
🗣 Language: English
We will be sharing details of each talk in upcoming days, so make sure to follow us!
Join us at Westminster International University in Tashkent at 18:00 on November 11th, where we are having guest speakers from AWS. Stay tuned for details of each talk!
✅ Registration: Link (seats are limited)
📍 Venue: Westminster International University
📅 Time and Date: November 11th at 18:00
🗣 Language: English
We will be sharing details of each talk in upcoming days, so make sure to follow us!
Please open Telegram to view this post
VIEW IN TELEGRAM
👍6💩1
Forwarded from Sasha
Всем привет! Мы долго думали - стоит ли затевать ивент, но не можем сдержаться - потому что у нас просто огненные спикеры ❤️🔥
Итак, 01 ноября мы проведем наш AWS RU Community Friends Day! Будем говорить об облаках, технологиях и, конечно, о людях. Пожалуйста, поделитесь своими пожеланиями о теме разговора (мы все учтем!), вот тут.
В этой же форме можно задать вопросы спикерам :)
И кстати о спикерах:
🌤 Николай Пойда (@mykola7799) - AWS Community Builder, DevOps инженер с 15+ летним опытом, автор блога, основатель нашего комьюнити.
🌤 Виктор Ведмич (@VictorVedmich) - AWS Senior Developer Advocate, создатель и ведущий подкастов DevOps Kitchen Talks, AWS на русском.
🌤 Наш супер гость - Денис Астахов - AWS Hero, Solutions Architect в OpsGuru, создатель YouTube канала ADV-IT - число просмотров на котором давно превысило 10 миллионов.
Сколько не рассказывай, а все равно мало) Митап будет огненный!
Ваше AWS RU Community ❤️
Итак, 01 ноября мы проведем наш AWS RU Community Friends Day! Будем говорить об облаках, технологиях и, конечно, о людях. Пожалуйста, поделитесь своими пожеланиями о теме разговора (мы все учтем!), вот тут.
В этой же форме можно задать вопросы спикерам :)
И кстати о спикерах:
🌤 Николай Пойда (@mykola7799) - AWS Community Builder, DevOps инженер с 15+ летним опытом, автор блога, основатель нашего комьюнити.
🌤 Виктор Ведмич (@VictorVedmich) - AWS Senior Developer Advocate, создатель и ведущий подкастов DevOps Kitchen Talks, AWS на русском.
🌤 Наш супер гость - Денис Астахов - AWS Hero, Solutions Architect в OpsGuru, создатель YouTube канала ADV-IT - число просмотров на котором давно превысило 10 миллионов.
Сколько не рассказывай, а все равно мало) Митап будет огненный!
Ваше AWS RU Community ❤️
🔥19👍13❤4👏2💩1💯1
IAM Identity Center (AWS SSO) теперь поддерживает сессии до 7 дней, настраивается в Settings, по умолчанию 8 часов:
https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html
#SSO
https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html
#SSO
🔥12🎉2👍1
Which cloud providers from the list do you use? (several options can be selected)
Anonymous Poll
5%
Alibaba Cloud
20%
Azure
83%
AWS
28%
Google
1%
Huawei Cloud
2%
IBM Cloud
6%
Oracle Cloud
1%
Tencent Cloud
14%
Just viewing the results
👍2
Какие облака из списка используете? (можно выбрать несколько вариантов)
Anonymous Poll
1%
CloudMTS
1%
SberCloud
7%
Selectel Cloud Platform
1%
Timeweb Cloud
4%
VK Cloud Solutions
25%
Yandex Cloud
68%
Посмотреть результаты
💩7👍1
Which cloud providers from the list do you use? (several options can be selected)
Anonymous Poll
37%
DigitalOcean
23%
Hetzner Cloud
2%
SAP Cloud Platform
5%
Other (write in the comments)
49%
Viewing results
👍2
Gartner Magic Quadrant for Cloud Infrastructure & Platform Services 2022:
1️⃣ AWS
2️⃣ Azure
3️⃣ Google
4️⃣ Alibaba
5️⃣ Oracle
6️⃣ IBM
7️⃣ Tencent
8️⃣ Huawei Cloud 💥 New
▫️ AWS is leading for the 12th time in row. 💪
▫️ The top three leaders are unchanged.
▫️ Azure continues to close the gap with AWS, especially in Europe. 👀
▫️ Google has also advanced in the ranking due to increased revenue from cloud computing.
▫️ Alibaba has strengthened its position and is now the number one cloud if you work in China.
▫️ Oracle has also made great progress, and now, together with Alibaba, they are in the next quadrant after the leaders.🔥
▫️ No one was excluded from the rating. On the contrary, the Huawei Cloud appeared. 🎉
▫️ Now there are already three representatives of China in the ranking: 🇨🇳
🔺 Alibaba
🔺 Huawei
🔺 Tencent
Link to the source of the latest information on Gartner CIPS 2022 with comments by Corey Quinn.
#Gartner
1️⃣ AWS
2️⃣ Azure
3️⃣ Google
4️⃣ Alibaba
5️⃣ Oracle
6️⃣ IBM
7️⃣ Tencent
8️⃣ Huawei Cloud 💥 New
▫️ AWS is leading for the 12th time in row. 💪
▫️ The top three leaders are unchanged.
▫️ Azure continues to close the gap with AWS, especially in Europe. 👀
▫️ Google has also advanced in the ranking due to increased revenue from cloud computing.
▫️ Alibaba has strengthened its position and is now the number one cloud if you work in China.
▫️ Oracle has also made great progress, and now, together with Alibaba, they are in the next quadrant after the leaders.🔥
▫️ No one was excluded from the rating. On the contrary, the Huawei Cloud appeared. 🎉
▫️ Now there are already three representatives of China in the ranking: 🇨🇳
🔺 Alibaba
🔺 Huawei
🔺 Tencent
Link to the source of the latest information on Gartner CIPS 2022 with comments by Corey Quinn.
#Gartner
👍7🔥1💯1
Forwarded from Max Skutin
17 October – 23 October, 2022
▪️ Amplify Swift iOS/macOS library
▪️ Braket pulse-level access to study the performance of today’s quantum computers
▪️ CloudFormation language extensions transform in GovCloud
▪️ CloudFront adds fields for origin latency and ASN in real-time logs
▪️ CloudTrail Lake export of signed query results to S3
▪️ CloudWatch Application Insights Visualize application health
▪️ Connect Wisdom improved machine learning capabilities
▪️ Database Migration Service C6i and R6i instances
▪️ Detective GuardDuty group related findings
▪️ DevOps Guru list view for analyzed resources
▪️ EKS Anywhere
▫️ Apache CloudStack
▫️ RHEL support
▪️ Global Accelerator
▪️ IAM Identity Center
▫️ default quota values increase
▫️ session management features
▪️ Interactive Video Service IVS stream chat web and mobile SDKs
▪️ Lambda Extension Parameters and Secrets
▪️ Lex
▪️ Management Console Dark mode support
▪️ Marketplace Red Hat Enterprise Linux (RHEL) Workstation
▪️ Nitro Enclaves is now supported on AWS Graviton
▪️ Panorama Camera Stream Pause and Resume
▪️ RDS
▫️ Aurora MySQL faster export to S3
▫️ preview environment PostgreSQL 15 RC2
▫️ up to 15 read replicas for 3X read capacity
▪️ S3 on Outposts Access Point aliases
▪️ SageMaker Canvas Quick build support for time-series forecast models
▪️ SageMaker Data Wrangler
▫️ Dynamic reference to data sets with parameters
▫️ Reduce dimensionality using PCA
▫️ Refit transforms
▫️ Schedule data preparation jobs
▪️ Service Management Connector sort Service Catalog products by Account/Region
▪️ SES simplify provisioning and managing dedicated IPs
▪️ Snowball Edge Compute Optimized double the compute capacity and is now fully SSD NVMe storage
▪️ SQS increased throughput quota for FIFO HT mode to up to 6000 TPS
▪️ Step Functions new execution observability features for Express Workflows
▪️ WorkDocs Apple Silicon MacBooks support
▪️ Amplify Swift iOS/macOS library
▪️ Braket pulse-level access to study the performance of today’s quantum computers
▪️ CloudFormation language extensions transform in GovCloud
▪️ CloudFront adds fields for origin latency and ASN in real-time logs
▪️ CloudTrail Lake export of signed query results to S3
▪️ CloudWatch Application Insights Visualize application health
▪️ Connect Wisdom improved machine learning capabilities
▪️ Database Migration Service C6i and R6i instances
▪️ Detective GuardDuty group related findings
▪️ DevOps Guru list view for analyzed resources
▪️ EKS Anywhere
▫️ Apache CloudStack
▫️ RHEL support
▪️ Global Accelerator
AddEndpoint/RemoveEndpoint APIs▪️ IAM Identity Center
▫️ default quota values increase
▫️ session management features
▪️ Interactive Video Service IVS stream chat web and mobile SDKs
▪️ Lambda Extension Parameters and Secrets
▪️ Lex
FreeFormInput Slot Type▪️ Management Console Dark mode support
▪️ Marketplace Red Hat Enterprise Linux (RHEL) Workstation
▪️ Nitro Enclaves is now supported on AWS Graviton
▪️ Panorama Camera Stream Pause and Resume
▪️ RDS
▫️ Aurora MySQL faster export to S3
▫️ preview environment PostgreSQL 15 RC2
▫️ up to 15 read replicas for 3X read capacity
▪️ S3 on Outposts Access Point aliases
▪️ SageMaker Canvas Quick build support for time-series forecast models
▪️ SageMaker Data Wrangler
▫️ Dynamic reference to data sets with parameters
▫️ Reduce dimensionality using PCA
▫️ Refit transforms
▫️ Schedule data preparation jobs
▪️ Service Management Connector sort Service Catalog products by Account/Region
▪️ SES simplify provisioning and managing dedicated IPs
▪️ Snowball Edge Compute Optimized double the compute capacity and is now fully SSD NVMe storage
▪️ SQS increased throughput quota for FIFO HT mode to up to 6000 TPS
▪️ Step Functions new execution observability features for Express Workflows
▪️ WorkDocs Apple Silicon MacBooks support
👍9
Forwarded from Rinat Uzbekov
YouTube
PCI DSS compliance at AWS
PCI DSS это стандарт безопасности индустрии платежных карт. Обеспечение соответствия требованиям этого стандарта достаточно трудоемкий процесс, так как стандарт включает в себя 288 проверок в 12 категориях. Процедура подготовка к аудиту и его прохождение…
👍12
AWS User Group Ukraine community invites you to DevOps Meetup!
Save your spot for October 26, 7 PM to get numerous insights on:
✅Best practices for observability;
✅Fundamentals of Reservation, Resizing, Spot instances, Savings plans, and budget optimization tools in AWS.
Or top-rated experts lineup:
🔸Darko Mesaroš, Senior Developer Advocate at AWS.
Topic: “Missing the forest for the trees: The Art of Observability” (ENG)
🔸 Yalantis’s experts: Yurii Berdichevskyi, DevOps Lead and Vlad Solomko, Senior DevOps Engineer.
Topic: “AWS Costs Optimization” (UKR)
🔥Don’t miss DevOps-deep-dive!
Free to join: https://bit.ly/3DsgFpN
Save your spot for October 26, 7 PM to get numerous insights on:
✅Best practices for observability;
✅Fundamentals of Reservation, Resizing, Spot instances, Savings plans, and budget optimization tools in AWS.
Or top-rated experts lineup:
🔸Darko Mesaroš, Senior Developer Advocate at AWS.
Topic: “Missing the forest for the trees: The Art of Observability” (ENG)
🔸 Yalantis’s experts: Yurii Berdichevskyi, DevOps Lead and Vlad Solomko, Senior DevOps Engineer.
Topic: “AWS Costs Optimization” (UKR)
🔥Don’t miss DevOps-deep-dive!
Free to join: https://bit.ly/3DsgFpN
👍13👎3🔥2
По запросам слушателей мы рассказываем про AWS Cloud Development Kit (AWS CDK)!
@antkovalenko - SA AWS c богатым опытом в IaC с использованием CDK - поделился своими знаниями по внедрения CDK в несколько проектов. С чего начнем? Пожалуй, с самого простого: что такое CDK, в чем разница между CDK и CloudFormation и, конечно, Terraform. Также Антон поделится классной историей о том, как команда разработки довольно легко и быстро освоила CDK, проект не простаивал и девелоперы сами писали IaC используя CDK, пока для них искали DevOps специалиста по работе с IaC.
Мы не забыли проговорить концепты самого CDK construct (L1,L2,L3), обсудили, каким образом CDK поддерживает большое количество языков, и порассуждали о том, какая глубина знаний необходима специалисту для начала работы с CDK.
#podcast
Послушать можно тут:
- Apple Podcasts
- Google Podcasts
- Spotify
- PodBean
P.S. Подкаст переехал на другую площадку дистрибуции, и поменялся RSS https://feed.podbean.com/awsnarusskom/feed.xml
@antkovalenko - SA AWS c богатым опытом в IaC с использованием CDK - поделился своими знаниями по внедрения CDK в несколько проектов. С чего начнем? Пожалуй, с самого простого: что такое CDK, в чем разница между CDK и CloudFormation и, конечно, Terraform. Также Антон поделится классной историей о том, как команда разработки довольно легко и быстро освоила CDK, проект не простаивал и девелоперы сами писали IaC используя CDK, пока для них искали DevOps специалиста по работе с IaC.
Мы не забыли проговорить концепты самого CDK construct (L1,L2,L3), обсудили, каким образом CDK поддерживает большое количество языков, и порассуждали о том, какая глубина знаний необходима специалисту для начала работы с CDK.
#podcast
Послушать можно тут:
- Apple Podcasts
- Google Podcasts
- Spotify
- PodBean
P.S. Подкаст переехал на другую площадку дистрибуции, и поменялся RSS https://feed.podbean.com/awsnarusskom/feed.xml
🔥14👍3
Forwarded from Viktor Mikalayeu
👍5🔥2👎1
❓ AWS Region в Польше? 🇵🇱
1️⃣ AWS впервые за всё время продвинулся восточнее Мюнхена и стал набирать на работу в Польше:
https://www.amazon.jobs/en/search?country=POL&business_category%5B%5D=amazon-web-services
2️⃣ AWS впервые за всё время открыл Local Zone в Европе — в Гамбурге и Варшаве:
https://aws.amazon.com/about-aws/whats-new/2022/10/announcing-general-availability-aws-local-zones-hamburg-warsaw/
Потому будет не удивительным услышать на ближайшем re:Invent 2022 о планах открытия региона
p.s. В любом случае, что точно можно сказать, так это то, что ждём уже в самое ближайшее время оглашения открытия Швейцарии
#AWS_Regions
1️⃣ AWS впервые за всё время продвинулся восточнее Мюнхена и стал набирать на работу в Польше:
https://www.amazon.jobs/en/search?country=POL&business_category%5B%5D=amazon-web-services
2️⃣ AWS впервые за всё время открыл Local Zone в Европе — в Гамбурге и Варшаве:
https://aws.amazon.com/about-aws/whats-new/2022/10/announcing-general-availability-aws-local-zones-hamburg-warsaw/
Потому будет не удивительным услышать на ближайшем re:Invent 2022 о планах открытия региона
eu-east-1 в каком-нибудь 2025-м году. 😀p.s. В любом случае, что точно можно сказать, так это то, что ждём уже в самое ближайшее время оглашения открытия Швейцарии
eu-central-2! 🇨🇭#AWS_Regions
👍19
Forwarded from Max Skutin
Issue 43 | 24 October – 30 October, 2022
▪️ App Runner PHP, Go, .Net, and Ruby managed runtimes
▪️ Aurora
▫️ cluster export to S3
▫️ MySQL 2.11 with R6i instance support |
▪️ Batch
▫️ 4x compute and memory for Fargate jobs
▫️ EKS support
▪️ CDK For Kubernetes CDK8s+ and manifest validation support |
▪️ CloudWatch RUM
▫️ custom metadata attributes
▫️ Extended CloudWatch Metrics
▪️ Cognito
▫️ user pool deletion protection
▫️ real-time schedule adherence
▪️ Console Mobile Application CloudShell support
▪️ DataSync self-signed certificates
▪️ EC2
▫️
▫️ High Memory instances with 18/24TiB with On-Demand and Savings Plans
▫️ Replace Root Volume
▪️ Elemental MediaConnect flow alerts
▪️ EMR Hive Metastore check command optimization and Parquet Modular Encryption
▪️ Fault Injection Simulator network connectivity disruption
▪️ Global Accelerator
▪️ IAM Access Analyzer identify public and cross-account access
▪️ Local Zones first deployment in Europe (Hamburg and Warsaw) |
▪️ Location Service +2 HERE map styles
▪️ MSK
▫️ Apache Kafka version 3.3.1
▫️ Connect supports private DNS hostnames
▫️ new low-cost storage tier
▪️ Neptune Serverless is now generally available |
▪️ Organizations centrally manage POC on AWS accounts
▪️ Pinpoint console now supports pool management
▪️ Private Certificate Authority short-lived certificates
▪️ Programs
▫️ Control Tower delivery and ready program
▫️ EKS Delivery Program
▫️ OpenSearch Service delivery program
▪️ QuickSight
▫️ Customer Managed Keys (CMK) for SPICE data encryption
▫️ Row Level Security (RLS) on Dataset-as-a-source
▪️ RDS
▫️ events for operating system updates
▫️ memory optimized R5b instance types for Oracle
▪️ Redshift Query Editor SQL Notebooks |
▪️ S3 Replication SSE-C encrypted objects
▪️ SageMaker
▫️ 8 new Graviton-based instances for model deployment
▫️ Automatic Model Tuning Grid Search support
▫️ Canvas supports tags to track and allocate costs
▫️ Model Monitor Batch Transform jobs
▫️ Multi Model Endpoint
▪️ WAF Challenge rule action and Bot Control for Targeted Bots
▪️ WorkSpaces Web Access bi-directional audio/video
▪️ App Runner PHP, Go, .Net, and Ruby managed runtimes
▪️ Aurora
▫️ cluster export to S3
▫️ MySQL 2.11 with R6i instance support |
GA▪️ Batch
▫️ 4x compute and memory for Fargate jobs
▫️ EKS support
▪️ CDK For Kubernetes CDK8s+ and manifest validation support |
GA▪️ CloudWatch RUM
▫️ custom metadata attributes
▫️ Extended CloudWatch Metrics
▪️ Cognito
▫️ user pool deletion protection
▫️ real-time schedule adherence
▪️ Console Mobile Application CloudShell support
▪️ DataSync self-signed certificates
▪️ EC2
▫️
i4i.metal instance for VMware Cloud | GA▫️ High Memory instances with 18/24TiB with On-Demand and Savings Plans
▫️ Replace Root Volume
▪️ Elemental MediaConnect flow alerts
▪️ EMR Hive Metastore check command optimization and Parquet Modular Encryption
▪️ Fault Injection Simulator network connectivity disruption
▪️ Global Accelerator
AddEndpoints and RemoveEndpoints APIs▪️ IAM Access Analyzer identify public and cross-account access
▪️ Local Zones first deployment in Europe (Hamburg and Warsaw) |
GA▪️ Location Service +2 HERE map styles
▪️ MSK
▫️ Apache Kafka version 3.3.1
▫️ Connect supports private DNS hostnames
▫️ new low-cost storage tier
▪️ Neptune Serverless is now generally available |
GA▪️ Organizations centrally manage POC on AWS accounts
▪️ Pinpoint console now supports pool management
▪️ Private Certificate Authority short-lived certificates
▪️ Programs
▫️ Control Tower delivery and ready program
▫️ EKS Delivery Program
▫️ OpenSearch Service delivery program
▪️ QuickSight
▫️ Customer Managed Keys (CMK) for SPICE data encryption
▫️ Row Level Security (RLS) on Dataset-as-a-source
▪️ RDS
▫️ events for operating system updates
▫️ memory optimized R5b instance types for Oracle
▪️ Redshift Query Editor SQL Notebooks |
GA▪️ S3 Replication SSE-C encrypted objects
▪️ SageMaker
▫️ 8 new Graviton-based instances for model deployment
▫️ Automatic Model Tuning Grid Search support
▫️ Canvas supports tags to track and allocate costs
▫️ Model Monitor Batch Transform jobs
▫️ Multi Model Endpoint
▪️ WAF Challenge rule action and Bot Control for Targeted Bots
▪️ WorkSpaces Web Access bi-directional audio/video
👍8
🆕 Transfer Elastic IP addresses from one AWS account to another:
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#transfer-EIPs-intro
✅ You can transfer Elastic IP addresses to accounts within the same AWS Organization.
✅ You can transfer Elastic IP addresses to standalone AWS accounts outside of AWS Organization.
✅ You can transfer Elastic IP addresses only within the same AWS Region.
❌ You cannot transfer Elastic IP addresses between AWS Organizations.
When you transfer an Elastic IP address, there is a two-step handshake between AWS accounts:
▪️ the source account (either a standard AWS account or an AWS Organizations account) and the transfer accounts.
▪️ when the source account starts the transfer, the transfer accounts have seven hours to accept the Elastic IP address transfer, or the Elastic IP address will return to its original owner.
#VPC
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#transfer-EIPs-intro
✅ You can transfer Elastic IP addresses to accounts within the same AWS Organization.
✅ You can transfer Elastic IP addresses to standalone AWS accounts outside of AWS Organization.
✅ You can transfer Elastic IP addresses only within the same AWS Region.
❌ You cannot transfer Elastic IP addresses between AWS Organizations.
When you transfer an Elastic IP address, there is a two-step handshake between AWS accounts:
▪️ the source account (either a standard AWS account or an AWS Organizations account) and the transfer accounts.
▪️ when the source account starts the transfer, the transfer accounts have seven hours to accept the Elastic IP address transfer, or the Elastic IP address will return to its original owner.
#VPC
🔥10👍2🎉1
Forwarded from Egor Miasnikov
Всем привет! AWS запустил Specialty Certification Challenge и при регистрации можно получить 50% скидку на экзамены - https://pages.awscloud.com/GLOBAL-ln-GC-TrainCert-Specialty-Certification-Challenge-2022-reg.html
Amazon Web Services, Inc.
Amazon Web Services (AWS) - Cloud Computing Services
Amazon Web Services offers reliable, scalable, and inexpensive cloud computing services. Free to join, pay only for what you use.
👍9🔥1
AWS services that support IPv6:
https://docs.aws.amazon.com/general/latest/gr/aws-ipv6-support.html#ipv6-service-support
p.s. My forecast is that the picture can seriously change in a month. 😀
#IPv6
https://docs.aws.amazon.com/general/latest/gr/aws-ipv6-support.html#ipv6-service-support
p.s. My forecast is that the picture can seriously change in a month. 😀
#IPv6
👍4
Is there IPv6 support in your AWS environment?
Anonymous Poll
55%
❌ No, and we don't plan to do that.
8%
✔️ No, but we're going to do it.
19%
✅ There is IPv6 support.
18%
View the results.
👍1