Defense in depth against SSRF vulnerabilities with the EC2 Instance Metadata Service
https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/ [aws.amazon.com]
2019-11-22 03:26
tags:
bugfix
cloud
defense
security
web
Today, AWS is making v2 of the EC2 Instance Metadata Service (IMDSv2) available. The existing instance metadata service (IMDSv1) is fully secure, and AWS will continue to support it. But IMDSv2 adds new “belt and suspenders” protections for four types of vulnerabilities that could be used to try to access the IMDS. These new protections go well beyond other types of mitigations, while working seamlessly with existing mitigations such as restricting IAM roles and using local firewall rules to restrict access to the IMDS. AWS is also making new versions of the AWS SDKs and CLIs available that support IMDSv2.
Eh, seems this could have been better from the start, but oh well.
EC2 Instances (A1) Powered by Arm-Based AWS Graviton Processors
https://aws.amazon.com/blogs/aws/new-ec2-instances-a1-powered-by-arm-based-aws-graviton-processors/ [aws.amazon.com]
2018-11-27 20:53
tags:
cloud
release
virtualization
Today we are launching EC2 instances powered by Arm-based AWS Graviton Processors. Built around Arm cores and making extensive use of custom-built silicon, the A1 instances are optimized for performance and cost. They are a great fit for scale-out workloads where you can share the load across a group of smaller instances. This includes containerized microservices, web servers, development environments, and caching fleets.
Among other AWS announcements.
https://aws.amazon.com/blogs/opensource/firecracker-open-source-secure-fast-microvm-serverless/
source: HN
Announcing Go Support for AWS Lambda
https://aws.amazon.com/blogs/compute/announcing-go-support-for-aws-lambda/ [aws.amazon.com]
2018-01-16 02:26
tags:
cloud
go
programming
release
Today, we’re excited to announce Go as a supported language for AWS Lambda.
source: HN
Better Random Number Generation for OpenSSL, libc, and Linux Mainline
https://aws.amazon.com/blogs/opensource/better-random-number-generation-for-openssl-libc-and-linux-mainline/ [aws.amazon.com]
2017-11-22 20:59
tags:
crypto
library
linux
random
But what’s really exciting for us is that, in the course of working on libc, we were also able to get traction on another important change, in Linux itself. Last year, we suggested a new madvise() option for the Linux kernel. Based on OpenBSD’s MINHERIT_ZERO, the option marks memory regions as WIPEONFORK, which means that those regions are zeroed in a child process immediately after a fork() call.
source: HN
Summary of the Amazon S3 Service Disruption
https://aws.amazon.com/message/41926/ [aws.amazon.com]
2017-03-02 18:18
tags:
admin
cloud
networking
storage
swtools
we have not completely restarted the index subsystem or the placement subsystem in our larger regions for many years. S3 has experienced massive growth over the last several years and the process of restarting these services and running the necessary safety checks to validate the integrity of the metadata took longer than expected.
source: L
Amazon Lightsail – The Power of AWS, the Simplicity of a VPS
https://aws.amazon.com/blogs/aws/amazon-lightsail-the-power-of-aws-the-simplicity-of-a-vps/ [aws.amazon.com]
2016-11-30 21:05
tags:
business
cloud
release
Amazon finally adds a feature I understand. Interesting turn from the increasingly esoteric addons of the past, now trying to rope in newcomers as well.