Endpoint policies for gateway endpoints

The Cloud Conformity VPC Endpoint Exposed check brought my attention to this one, as I think they have a bug in this check: https://www.cloudconformity.com/knowledge-base/aws/VPC/endpoint-exposed.html There are two types of VPC endpoint: Interface and Gateway (S3, DynamoDB). What are suggested in the above link only applies to the Interface endpoint, but not the Gateway endpoint. As … Continue reading Endpoint policies for gateway endpoints

`aws s3 sync` lessons learned

As mentioned in my earlier posts, we use aws s3 sync to migrate a large number of files from on-premise to AWS. Here are a few things that I learned: The AWS credential can be renewed by an external process for a long running AWS CLI process. (Renew AWS credential for a long run AWS … Continue reading `aws s3 sync` lessons learned