Share this page!

Corey Quinn Profile picture
Twitter logo
21 Jun, 17 tweets, 5 min read
Let's do an @awscloud experiment with our friends at @github.

I have pushed a set of API credentials to a public repository. Oh no! Specifically at Mon Jun 21 23:08:12 UTC 2021.
I immediately received an email from @github after the push--to tell me that the authentication token for Github that I was using is out of date and should be updated. (This was called via their old "hub" CLI).
And at 17 past the hour I get my first call from a remote IP in the UK. It's a ListBuckets call.
Three minutes later it's followed up by a "DescribeKeyPairs" call from the same IP. No word from GitHub yet.
Now a call to ListTables. All the same IP so far. Someone's sleeping on the job!
Now an attempt from an internal AWS IP attempting to `AttachUserPolicy`. It doesn't succeed.
(The keys aren't from an account I control at the moment; there may well be a shutoff switch AWS hit somewhere).

Another call from that same UK IP, and a new one from a new IP for ListBuckets. User agent string is Windows. Surprise surprise.
I have deleted the keys. Will retry this with an account I have better visibility into at some point. But it's an instructive example of CloudTrail report times improving!
All right, retrying it. Within a minute I have a pair of emails from @awscloud telling me that they've opened a support case.
...does AWS somehow think that this automatically attached IAM policy captures all of the billable calls, because it falls hilariously short.

"Mine bitcoin on Fargate," anyone?
I had to respond to an emergency @awscloud-opened support ticket. "Don't worry, I'm doing this on purpose" probably fails to reassure @awssupport.
@awscloud @AWSSupport I found my existing IAM policy reasonably comprehensive:
Curiously an assumed-by-support role just queried a bunch of things in rapid sequence; effectively trying to see if new instances, volumes, snapshots, or images had been created. They attempted a "list" of all of those.
This makes sense and is disclosed at docs.aws.amazon.com/awssupport/lat…
And thus ends the experiment. Unwound everything I spun up. Until next time!
Or not; @awssupport has forcibly reopened the ticket on the deleted user and credential set which never had permissions to do anything.
I'm making someone's day actively worse, aren't I...

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Corey Quinn

Corey Quinn Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @QuinnyPig

Corey Quinn Profile picture
16 Jun
Sponsoring @awscloud re:Invent is the biggest "kiss the ring" exercise in the entire cloud industry; a thread.
First, some administrativia.

The slides are marked "Amazon Confidential" but are freely available and advertised for download on the re:Invent website. This is about as public as it gets.
Also, I do have a potential conflict of interest here; I also accept money for sponsorships (details at lastweekinaws.com/sponsorship/), so in some ways this is me trashing a competitor. It's not a huge deal and I'm amusing about it, but it's important to me to disclaim that.
Read 17 tweets
Corey Quinn Profile picture
15 Jun
So You've Been Called Out On Twitter: A ShitPoster's Guide On How To Proceed
You're likely to experience an immediate flash of defensiveness. That's not what you *MEANT* and someone's taking it way out of context. Don't they know you better than that?!

STOP. Take a beat. What you do next determines if anyone remembers this in two weeks.
I have a list of people whose judgement I trust. I ask them for their thoughts on my possibly-shitty take before I proceed. In the moment, I'm probably too close to the issue to be completely objective.
Read 13 tweets
Corey Quinn Profile picture
14 Jun
"So I want to start a business" you think. You're wrong, but you won't figure that out until later.

A thread on how I would think about it these days, updated for 2021.
Consulting? SaaS? Something else? You're skipping ahead. The first step is to find an expensive problem that people would cheerfully pay you to make go away.
Consulting is quick-to-revenue. You can get a check signed in a couple of weeks at most for your first few "friend network" deals.

SaaS requires a lot of upfront initial investment.

The former is easier; the latter is more lauded in our society today.
Read 19 tweets
Corey Quinn Profile picture
8 Jun
As an Extremely Online Executive, I will of course be attending / twooting this. Image
Today we have @ClarkeRodgers (Enterprise Strategist) and @StephenSchmidt (AWS's CISO).

I have to remind myself that this is aimed at executives, but I still flinch at "so what does a CISO do" being a legitimate question. Image
"So @StephenSchmidt, you used to work at the FBI. What did you do with AWS as a customer?"

Like so many customer stories, theirs began with S3.
Read 13 tweets
Corey Quinn Profile picture
8 Jun
Ooh the Internet just melted.
#hugops to Fastly, who has a clear gift for disaster understatement.
“Flight slightly delayed.”
Read 4 tweets
Corey Quinn Profile picture
7 Jun
And now a thread on how I'd implement this.

If you do all of these, please talk to @mike_julian and me; we will become your first customers.
1. Pretend that we're exactly what we are: folks who have a mostly-straightforward business, a semi-complex personal tax situation, and (and this is key!) not a lot of time to become accountants ourselves, or fill out forms.
There are pages and pages and pages of intake forms most firms send out. Don't do that! Ask to see my return from last year and autofill most of it.
Read 16 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @QuinnyPig has new unrolls!

Check out other threads from @QuinnyPig!

Read all threads by @QuinnyPig

:(