home.social

#awsiam — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #awsiam, aggregated by home.social.

  1. Want to monitor only AWS Lambdas in Zabbix? Remember to add `ec2:DescribeRegions` action to your access policy🤐
    For some reason
    #zabbix #aws #lambda #awslambda #awsiam

  2. Want to monitor only AWS Lambdas in Zabbix? Remember to add `ec2:DescribeRegions` action to your access policy🤐
    For some reason
    #zabbix #aws #lambda #awslambda #awsiam

  3. Want to monitor only AWS Lambdas in Zabbix? Remember to add `ec2:DescribeRegions` action to your access policy🤐
    For some reason
    #zabbix #aws #lambda #awslambda #awsiam

  4. Want to monitor only AWS Lambdas in Zabbix? Remember to add `ec2:DescribeRegions` action to your access policy🤐
    For some reason
    #zabbix #aws #lambda #awslambda #awsiam

  5. Want to monitor only AWS Lambdas in Zabbix? Remember to add `ec2:DescribeRegions` action to your access policy🤐
    For some reason
    #zabbix #aws #lambda #awslambda #awsiam

  6. Two real-life examples of why limiting permissions works: Lessons from AWS CIRT
    aws.amazon.com/blogs/security/
    How do you balance the effort of privilege reduction with the benefits it provides?
    Unfortunately, this is not an easy question to answer. [...] In this post, we tell two real-world stories where limiting AWS Identity and Access Management (IAM) permissions worked by limiting the impact of a security event, but where the permission set did not involve maximum effort.
    #AWS #AwsIam

  7. The other day we were fighting #AWS over an #AWSIAM user role and #security policy that made it impossible for #AWSAPIGateway to talk to #AWSS3. Resolution: just create a new IAM user role and security policy. With the exact same contents! Baffled our poor AWS support agent.

  8. Case in point: I've set up a web form in #AWSS3, allowing posts to #AWSLambda, which stores in #DynamoDb, which triggers another lambda function, which forwards to #AWSSNS with a dead-letter queue to #AWSSQS, which emails me. And all of that gets logged with #AWSCloudWatch using the appropriate #AWSIAM roles and policies.

    Oof. Give me #PHP sendmail any time.

  9. Case in point: I've set up a web form in #AWSS3, allowing posts to #AWSLambda, which stores in #DynamoDb, which triggers another lambda function, which forwards to #AWSSNS with a dead-letter queue to #AWSSQS, which emails me. And all of that gets logged with #AWSCloudWatch using the appropriate #AWSIAM roles and policies.

    Oof. Give me #PHP sendmail any time.