Olivia
Online
Olaf Conijn
@OConijn
Serverless @ Stedi,
Maintainer @ org-formation, ts2asl
Amsterdam, The Netherlands
Joined April 2011
376 Following
530 Followers
547 Posts
@matthewdfuller Book a bassinet with your airline, good luck
@matthewdfuller for example: https://t.co/nszwvEtAoE
@matthewdfuller A rather neat (and little known!) thing about the CloudControl API is that it is extensible by the customer. you can create new types for things AWS does not support and this wouldnt just work with CloudControl but also in CloudFormation templates
@zackkanter @matthewdfuller Access Analyser would return all access that is provided based on condition keys such as aws:PrincipalOrgID or aws:PrincipalOrgPaths
Who to follow
Ian Mckay
@iann0036
Sydney, Australia 🇦🇺 | #AWS Community Hero | IaC & security enthusiast | Breaks basically everything | he/him
Ran Isenberg 
@RanBuilder
⭐️ AWS Serverless Hero
☁️ Senior Principal Architect @PaloAltoNtwks
👷 Consultant https://t.co/t5CIIJye9J
Aidan W Steele
@__steele
I try to tweet novel things about AWS.“Shit-poster extraordinaire” according to @LastWeekInAWS. He/him. AWS Serverless Hero
@zackkanter @matthewdfuller question 1 through 3 seem relatively simple.
to answer question 4 i would have a look at IAM Access Analyser to perform "external access analysis". it is real sophisticated in analysing both the identity and resource policies within an AWS Account.
Don't use custom resources, use resource providers!
Security is job zero @Stedi. While building Stedi's RBAC system, our very own @williamsross discovered an AWS access vulnerability in STS. We worked with @AWSSecurityInfo to report the issue (which is now resolved, and didn't affect Stedi customers). Full details in the blog.
@theburningmonk Or maybe the generation of short lived (security) tokens where some services read (check) and a different (authentication) services writes/invalidates the tokens
@theburningmonk Maybe think of it this way: now DynamoDB can be your service, the resource policy can define your service boundary. DynamoDB is a great service and you do not need to front it with an API GW for all usecases.
Next up would be ABAC support if it were up to me :)
@theburningmonk Concrete usecase: use DynamoDB as a service to provide atomic increments on control numbers/sequential IDs
Its great to have that as a shared service if you need writes and reads from different accounts/services.
I think what this world needs is an aws "control tower" formation
@theburningmonk Must only happen to nice people?
Set your BucketPolicy to retain in CloudFormation & keep your data secure even after a bucket failed deletion.
see: https://t.co/WpcQDgAgo7
other recent new changes include:
- improved TF support
- https://t.co/mdckWjfvmU v2 support
- MaxConcurrentTasks > 0 on update-cdk tasks
org-formation v1.0.11, the org-formation version that can be used together with AWS Control Tower (or any other account factory) using the annotate-organization tasks.
https://t.co/YInEOIaBvF
why? companies might want to use Control Tower to create new accounts, but would like to use org-formation to manage a baseline of resources within those accounts.
@marekq @t1agoB @Sarutule @ottokruse @NMoutschen @heitor_lessa @theburningmonk a year ago it would have been about serverless, nowadays most of the people sitting at this table ship containers🙈
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers