AWS re:Invent

AWS pre:Invent 2024

It’s once again pre:Invent, that magical season where AWS announces new features related to their legacy products (cloud) before they jump all-in on Generative AI magician gimmicks at re:Invent in Las Vegas. Once again, I will be in attendance at re:Invent, although I start to question my life choices every time I get off the plane in Vegas and am hit by the dry air, cigarette smoke, and insanely bright lights. Oh, right, I agreed to do a breakout session with Rich Mogull: DEV401 - Security invariants: From enterprise chaos to cloud order. We’re in Mandalay Bay (which is on the ass end of the strip) and in a silent disco setup, so I won’t be offended if you don’t attend, but if you do, Rich and I will probably set up for lunch somewhere afterward and talk about practical cloud security.

This is also my 5th year doing a pre:Invent round up. I almost decided not to do one. I’m in Germany this Thanksgiving week giving thanks that I’m not in the US for a bit. But at least it is conditioning me for the cigarette smoke onslaught I’ll experience in the casinos.


SecurityHub revisited

So earlier this year, I wrote (and then much later published) a blog post ripping AWS Security Hub. That led to conversations with folks on that team, and I got a chance to look at Security Hub’s new Central Configuration capabilities.

In short - this is an improvement for folks who use Security Hub and the built-in Security Standards. Sadly, it doesn’t solve many of the presentation issues that conflate “Compliance” and “Security”.


re:Invent 2023 recap

I’m back from re:Invent and still trying to adjust my sleep schedule (I’m on the East Coast and go to bed early; 6 pm Las Vegas time is my biological clock’s bedtime).

This year was one of my favorite re:Invents. I got to meet old and new co-workers and hang out with a lot of Community Builders and AWS Heroes, talk to service teams about what they should do to make their products work more for the security 99%. I got to a couple of good chalk talks on GenAI and GenAI security, which will help inform my poking at that over the holidays.

As for announcements, in the last seven days, there were 195 things posted to AWS What’s New. These are the ones I care to follow up on.

For simplicity, we’ll break them down into:


AWS pre:Invent 2023

As has been my tradition the last few years, I prep for re:Invent by reviewing all the interesting announcements that happen in the weeks leading up to the event. This gives me a chance to keep an eye out for sessions and chalktalks related to things I care about, and a chance to corner an SA or product manager at the AWS Booth and go like this:

Jackie Chan

This year I’ll be attending AWS as a Security Hero. The good news for all 845,000 attendees is that I don’t have to wear tights. Instead I’ll be hanging out in the Heroes lounge with the other Heroes and Community Builders (hopefully sipping mimosas during the keynotes).


AWS pre:Invent 2022

My third annual pre:Invent roundup is posted over on Steampipe’s blog. You can also check out 2021 and 2020 if you’re so inclined.

Back in 2018, I wrote a semi-serious post on what you as a security practitioner should be looking for as it relates to re:Invent announcements.

There were a few hot-takes that didn’t warrant mention on my work post, so I’ll include them here for your general amusement.


re:Invent 2021 Recap

Last week was re:Invent. It was great to be back in Vegas, and I loath Vegas. The crowds this year were smaller, which meant I could typically get into whatever session I wanted to. However it still took forever to get from Wynn, to Venetian, to Caesar’s to Mirage (where I was staying). I probably walked as much last week as I did during the entire pandemic. The Expo floor was smaller, but it didn’t seem smaller.

pre:Invent 2021

Welcome to the American Thanksgiving holiday, which for us cloud peeps is the quiet period between pre:Invent and re:Invent. Traditionally the run up to AWS re:Invent is chock full of feature releases (and some product releases) that don’t merit mention in Andy Adam’s or Werner’s keynotes. Last year I was busy with a new job, hiring a new team, and helping to launch a streaming service. This year I have another new job (same company, new role), and did have time.

pre:Invent 2020

Welcome to the American Thanksgiving holiday, which for us cloud peeps is the quiet period between pre:Invent and re:Invent. Traditionally the run up to AWS re:Invent is chock full of feature releases (and some product releases) that don’t merit mention in Andy or Werner’s keynotes. As I was slammed with work things, I wasn’t following pre:Invent (and will probably miss much of the lame online re:Invent), so I’m going back and reviewing all the announcements for things of note to a serverless nerd or security geek.

SEC339 - Actionable threat hunting in AWS

This post is contains all the queries from my talk SEC339 at re:Invent 2019. Yes, it is very similar to the talk I gave at re:Inforce. The focus is on the Preparation & Identification aspects of the SANS Incident Response framework. Preparation The tools we need here are: Centralized CloudTrail Centralized GuardDuty Antiope Splunk. CloudTrail We centralize all our CloudTrail events from all our accounts into a single bucket.