Share this page!

Mark Nunnikhoven Profile picture
Twitter logo
Mar 10 9 tweets 10 min read
before I dive in here, did you know that @awscloud Audit Manager exists?

probably not. tl:dr > it helps map your usage to various regulations & standards to give you a better idea of your risk & compliance posture

some thoughts & a blog post analysis 👇

🧵 #cloud #security
@awscloud this 👇 is the workflow for @awscloud Audit Manager. it's not bad for the basics

🧵 #cloud #security The AWS Audit Manager workflow: - review, customize, or crea
@awscloud what started me down this path was this post on the @awssecurityinfo blog, "Streamlining evidence collection with AWS Audit Manager"

aws.amazon.com/blogs/security…

anything that helps smooth out the evidence gathering process is usually a big win, let's dig in

🧵 #cloud #security
@awscloud @AWSSecurityInfo right out of the gate, AWS Audit Manager pulls from @awscloud Security Hub, AWS Config, and AWS CloudTrail. so those data sources are already covered

this post shows how an approach to streamlining your custom metrics/data points

🧵 #cloud #security
@awscloud @AWSSecurityInfo the idea is pretty simple

you setup an HTTPS endpoint via @awscloud API Gateway. that endpoint triggers a Lambda which then stores the evidence in S3 while also triggering a Step Function to process the evidence

it's simple, #serverless, and low cost

🧵 #cloud #security
@awscloud @AWSSecurityInfo the trick now is using this evidence storage method

@awscloud Audit Manager associated evidence to a Control within an Assessments

you need to know where this evidence belongs, in order to use this solution

🧵 #cloud #security
@awscloud @AWSSecurityInfo more from the docs at docs.aws.amazon.com/audit-manager/…

and

docs.aws.amazon.com/audit-manager/…

🧵 #cloud #security
@awscloud @AWSSecurityInfo it's not too complicated to figure this out but it's going to be the top hurdle in getting buy-in from other teams

streamlining the evidence/control/assessment alignment process would be a huge win & make this solution a lot more useful

/🧵 #cloud #security
@awscloud @AWSSecurityInfo 🤣 turns out @QuinnyPig also provides his 2 cents on this post in the @LastWeekinAWS newsletter this morning

you've subscribed to his newsletter, right?

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Mark Nunnikhoven

Mark Nunnikhoven Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @marknca

Mark Nunnikhoven Profile picture
Mar 11
a nice move by @googlecloud recently. they've cleaned up the already great developer experience

the moves are summed up in this post cloud.google.com/blog/products/…

some thoughts 👇

🧵 #cloud #devops
@googlecloud these changes are non-breaking. that SHOULD be the standard when dealing with APIs and SDKs but, sadly, it isn't everywhere

nice to see @googlecloud setting an example here

🧵 #cloud #devops
@googlecloud all of the individual CLIs are now the "Google Cloud CLI"

this is an umbrella project that includes:

- gcloud (pretty much everything)
- bg (BigQuery)
- gsutil (Cloud Storage)
- kubectl (Kubernetes)

🧵 #cloud #devops
Read 5 tweets
Mark Nunnikhoven Profile picture
Mar 9
on the @awscloud Cloud Operations & Migrations blog, @MahanthJayadeva has a great post up about Custom Lenses in teh AWS Well-Architected Framework

read that at aws.amazon.com/blogs/mt/custo…

some thoughts 👇

🧵 #cloud #devops
@awscloud @MahanthJayadeva Custom Lenses add your own questions to the AWS Well-Architected Tool

remember, the Tool is basically a managed, versioned Q&A system to help your teams work through various architectural chocies

a Custom Lens means your questions appear alongside AWS'

🧵 #cloud #devops
@awscloud @MahanthJayadeva the Custom Lens go a bit further than just questions. you can actually create your own PILLARS as well

there are 6 pillars from @awscloud:
- Operational Excellence
- Performance Efficiency
- Reliability
- Cost Optimization
- Security
- Sustainability

🧵 #cloud #devops
Read 7 tweets
Mark Nunnikhoven Profile picture
Oct 6, 2021
the biggest disappointment I have with @awscloud IAM is that people don't use it like a dynamic system

permissions are still granted on/off, very few teams add a time component in there but they are starting to with roles

...I think there's more there

🧵☁️ #cloud #security
of course, that tweet probably gave @ben11kehoe a heart attack (sorry Ben!)

...on that note, Ben just published ANOTHER fantastic post on @awscloud IAM, he's on a roll lately

🧵☁️ #cloud #security
"Never put AWS temporary credentials in the credentials file (or env vars)—there’s a better way", by @ben11kehoe

the title says it all, but in the post he dives into the why and what might be better ways for you

ben11kehoe.medium.com/never-put-aws-…

🧵☁️ #cloud #security
Read 7 tweets
Mark Nunnikhoven Profile picture
Sep 2, 2021
containers on @awscloud: a rant 🧵

problem: I want to run a single container every so often

☁️ #cloud #devops
I start with a search. the first result is straight forward and promising

I click on "Containers on AWS"

☁️🧵 #cloud #devops
I land here. it's not bad though a bit of a pitch, "AWS is the #1 place for you to run containers and 80% of all containers in the cloud run on @awscloud" << but will MINE?!?

☁️🧵 #cloud #devops
Read 45 tweets
Mark Nunnikhoven Profile picture
Aug 24, 2021
next up is IAM with Karen Haberkorn

@awscloud #reinforce
…and the challenge of virtual events rears it ugly head. other more pressing matters popped up and I’ve missed what seems like a great talk and discussion on IAM 😔

@awscloud #reinforce
…but the upside of the virtual event is that I should be able to watch this on replay soon enough!

@awscloud #reinforce
Read 17 tweets
Mark Nunnikhoven Profile picture
Aug 24, 2021
Eric Brandwine up now at @awscloud #reinforce

he’s talking about building a culture of #security
scale quickly became a problem in building the #security organization at AWS

@awscloud #reinforce
Eric realized they couldn’t scale up the team to the size of AWS, it just wasn’t possible

they had to figure out a way to help the organization build the #security culture itself

@awscloud #reinforce
Read 34 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @marknca has new unrolls!

Check out other threads from @marknca!

Read all threads by @marknca

:(