Categories
cloud internet

Comparison of AWS Compute Options in 2022

This is a non-exhaustive comparison of the popular AWS compute options. Hopefully it will help someone who’s also evaluating the various options for running your workload in AWS.

EC2 is the oldest and the most popular option as it is the easiest to start with. However you do have to manage a lot of things if you are choosing this option (OS, scaling, HA, etc). As a developer who may not be so familiar with cloud architecture, this can be daunting. Over the years, AWS has been making it easier to deploy code and make it scale. The latest compute product App Runner is a super simple way to write web applications in AWS. Though there are some who reported teething issues using it, I have no doubt those will be fixed in due time when it hits general availability.

Reference:
https://nathanpeck.com/concurrency-compared-lambda-fargate-app-runner/

Categories
cloud sysadmin

Granting AWS billing access to IAM (non-root account) users

By default, IAM users will not be allowed to access the Billing dashboard. This is true even if the user has AdministratorAccess permission. If you use AWS as a non-root/owner account user, but require access to billing and payment, here’s how you can do it.

Create billing IAM policies

  1. Go to IAM: https://console.aws.amazon.com/iam/
  2. Select Policies > Create policy
    1. Choose a service > Enter “Billing”
    2. Check All billing actions
  3. Review > name it “BillingFullAccess” > Create policy

Attach billing policy

You can attach billing policy to users or user groups. For simplicity, let’s assume we are applying it a user.

  1. Go to IAM: https://console.aws.amazon.com/iam/
  2. Select users > choose the user that you want to apply
  3. Select Add permissions > Attach existing policies directly
  4. Check BillingFullAccess
  5. Review > Add permission

Activating access to the AWS billing console

From AWS documentation,

By default, IAM users and roles within an AWS account can’t access the Billing console pages. This is true even if the IAM user or role has IAM policies that grant access to certain Billing features.

The last step is to enable this permission. To do so,

  1. Sign in as root/account owner
  2. Click on your username on the top right and select Account
  3. Scroll down to IAM User and Role Access to Billing Information
  4. Click Edit, check Activate IAM Access
  5. Update

And it’s done. You can now login as the IAM user and access the billing dashboard.

Categories
cloud security sysadmin

New for Amazon GuardDuty – Malware Detection for Amazon EBS Volumes | AWS News Blog

Once configured, AWS GuardDuty will now scan EBS volumes for malware and report its findings when it detects suspicious activities. If you haven’t enable it already, you should do so.

https://aws.amazon.com/blogs/aws/new-for-amazon-guardduty-malware-detection-for-amazon-ebs-volumes/

When you have GuardDuty Malware Protection enabled, a malware scan is initiated when GuardDuty detects that one of your EC2 instances or container workloads running on EC2 is doing something suspicious.

Categories
security

Security Certification Roadmap – Paul Jerimy Media

It’s probably impossible to get every security certification out there. But it’s still fun to see them being listed and classified neatly like this.

IT Security Certification Roadmap charting security implementation, architecture, management, analysis, offensive, and defensive operation certifications.

Source: Security Certification Roadmap – Paul Jerimy Media

Categories
cloud internet privacy

The Era of Borderless Data Is Ending – The New York Times

From data privacy and data residency to digital sovereignty, change is happening, and not necessarily in a good way. The wild west that characterize the Old Internet is being chipped off one block at a time. Some predicts this will lead to the end of general computation and further entrench incumbents, making it even more difficult for new players to break in.

Nations are accelerating efforts to control data produced within their perimeters, disrupting the flow of what has become a kind of digital currency.

Source: The Era of Borderless Data Is Ending – The New York Times

Categories
ai

Imagen: Text-to-Image Diffusion Models

Text-to-image generation is now surprising good. Some predicts the end of stock photo business – why use a stock photo when you can generate any image you need just based on description?

Google develops competing model to DALL-E 2, which purportedly performs better than the latter and other models in a test with human raters.


Generated from text prompt “A robot couple fine dining with Eiffel Tower in the background”.

Source: Imagen: Text-to-Image Diffusion Models

Categories
ai

DALL·E 2

Another ground-breaking work from OpenAI.

We are all familiar with AI models that does image analysis and outputs text description or labels. For instance,

Dall-E and its successor, Dall-E 2, sort of does the reverse. It produces an image based on text description. There’s some degree of randomization there so it can produce different outputs from the same prompt text.

Here’s an example generated from “An astronaut riding a horse in the style of Andy Warhol”.

Someone used Dall-E 2 to generate pictures from Twitter bios and the results are just jaw-dropping.

happy sisyphus

bookbear

machine learning researchoor | technology brother | “prolific Twitter shitposter

It’s currently in private preview but should not be long before it provides a commercial offering.

DALL·E 2 is a new AI system that can create realistic images and art from a description in natural language.

Source: DALL·E 2

Categories
phishing security

Lupinia Studios – I’m a Scam Prevention Expert, and I Got Scammed

There’s a lot to unpack here: scam prevention expert gets scammed, ‘cos a supposed fraud prevention department turns out to be the actual fraud. Goes to show anyone can fall for these attacks, even experts.

I’m a Scam Prevention Expert, and I Got Scammed

Source: Lupinia Studios – I’m a Scam Prevention Expert, and I Got Scammed

Categories
3D programming

Data Management OSS (Object Storage Service) migrating to Direct-to-S3 approach

It’s no secret that Autodesk Forge uses AWS. But now they made it explicit. Some of the API will be exposing AWS services – in particular S3 – directly.

Source: Data Management OSS (Object Storage Service) migrating to Direct-to-S3 approach

Categories
programming security

BIG sabotage: Famous npm package deletes files to protest Ukraine war

Oh dear. Yet another npm author went rouge. This time it appears that the npm package deletes files for users with Russian/Belarus IP addresses. Time to take package pinning more seriously.

This week, the developer of the popular npm package ‘node-ipc’ released sabotaged versions of the library in protest of the ongoing Russo-Ukrainian War. The ‘node-ipc’ package, which gets downloaded over a million times weekly, began deleting files on developer’s machines, in addition to creating new text files with “peace” messages.

Source: BIG sabotage: Famous npm package deletes files to protest Ukraine war