Season 4 Episode 13: Simulating Failures, Scanning Resources, and Securing Secrets

In Season 4, Episode 13 Karl & Jon are joined by Sam Waweru They discuss Amazon Application Recovery Controller's new AWS FIS recovery action, AWS CloudFormation's targeted resource scans, Secrets Management, AWS's detailed geographic information, S3 bucket data leak and then the guys joked about Jon's ever-changing office furniture, wondering if he'd finally settle on a therapist's couch given how often he needs therapy after recording the podcast.

03:11 - Amazon Application Recovery Controller announces AWS FIS recovery action for zonal autoshift 

This new feature allows users to simulate the loss of an AWS availability zone, helping to validate multi-AZ architectures and disaster recovery plans. It's particularly useful for industries like finance and healthcare that require rigorous testing of failover scenarios. The feature can help identify overlooked issues in complex environments with multiple microservices.

09:43 - AWS CloudFormation now supports targeted resource scans in the IaC generator 

This update to the IAC generator allows users to specify which types of resources they want to include in their CloudFormation templates. This makes the tool more viable for real-world use, as it reduces the amount of unnecessary resources included in the generated templates. The feature is particularly useful for those working within the AWS ecosystem, though it may not sway users away from other tools like Terraform.

15:38 - Why Secrets Management Should Be A Central Pillar Of Cloud Security 

The article discusses the importance of proper secrets management in cloud security. It covers common ways secrets are exposed, such as hardcoded credentials and misconfigured cloud storage. The piece also outlines best practices, including centralizing secret storage, implementing least privilege access, and automated secret rotation. The discussion highlighted the ongoing challenges of secrets management and access control in cloud environments.

23:50 - Detailed geographic information for all AWS Regions and Availability Zones is now available 

AWS has released more explicit information about the geographic locations of its regions and availability zones. While much of this information could be inferred before, it's now clearly stated, potentially to appease regulators. The information includes specific countries and cities for regions and edge locations, which can help organizations select locations to reduce latency and meet compliance requirements.

29:52 - Juicy customer data’ leaked from Nine 

The article reports on a data leak from a misconfigured S3 bucket, exposing customer names, addresses, and contact information. While the leaked data wasn't as "juicy" as the headline suggested, it highlights the ongoing issue of misconfigured cloud storage. The incident emphasizes the importance of proper access controls, regular audits, and careful management of third-party contractors who may have access to sensitive data.