216: The Cloud Pod is Feeling Elevated Enough to Record the Podcast

Episode 216 June 30, 2023 00:30:53
216: The Cloud Pod is Feeling Elevated Enough to Record the Podcast
tcp.fm
216: The Cloud Pod is Feeling Elevated Enough to Record the Podcast

Jun 30 2023 | 00:30:53

/

Show Notes

Welcome to the newest episode of The Cloud Pod podcast - where the forecast is always cloudy! Today your hosts are Jonathan and Matt as we discuss all things cloud and AI, including Temporary Elevated Access Management (or TEAM, since we REALLY like acronyms today)  FTP servers, SQL servers and all the other servers, as well as pipelines, whether or not the government should regulate AI (spoiler alert: the AI companies don’t think so) and some updates to security at Amazon and Google. 

Titles we almost went with this week:

A big thanks to this week’s sponsor:

Foghorn Consulting, provides top-notch cloud and DevOps engineers to the world’s most innovative companies. Initiatives stalled because you have trouble hiring?  Foghorn can be burning down your DevOps and Cloud backlogs as soon as next week.

News this Week:

No general news this week! Probably because no one wanted to talk to us. 

AWS

00:49 Amazon EC2 Instance Connect supports SSH and RDP connectivity without public IP address 01:31 Matt- “It’s nice to see Amazon still coming up with more solutions to not have things be public; and really try to get their customers to not use all the older-school technology.” 03:02 RDS Custom for SQL Server Lets you Bring Your Own Media  04:28Jonathan- “I think the advantage for me is that I've often heard, well, we can't use RDS because it doesn't support this, doesn't support this, doesn't support this. Whereas now you can deploy your own instances with your own controls and just use RDS as a management layer. Kind of cool.” 06:22 Temporary Elevated Access Management with IAM Identity Center A Note from the team with some Reinforce quick hits for you:  ** If you're using AWS Transfer for your SFTP solution, and quantum computing breaking your SFTP and FTPs ciphers keeps you up at night, AWS now supports post-quantum keys for AWS transfer. I mean personally if you're leveraging SFTP… in 2023 and post quantum security is your priority i’m unsure you're using the right technology.  Post-quantum hybrid SFTP file transfers using AWS Transfer Family Your SOC team rejoices as it allows you to take automated actions to update your findings. These rules make it easy to avoid alert fatigue and more quickly close out alerts and issues.** 07:02 Matt- “This whole solution looks great. I'll be more curious in about two years from now when they add it into Amazon SSO - or the rebranded Amazon IAM Identity Center - to actually see it all nicely integrated in and not, ‘Hey, there's a web portal over here that you run with Amplify and there's probably Step Functions and CloudWatch.’ It's a really good solution for build your own. And if you have a public cloud team that can help manage this, great. But if you're trying to do this for a one or two AWS account, probably not worth the overhead and complexity of it. But it's nice to see that they’re, again, providing solutions for people.” 08:15 Jonathan - “I guess you could integrate it with things like change handlers so you can only get admin access during pre-approved changes or to pre-approved instances and that kind of thing. I'm sure this is a problem that a lot of people have, like what do you do when you don't want admin all the time, but you do need admin rights when you need it? And I've seen people build all kinds of tooling around this, you know, well, we keep passwords in volt, but if we get the password out to use temporarily, then we have to go back and change the password later. It's all a lot of moving parts. And so having an off the shelf solution like this is pretty neat.” 09:34  re:Inforce 2023 Quick Hits **Quick note from Justin** If you're using AWS Transfer for your SFTP solution, and quantum computing breaking your SFTP and FTPs ciphers keeps you up at night, AWS now supports post-quantum keys for AWS transfer. I mean personally if you're leveraging SFTP… in 2023 and post quantum security is your priority i’m unsure you're using the right technology. Your SOC team rejoices as it allows you to take automated actions to update your findings. These rules make it easy to avoid alert fatigue and more quickly close out alerts and issues. For those who were excited about WAF Fraud Control for Account Takeover Prevent (ATP, they are adding Account Creation Fraud Protection to protect your applications sign up pages against fake account creation by detecting and blocking fake requests.  12:14 Launching - Amazon S3 Dual-Layer Server-Side Encryption with Keys Stored in AWS Key Management Service (DSSE-KMS) 14:30 Matt - “I think for the average consumer, you're probably not gonna need or want this. I'd be curious of what the overhead is or if it's something that Amazon's just eating the overhead on the backend.” 15:49 A New Set of APIs for Amazon SQS Dead-Letter Queue Redrive 16:13Matt - “This is kind of nice. I mean, I always feel like I've had a dead letter queue and then I just send a notification. It's all I've ever used it for. But, if you can actually now move that message to somewhere useful, do either retry or if you're doing failure driven development (which I would recommend against) you could in theory just cascade it down, but it's nice that they are actually enabling this with APIs.” 16:40Jonathan - “Yeah, I've definitely had a use case for this before when we used SQS for hundreds of thousands of log events. And when Elasticsearch was down regularly, things would eventually time out of the queue after three days of trying to rebuild the Elasticsearch cluster. So moving those things was a Python script back to the thing, as I said, ended up in the back of the queue again. So. Definitely nice.” 18:06 Simplify How You Manage Authorization in Your Applications with Amazon Verified Permissions Note from Jonathan - It say easy to **deploy** not easy to **use**. Listener beware. 

GCP

20:31 Announcing Dataform in General Availability: develop, version control, and deploy SQL pipelines in BigQuery  22:02 Matt- “Hey, Jonathan. Help explain to me what they're doing here, because all I see is that we're building pipelines from SQL to BigQuery, and they put a UI around it.” 22:14 Jonathan- “I think the big thing is data engineers spend a lot of time in a console clicking through things, clicking through pipelines, a lot of data quality is managed by people. A lot of pipelines are built by people rather than as code and so I guess by forcing it to be defined as code and versioned as code… potentially you could build a new pipeline, compare the output of that with the output of a previous pipeline. If it looks good then promote it to the next environment.” 23:05 Introducing Google’s Secure AI Framework  24:13 Matt- “I feel like all the cloud providers and all the AI providers are just saying, hey, this is what we're gonna do. And, you know, I really would like to see what are the consequences if they break their own framework. You know, like what are they going to do? Because cool, they can say that they're gonna be responsible and robust and secure and ensure confidentiality and all these things, but it's very easy to put out a press release saying that. It's very hard to prove that you're doing that.” 26:35 Google Warns its Employees: Do Not Use Code Generated by Bard 27:40 Matt- “NIST is a framework though; It's not an regulating agency. It's not like NIST says you have to do this. It's not a, it's a standards agency.” 28:01 Jonathan- “Yeah, that's why they want nest involved, presumably, so that it's very unregulated.”

Azure

18:31 Announcing Microsoft’s AI Customer Commitments  32:18 Matt- “Repeat everything we just talked about for Google.”

Other Episodes

Episode 146

December 22, 2021 00:57:10
Episode Cover

146: The Google CyberCAT is Out of the Bag

On The Cloud Pod this week, Oracle finally has some news to share. Plus Log4j is ruining everyone’s lives, AWS suffers a massive outage...

Listen

Episode 280

October 31, 2024 00:55:53
Episode Cover

280: Evidently, The Cloud Pod Was Always Right

Welcome to episode 280 of The Cloud Pod, where the forecast is always cloudy! This week Justin, Jonathan, Ryan, and Matthew are your hosts...

Listen

Episode

October 31, 2019 40m48s
Episode Cover

CloudWatch detects The Cloud Pod as an Anomaly – Ep 44

Peter goes Absent With Out Leave – AWOL. Redhat can’t save IBM’s earnings, AWS starts detecting anomalies, Google adds 100-Gbps direct connect links to...

Listen