It's happened. It's finally here. No, I'm not talking about the next iPhone. I'm talking about programmatic access to the AWS IAM action list! Wait, what do you mean "I'
Programmatic AWS Action List!
Find deprecated Lambda runtimes in your environment
List all AWS Lambda functions running deprecated runtimes in your environment as a spreadsheet.
Passing the AWS Security Speciality in 2024 (SCS-C02)
Last week I passed the latest version of the AWS Security Speciality (SCS-C02). The Security Speciality certification assesses your knowledge of the various AWS security services, and the security capabilities of more general services offered by AWS. Big shoutout to
CloudFront OAC for S3 policy
Set up OAC between CloudFront and your bucket with aws:SourceArn.
External ID policy review
Granting 3rd parties access to your AWS resources via roles should always use external ID condition. If a vendor asks you to provision an IAM user with access + secret key in 2023, they're doing it wrong. External IDs
AWS managed polices: Lambda Basic Execution Role
The AWSLambdaBasicExecutionRole is an AWS managed policy, and one of the most common managed policies you should consider using, at least for quick development; it's the minimum amount of permissions to see what your AWS Lambda functions are
Deny all external principals assume role
This interesting policy question on re:Post about how you can prevent principals outside of an AWS organization from assuming a role in your organization. The asker originally requests an SCP to do this, but SCPs cannot apply to principals
AWS SAM policy templates
A feature I think everyone (including myself!) should use more is AWS Serverless Application Model (SAM) policy templates. This approach is a great example of "syntactic sugar" that characterises the AWS SAM approach. As an example, a frequent