This is part two of a two part series about AWS’s new Lightsail object storage. In part 1, I looked at the new Lightsail access key capability. In this second part we’ll look more closely at the buckets created. It was over 7 months ago when I posted part 1, so why the delay? I was waiting for AWS to fix something, and it was low enough risk...

This is part one of a two part series that will discuss AWS’s new Lightsail object storage. In this first part, we’ll look at the new access key capability and a security issue I discovered that has been fixed. In the second part we’ll look more closely at the buckets created. What is Lightsail? In 2016, AWS released Lightsail as a way of...

Ransomware has become a primary concern for infosec. This post will discuss options for ensuring the durability of data stored on S3, through protections in place and backup strategies. The AWS backup service on AWS unfortunately does not backup S3 buckets and a lot of discussions of backups and data durability on AWS do not describe the implementation...

I’m excited to announce that I’ve taken a new job with Aurora and am shutting down my consulting business. This post will discuss some project ideas I never got to, but first I want to briefly discuss this move. It’s weird to move on from something I built over the past 3.5 years and that was by all definitions a success. I’ve had dozens of clients...

This is the third annual release of my “AWS Security Maturity Roadmap” to give companies a series or actionable steps to improve the security of their AWS environments. Each year I update this with the latest features of AWS, along with improvements based on my discussions with clients, other consultants, and more who have gone through some of these...

This post will discuss why you should opt out of the AI data usage on AWS, how to do that, and how to confirm you did it correctly. A general rule on AWS is that your data will not leave the region you put it in. AWS customers rely on this for compliance, data sovereignty, and other reasons. Another general rule is that AWS will not access your...