AWS Wish List

Make a wish. It might be granted! #awswishlist

This is a hiatus for a minute on my series on Automating Cybersecurity Metrics to tell you about the AWS Wish List.

Free Content on Jobs in Cybersecurity | Sign up for the Email List

AWS Feature Requests

Back when I worked at Capital One on the cloud engineering team one of the things I was asked to do was to manage the list of AWS features that Capital One wanted AWS to implement. Of course Capital One had a lot of leverage with AWS at the time because they were the first major bank in the United States to move to AWS. And yes they had a breach, but cloud security is complicated and that is what my latest blog series is trying to address.

At any rate, Capital One did help make some major improvements to AWS security. One of the issues with AWS S3 is that it required applications to traverse the Internet in order to put or get objects. This was something Capital One was not keen on doing since prior to cloud any connection to a vendor required a private line (MPLS for those who are familiar) to do business with the bank. Sending data over the Internet was just not cool.

Capital one requested a feature that would allow companies to keep the information off the Internet as it traversed the network from an AWS VPC to an S3 bucket and vice versa. That feature became S3 endpoints. From there S3 endpoints have evolved to VPC Endpoints. Now you can send data from application sources to…