Don't burn the 🕯️from both ends.

We're taking a break. You should too.

This is Unlimited Leave. The weekly AWS management newsletter that won't judge you for still wearing sweatpants 5 days after Christmas. I get it. I've been wearing them since Thanksgiving. You're not alone.

This week's topics

  • Some wisdom from the Stoics

  • Quick updates

  • Prowler Cloud

Wisdom from the Stoics

Even if you don't celebrate the holidays as most in the States, it is always good to take a little time off and refresh your mind. Which is exactly what I am doing.

Take this quote from SENECA pulled from the December 25th entry in 'The Daily Stoic Journal' by Ryan Holiday:

"The mind must be given relaxation--it will rise improved and sharper after a good break. Just as rich fields must not be forced for they will quickly lose their fertility if never given a break-so constant work on the anvil will fracture the force of the mind. But it regains its powers if it is set free and relaxed for a while.

Constant work gives rise to a certain kind of dullness and feebleness in the rational soul."


I'll be back in full force on January 3rd. I'll be under a pile of email and sprint tasks to wrap up but I will be back. Until then, take some time to free up some headspace.

Quick Governance Announcements

  • AWS Security Hub adds nine (9) new best practice controls - These are all service-focused but one. The one that isn't...? A check to verify that individual account security contact information is populated. This thankfully can be done from the Management Account and CLI now for all accounts. Keep an eye on this one. The alternate contacts are creeping up in a lot of different places. Something is going to start leveraging those in different ways. I can feel it.

  • You can now manage region opt-ins for child accounts from the Management Account. I haven't looked at this yet. This prevents you from having to do this manually in each account since the CLI or SDK does not support this. If you are using Control Tower, however, I'm pretty certain this will not circumvent SCPs. Just enable resources in the regions to start.

  • CloudFormation released a fun little update that allows you to validate inputs for `CommaDelimitedList` parameter types. This will be helpful for validating input errors and concatenation errors via automation prior to deployment. I've been burned by this a couple of times. Not a major announcement, but helpful nonetheless.

Prowler Cloud

Check out Prowler Cloud while you are recovering from your holiday induldgence.

Prowler is an Open Source Security tool to perform Cloud Security best practices assessments, audits, incident response, continuous monitoring, hardening, and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS, and custom security frameworks.

*Not a Sponsor

Review past issues HERE | Share with others HERE
Disclaimer: The resources and topics shared within this newsletter are for informational use only. Any resources deployed or tools implemented are done so at your own risk. Do your own research and testing prior to the implementation of any resource or service deployed for any workload.