Corey Quinn Profile picture
Find me on the butterfly site; same username.

Jul 26, 2022, 56 tweets

We're 20 minutes away from the start of #awsreinforce. I'm in San Francisco, it is dark outside, but at least I'm not in Boston.

This is my livetweet thread of the event.

I'm ready for this, Cloud Economist style

For actually intelligent takes rather than jokes, be sure to check out @marknca's livetweet thread.

Starts with a prepared video set to "Balance in the Universe" by Evandro Marconi Rocco.

And @stephenschmidt takes the stage with an "ADHD is not a disability" shirt.

Respect.

266 sessions over 2 days, or roughly half a session per @awscloud service.

Here are the 5 #reInforce tracks. Not to be confused with the 6 pillars of the Well Architected Framework, or the 4 million dollars you lost on deploying the first version of Macie.

Now @StephenSchmitd refuses to shut the hell up about CrossFit.

"Challenge Coins" is the best description ever for the money you pay for your AWS bill overages.

Now a slide with Singapore and Laramie (Wyoming) on a globe to juxtapose a megacity with a hick town that nobody could possibly give less of a shit about.

Apologies to both of the people in Laramie angrily riding their horses to Nebraska to find wifi so they can yell at me.

Talking about the value of scale; the things they learn from one company apply to other customers globally.

Also highlighting the defense in depth approach that AWS takes. He's correct; they're very very good at this.

Now talking about GuardDuty; apparently the people in the front row look like they have extra money or something.

"Products and services aren't shipped without a security review first."

Azure should take notes here.

And now "some lessons I have learned at CISO of AWS before becoming Amazon's CSO" says @stephenschmidt.

Wrong answers only?

Talking about the immoral invasion of Ukraine by Russia. Good on him for not shying away from calling that out.

And now @stephenschmidt passes the microphone and baton to new @awscloud CISO @mosescj58.

Steve pronounces it a "See Eye Ess Oh."
CJ pronounces it as "Sizz-oh."

CISO is pronounced "See-Soh" and nobody at @awscloud can pronounce acronyms properly to save their lives. #amihasthreesyllables

Talking about how important security is, which... is all well and good, yes, but the audience has ponied up $1099 a head to be at the AWS security conference in Boston. I think we can kinda accept that the audience gets that this matters by this point.

First time I can recall seeing "Neurodiversity" on a slide from @awscloud.

Four best practices to go with the five tracks and six pillars of the Well Architected Framework.

"If you're on vacation, your access should be as well."

*laughs in startup and being owned by your job*

It's not ransomware, it's a post-paid penetration test. #branding

#awsreinforce is sponsored by our friends at Log4J.

Relaunching the security competency.

I always found that a weird way to frame it. If you ask me about someone and I say they're "competent," you can view that as a tepid reference...

Wall of logos of new security competency partners. IBM is included; wonder who they bought...

We've now entered an impenetrable thicket of acronyms like MSSP, a slurry of terms of art, and yup: it's a security conference all right.

Launching today: a preview of AWS Marketplace Vendor Insights.

I kinda don't think they're going to, y'know. Warn you which ones are terrifying.

AWS Audit School continues to be a thing that exists.

I wish their security awareness training was something I could use to just check the box here, but it's not that built out unfortunately.

I would pay them for this.

I wonder if I'm one of the threats in their Threat Modeling Workshop.

Now @LenaSmart8 takes the stage. She's the CISO of @MongoDB.

"Security is very important. This one time we weren't secure enough and this jackhole company offered a crappy rebranded substandard version of our product for sale. Can you imagine that?" (Not really.)

WHOA. She just said "multi-cloud" on stage at an AWS keynote. AMAZING.

Oh no MongoDB tried to catch all the AWS services as if they were Pokemon!

Congratulations, @MongoDB; achievement unlocked!

Three parts of the management cycle to go with the four best practices, five tracks and six pillars of the Well Architected Framework.

Now Kurt Kufeld, VP of Platform at AWS. How the hell he follows someone as awesome on stage as @LenaSmart8 is beyond me.

I'd just give up and go home in his shoes.

A bold aspiration quote from a man who owns the entirety of the @awscloud billing system within his purview. It's a technical marvel that shows in exacting detail exactly where the puck was two days ago.

Now @awscloud is selling both sides of the arms race: post-quantum cryptography as well as the quantum computers (Braket) to break the crypto.

KMS, ACM, and Secrets Manager support hybrid post-quantum key agreement today.

"What about Systems Manager Parameter Store?"
"What about you not being such a cheap bastard, Quinnypig?"

I missed the launch of AWS LibCrypto last year, probably because I'm nowhere near smart enough to know how that stuff works.

Kurt is now talking about using automated reasoning to determine things like "is this S3 bucket open to the public."

That sounds hard. I use the red screamy warning in the @awscloud S3 console instead, it's way easier.

AWS uses "Provable Security."

I use "Probable Security" as in "it's probably fine."

New term of art just dropped. YOINK.

Now Kurt is talking about IAM. OH MY GOD IT'S FULL OF STARS

"Please, turn on Block Public Access."

Cool, let me move this ONE SPECIFIC PUBLIC BUCKET to another account without breaking all of my shit and I absolutely would.

"Please, enable MFA."

Okay, please enable multiple MFA devices per account and I absolutely will.

You can order free MFA keys from @awscloud if you spend more than $100 a month. If you don't spend that much, don't enable MFA and wait a bit.

IAM Roles Anywhere launched two weeks ago. Lost opportunity to call it "AWS Bakery." Because there will be... rolls everywhere.

I'm here all week.

It lets you get IAM credentials for anything that has a signed certificate. We know how to manage those already (we don't but we trick ourselves into believing otherwise). Great for off-prem stuff / using IAM as a free database.

Launch today: Amazon Detective for Elastic Kubernetes Service (EKS).

The first issue is Amazon Detective and the Case of Where Did All The Money Go?

Launch today: Amazon GuardDuty Malware Protection.

When GuardDuty detects suspicious activity, it snapshots the EBS volume and then scans the snapshot in an AWS service account.

Yes it costs, but it's also something existing customers have to opt in for. I strongly suggest it.

Works within Security Hub. Which is awesome except that "being secure" shouldn't be an investment decision in this way.

AWS Training and Certification has ways to learn security. So does REALLY screwing it up the first time. Those lessons STICK.

Kurt Kufeld pauses, and grabs a guitar. He begins covering Iron Maiden: Wickr Man.

New sessions covering those releases for those attending #reinforce in person.

And @mosescj58 closes with a George Bernard Shaw quote, so I'll do the same:

“Happy is the man who can make a living by his hobby."

Thanks for reading. lastweekinaws.com is the newsletter; if you've enjoyed this, please sign up. It's free.

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling