Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Corey Quinn Profile picture
Corey Quinn
@QuinnyPig
Chief Cloud Economist at @DuckbillGroup. Father to @QuinnyPiglet & @theMunchQuinn. he/him Get my snarky take on AWS news: https://t.co/aGVMZnGzSV

Sep 16, 2021, 16 tweets

I will now proceed to man-explain @colmmacc's truly excellent post at shufflesharding.com/posts/aws-sigv…, using smaller words.

"In the time it takes to read this sentence, the AWS Identity and Access Management (IAM) service will handle several billion requests."

@awscloud is kicking itself for making IAM free.

"I didn’t have a hand in designing the AWS SIGv4 protocol"

Do not blame @colmmacc for any of this.

SIGv4 means that every single request is authenticated. This is different from "encrypted." It makes sure that you are you.

"Starting last week, as part of S3 Multi-Region Access Points, we’re using a new version of AWS SIGv4, called SIGv4A"

An @awscloud product manager thought "sig vee four" flowed off the tongue too easily and would very much like to be promoted to Principal Namer.

The old things always knew what region a request was going to, which is part of how it works. AWS built a new thing that can field requests destined for multiple regions, which breaks the model.

Customers have an audit log because math. Like most math, it takes "doing the problem on the blackboard" kind of time to show up in the audit log because CloudTrail.

If you were making this request in a web browser, you would get the reassuring padlock in the address bar.

Some AWS customers find tin foil hats to be very fashionable.

The customer's request is turned into a long string that contains the request, the time, the algorithm, a copy of their AWS bill, etc.

"I could build a better @awscloud for less money" remains the rallying cry of fools.

If you get a (decrypted) packet capture of the request, you will almost certainly wish to curse God and die.

Instead of weakening security protections, @awscloud removed the region constraint and balanced it with additional cryptographic proof of who the customer is.

Your laptop might smell like burning metal even after you quit Slack and Chrome. AWS very much regrets not charging for IAM even more than they did at the start of this thread.

In conclusion @colmmacc is almost certainly better than you are at this, but is putting himself out there in public so that his technical peers at competitors can absolutely savage him if anything he has said is untrue.

That is not me, but nothing he has said is untrue.

In conclusion "this stuff is profoundly difficult and you generally don't have to think about it at all, but you might need to upgrade your laptop."

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling