CyraBee AWS Weekly Newsletter is part of FAUN Developer Community. We help developers learn and grow by keeping them up with what matters.

⭐ Patrons

We Help You Win the Race to Developers’ Hearts!

Acquire, engage, and retain developers for your company.

MarketToDev is a Developer Marketing & Relation Agency by FAUN. A singular blend of marketing, software engineering, and passion.

Our services include providing actionable insights to help grow your developer community and increase adoption. Plus, we offer a free consultation to discuss your needs and how we can help.

Don’t let your competition get ahead, get in touch with MarketToDev !

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

⭐ Sponsors

How ManageEngine Applications Manager Can Help Overcome Challenges In Kubernetes Monitoring

Applications Manager’s kubernetes monitoring tool helps administrators to adapt various kubernetes cluster strategies to account for the new infrastructure layers.

Read more about how ManageEngine Applications Manager works.

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

🔗 From the web

How to scan your AWS Lambda functions with Amazon Inspector ✅

Want to improve the Security posture of your AWS Lambda functions? This blog post introduces two new Amazon Inspector features that scan your Lambda function application package dependencies, as well as your application code, for security vulnerabilities.

Amazon Inspector , is a vulnerability management and application security service that helps improve the security of your workloads.

• The features automatically scan applications for security vulnerabilities and present a list of the security findings based on their severity level and remediation instructions.
• The Amazon Inspector is designed to be used in conjunction with AWS Identity and Access Management (IAM), which creates roles and permissions for Lambda functions, as well as secures proprietary application code.

Scaling up the Prime Video audio/video monitoring service and reducing costs by 90% ✅

Marcin Kolny discusses how Amazon’s Prime Video team revamped its video quality analysis (VQA) service to reduce costs and improve scalability. Initially, the VQA team used a distributed system consisting of several components, such as media conversion, defect detectors, and orchestration management.

• The team re-architected the infrastructure, packing all components into a single process to eliminate the need for intermediate storage for video frames.
• The new infrastructure allowed the team to rely on scalable Amazon EC2 and Amazon ECS instances for deployment, resulting in cost savings.
• VQA initially used serverless microservices components, which raised scaling bottlenecks of 5% and cost concerns.
• To address these, VQA moved to a monolithic system, lowering infrastructure costs by more than 90% and increasing its scaling capabilities.
• In the new system, video frames are transferred in-memory, eliminating the need for Amazon Simple Storage Service (S3) as intermediate storage for video frames.
• This model also allowed VQA to monitor all live streams in real-time, resulting in a better customer experience.
• The shift to Amazon Elastic Compute Cloud (EC2) and Amazon Elastic Container Service (ECS) also allowed Prime Video to use Amazon EC2 compute-saving plans that lowered costs even further.

Privilege escalation in AWS Elastic Kubernetes Service (EKS)

An Trinh shares a scenario where his team was trying to escalate privileges from a compromised pod in AWS Elastic Kubernetes Service (EKS) and struggled with NodeRestriction, a security mechanism enabled by default on all EKS versions.

• They discovered that a container running inside an EC2 instance could request the AWS metadata service to obtain the instance’s IAM token.
• By requesting service account tokens for those pods from the API server, they were able to impersonate them and use their privileges.
• They also discovered that in a Kubernetes deployment, pods are usually distributed evenly in the cluster, and there is no boundary separating pods running sensitive services from other untrusted pods.
• By inspecting and pivoting through every pod, it is possible to obtain a token with a higher trust boundary, such as one with permission to list the cluster’s secrets.

Get details on security finding changes with the new Finding History feature in Security Hub

The new Finding History feature in AWS Security Huballows security teams to track and understand the history of a security finding, including the before and after values of the fields that were changed, who or what made the changes, and when the changes were made.

The authors aim to help users understand the state of a finding by providing an immutable history of changes within the finding details.

How to deploy a serverless website with Terraform ✅

The author provides step-by-step examples of deploying a serverless website on AWS using Terraform and shares different versions of deploying a serverless website using Terraform and AWS services.

⭐ Supporters

Switch to NordPass Business, Get 1 Year for FREE

NordPass offers an easy-to-use password manager for businesses, allowing for encrypted storage of credentials in vaults that can be shared among teams.

✔️Organize your account credentials.
✔️Store payment and shipping information.
✔️Save your private notes.
✔️Add members with one click.
✔️Share access to accounts between teams.
✔️Unlock the Activity Log.
✔️Autofill: Enter your account credentials automatically.
✔️Breach Monitoring.
✔️Company-wide settings.
✔️Password Health.

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

ℹ️ News

Amazon CloudFront announces one-click security protections

Amazon Web Services (AWS) has introduced a new feature in the Amazon CloudFront console, allowing users to secure web applications and APIs with AWS WAF (Web Application Firewall) in a single click.

• This feature provides out-of-the-box AWS WAF protection for web applications and APIs.
• Users can configure additional security protections against bots, fraud, and application-specific threats in the AWS WAF console.
• CloudFront now handles the creation and configuration of AWS WAF with recommended protections for all applications.

Introducing Cedar, an open-source language for access control

AWS has open-sourced the Cedar policy language and authorization engine, allowing users to express fine-grained permissions and decouple access control from application logic.

The Cedar project, under the Apache License 2.0, includes the language specification and SDK for policy authoring, validation, and access authorization. AWS encourages contributions through the Cedar-policy GitHub repository and the Cedar Policy Slack Workspace.

• AWS open-sourced the Cedar policy language and authorization engine.
• Follows a verification-guided development process for correctness and security.
• Amazon Verified Permissions uses Cedar for managing fine-grained permissions in custom applications.

AWS Service Management Connector now supports provisioning with Terraform

AWS has announced the availability of the AWS Service Catalog with self-service provisioning of Terraform configurations in the AWS Service Management Connector for ServiceNow.

• The launch also includes integrations with various AWS services, such as Amazon WorkSpaces, Amazon ECS, Amazon EKS, Amazon EFS, and more.
• A dashboard is introduced, providing quick access to reports/charts for AWS Service Catalog, AWS Config, and AWS Security Hub integrations.
• The Connector already integrates with AWS Systems Manager Incident Manager, AWS Health, AWS Support, AWS Systems Manager Automation, and AWS Systems Manager Change Manager.
• Users may incur costs for AWS services and IT service management (ITSM) tool licensing.

GitHub code search is generally available

GitHub has announced the availability of new code search and code view features for all users on GitHub.com. The aim of these enhancements is to help developers efficiently search, navigate, and understand their code, improving their productivity.

• The redesigned search interface offers suggestions, completions, and the ability to slice and dice results.
• The new code search engine is faster, more capable, and supports substring queries, regular expressions, and symbol search.
• Code search allows users to search across an organization’s codebase and provides relevant results.
• GitHub plans to continue infusing intelligence into different aspects of software development.

📚 Book picks

⭐ The Staff Engineer’s Path: A Guide for Individual Contributors Navigating Growth and Change

This in-depth book shows you how to understand your role, manage your time, master strategic thinking, and set the standard for technical work. You’ll read about how to be a leader without direct authority, how to plan ahead to make the right technical decisions, and how to make everyone around you better, while still growing as an expert in your domain.

By exploring the three pillars of a staff engineer’s job, Tanya Reilly, a veteran of the staff engineer track, shows you how to:

• Take a broad, strategic view when thinking about your work
• Dive into practical tactics for making projects succeed
• Determine what “good engineering” means in your organization

⚙️ Tools

aws-samples/aws-iot-connected-printer

Deploy a fully cloud-based and event-driven connected printer solution using AWS IoT Core and AWS CDK.

jrgood01/AutoArch

GPT-4 powered AWS architecture suggestions and visualization

hleb-kastseika/tg-channel-to-rss

AWS Lambda function for converting of Telegram channel to RSS feed.

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

🛍️ Swag Store

⭐ kubectl apply -f life.yaml

❤️ 20% exclusive discount for FAUNers on all products (+free shipping included) when you use the code “THANKSFAUN”.

😂 Meme of the week

❤️ Thanks for reading

👉 Never miss an issue
Join FAUN Developer Community and subscribe to our newsletter here.

👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📸Instagram

👌 Was this newsletter helpful?
We’d really appreciate it if you could share it with your friends! You can also donate to help us keep this newsletter going.

ℹ️ Have a question or feedback?
Feel free to reach out to us at [email protected]. We’d love to hear from you!

🤩 Want to sponsor our newsletter?
Reach out to us at [email protected] and we’ll get back to you as soon as possible.

🐝 AWS Weekly #373: How Amazon Prime Video Reduced Monitoring Costs by 90% was originally published in FAUN Publication on Medium, where people are continuing the conversation by highlighting and responding to this story.