Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Corey Quinn Profile picture
@QuinnyPig
Sep 16, 2021 16 tweets 6 min read Read on X
Scrolly
I will now proceed to man-explain @colmmacc's truly excellent post at shufflesharding.com/posts/aws-sigv…, using smaller words.
"In the time it takes to read this sentence, the AWS Identity and Access Management (IAM) service will handle several billion requests."

@awscloud is kicking itself for making IAM free.
"I didn’t have a hand in designing the AWS SIGv4 protocol"

Do not blame @colmmacc for any of this.
SIGv4 means that every single request is authenticated. This is different from "encrypted." It makes sure that you are you.
"Starting last week, as part of S3 Multi-Region Access Points, we’re using a new version of AWS SIGv4, called SIGv4A"

An @awscloud product manager thought "sig vee four" flowed off the tongue too easily and would very much like to be promoted to Principal Namer.
The old things always knew what region a request was going to, which is part of how it works. AWS built a new thing that can field requests destined for multiple regions, which breaks the model.
Customers have an audit log because math. Like most math, it takes "doing the problem on the blackboard" kind of time to show up in the audit log because CloudTrail.
If you were making this request in a web browser, you would get the reassuring padlock in the address bar.
Some AWS customers find tin foil hats to be very fashionable.
The customer's request is turned into a long string that contains the request, the time, the algorithm, a copy of their AWS bill, etc.
"I could build a better @awscloud for less money" remains the rallying cry of fools.
If you get a (decrypted) packet capture of the request, you will almost certainly wish to curse God and die.
Instead of weakening security protections, @awscloud removed the region constraint and balanced it with additional cryptographic proof of who the customer is.
Your laptop might smell like burning metal even after you quit Slack and Chrome. AWS very much regrets not charging for IAM even more than they did at the start of this thread.
In conclusion @colmmacc is almost certainly better than you are at this, but is putting himself out there in public so that his technical peers at competitors can absolutely savage him if anything he has said is untrue.

That is not me, but nothing he has said is untrue.
In conclusion "this stuff is profoundly difficult and you generally don't have to think about it at all, but you might need to upgrade your laptop."

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Corey Quinn

Corey Quinn Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @QuinnyPig

Corey Quinn Profile picture
Apr 17
Today's cloud marketing story is called "The Tale of Hot Rebecca," and is a truthful recounting of dinner last night.

Strap in; it's a fun ride.
Back in my early 20s, I had a number of friends / acquaintances in my (primarily Jewish) social circle named "Rebecca." It was kind of a problem.

("Can't we spray for them?"
"…not since the 1940s.")
So every Rebecca got an adjective, much like the seven dwarves. One of them asked me once what her adjective was, and I responded in a fit of unadulterated honesty, "you're Hot Rebecca" because honestly? Damn.
Read 9 tweets
Corey Quinn Profile picture
Apr 9
Made it to the #GoogleCloudNext keynote seating finally. Let's see how this goes now that the world is starting to wake up to a "much of the AI hype is unwarranted" reality.
Boeing: "HOW ARE THEY DOING IT?!"
Airbus: "We bought a torque wrench?"
Boeing: "No, how are you being a featured customer testimonial at #GoogleCloudNext?"
Airbus: "Oh, that? We made a strategic decision to not be walking poster children for corporate negligence." Image
In any case, fear not. I am here for this. Image
Read 39 tweets
Corey Quinn Profile picture
Feb 13
And now, some DevOps / SRE / Sysadmin / Ops / ENOUGH already tips I learned from early in my career--brought to us by our friends at Chex™ Mix. All of these are great ideas that you should implement immediately... Image
DNS is notoriously unreliable, so use configuration management to sync all of the servers' /etc/hosts files. Boom, no more single point of failure.
Future-proofing is an early optimization, so don't do it. Every network should be a /24 because that's how developers think. I mean come on, what are the odds you'll ever have more than 253 hosts in a network?
Read 14 tweets
Corey Quinn Profile picture
Feb 1
And the Amazon earnings are out for Q4. A miss on @awscloud revenue by $20 million because analysts didn't expect one of you to turn off a single Managed NAT Gateway.

Let's explore deeper into their press release.
For 2023, AWS sold $90.8 billion of services, most of which were oversized EC2 instances because you all refuse to believe Compute Optimizer when it tells you there are savings to be had if you're just a smidgen more reasonable.
Word frequency in the earnings release:
Customer: 87
Employee: 11
Generative: 16
Cloud: 24
Serverless: 3
DynamoDB: 2
Union: 0
Read 13 tweets
Corey Quinn Profile picture
Dec 12, 2023
It's once again the most wonderful time of the year: the newly-renamed @Gartner_inc Magic Quadrant for Strategic Cloud Platform Services!

This year there are no visionaries or challengers, just "cloud" vs. "you pretend to be a cloud." Let's explore together! Image
We're going to ignore the "niche players" because for three of them I don't speak Mandarin, and for @IBMcloud I don't speak ancient Greek.

That leaves @awscloud, @Azure, @googlecloud, and @OracleCloud.
@IBMcloud @awscloud @Azure @googlecloud @OracleCloud First up is AWS due to its undisputed alphabetical supremacy.

Strengths include its "everything but the kitchen sink" approach, its innovation in hardware design, and its large feeding ground--I mean, partner ecosystem. Image
Read 17 tweets
Corey Quinn Profile picture
Dec 1, 2023
Amazon Q / "an AWS spokesmodel" is easily proving incredibly, incredibly helpful at answering the @awscloud questions its human predecessors in corporate comms refused to address. Image
According to an AWS spokesmodel, EC2, S3, and DynamoDB have all seen price increases. I did not know that! Image
I was missing a handful of these on my deprecation list; thanks, AWS spokesmodel! You're incredibly helpful! Image
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(