Don't burn the 🕯️from both ends.
We're taking a break. You should too.
This is Unlimited Leave. The weekly AWS management newsletter that won't judge you for still wearing sweatpants 5 days after Christmas. I get it. I've been wearing them since Thanksgiving. You're not alone.
This week's topics
Some wisdom from the Stoics
Wisdom from the Stoics
Even if you don't celebrate the holidays as most in the States, it is always good to take a little time off and refresh your mind. Which is exactly what I am doing.
Take this quote from SENECA pulled from the December 25th entry in 'The Daily Stoic Journal' by Ryan Holiday:
I'll be back in full force on January 3rd. I'll be under a pile of email and sprint tasks to wrap up but I will be back. Until then, take some time to free up some headspace.
Quick Governance Announcements
AWS Security Hub adds nine (9) new best practice controls - These are all service-focused but one. The one that isn't...? A check to verify that individual account security contact information is populated. This thankfully can be done from the Management Account and CLI now for all accounts. Keep an eye on this one. The alternate contacts are creeping up in a lot of different places. Something is going to start leveraging those in different ways. I can feel it.
You can now manage region opt-ins for child accounts from the Management Account. I haven't looked at this yet. This prevents you from having to do this manually in each account since the CLI or SDK does not support this. If you are using Control Tower, however, I'm pretty certain this will not circumvent SCPs. Just enable resources in the regions to start.
CloudFormation released a fun little update that allows you to validate inputs for `CommaDelimitedList` parameter types. This will be helpful for validating input errors and concatenation errors via automation prior to deployment. I've been burned by this a couple of times. Not a major announcement, but helpful nonetheless.
Check out Prowler Cloud while you are recovering from your holiday induldgence.
Prowler is an Open Source Security tool to perform Cloud Security best practices assessments, audits, incident response, continuous monitoring, hardening, and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS, and custom security frameworks.
*Not a Sponsor