hyperbola :: lifestream

On Tuesday, a weekly CI run triggered a Miri failure for a crate I maintain which has some unsafe code. Two days later I had a fix validated, reviewed, and released plus a RustSec advisory published at rustsec.org/advisories/RUSTSEC-2023-0048.html. From advisory being published to the dependabot PR was about 16 hours. #rust #artichoke #security

permalink

with the lopopolo IAM user gone, the only ones left were the IAM users in the #artichoke and #hypstatic GitHub organizations used for terraform CI in the project-infrastructure repos. I used the new GitHub Actions OpenID Connect provider to wire up AWS identity federation following this guide – scalesec.com/blog/identity-federation-for-github-actions-on-aws #security #github #aws #win

permalink

With AWS SSO in place, I started using aws-vault locally for #terraform and AWS CLI. I learned about this tool at work. No IAM access keys with inline IAM policies! SSO + assume role for administrator access! #security #win

permalink

In #aws things, I migrated both hyperbola and #artichoke infra to separate AWS organizations and set them up with AWS Control Tower's account vending machine. Audit logs! AWS Config! SCPs! AWS Cost and Usage Reports! AWS SSO! #win #security #cost

permalink
Post Image

Found this in the nginx logs of my wiki in ec2. hackers. #security

permalink

Archive