I will now proceed to man-explain @colmmacc's truly excellent post at shufflesharding.com/posts/aws-sigv…, using smaller words.
"In the time it takes to read this sentence, the AWS Identity and Access Management (IAM) service will handle several billion requests."
@awscloud is kicking itself for making IAM free.
@awscloud is kicking itself for making IAM free.
SIGv4 means that every single request is authenticated. This is different from "encrypted." It makes sure that you are you. 
"Starting last week, as part of S3 Multi-Region Access Points, we’re using a new version of AWS SIGv4, called SIGv4A"
An @awscloud product manager thought "sig vee four" flowed off the tongue too easily and would very much like to be promoted to Principal Namer.
An @awscloud product manager thought "sig vee four" flowed off the tongue too easily and would very much like to be promoted to Principal Namer.
The old things always knew what region a request was going to, which is part of how it works. AWS built a new thing that can field requests destined for multiple regions, which breaks the model.
Customers have an audit log because math. Like most math, it takes "doing the problem on the blackboard" kind of time to show up in the audit log because CloudTrail.
If you were making this request in a web browser, you would get the reassuring padlock in the address bar.
Some AWS customers find tin foil hats to be very fashionable.
The customer's request is turned into a long string that contains the request, the time, the algorithm, a copy of their AWS bill, etc.
"I could build a better @awscloud for less money" remains the rallying cry of fools.
If you get a (decrypted) packet capture of the request, you will almost certainly wish to curse God and die.
Instead of weakening security protections, @awscloud removed the region constraint and balanced it with additional cryptographic proof of who the customer is.
Your laptop might smell like burning metal even after you quit Slack and Chrome. AWS very much regrets not charging for IAM even more than they did at the start of this thread.
In conclusion @colmmacc is almost certainly better than you are at this, but is putting himself out there in public so that his technical peers at competitors can absolutely savage him if anything he has said is untrue.
That is not me, but nothing he has said is untrue.
That is not me, but nothing he has said is untrue.
In conclusion "this stuff is profoundly difficult and you generally don't have to think about it at all, but you might need to upgrade your laptop."
• • •
Missing some Tweet in this thread? You can try to
force a refresh
