HackerTrans
TopNewTrendsCommentsPastAskShowJobs

heldsteel7

no profile record

Submissions

[untitled]

1 points·by heldsteel7·2 เดือนที่ผ่านมา·0 comments

AWS RDS Extended Support, you still have few levers to pull

cloudyali.io
1 points·by heldsteel7·2 เดือนที่ผ่านมา·0 comments

Claude on AWS vs. AWS Bedrock

cloudyali.io
1 points·by heldsteel7·2 เดือนที่ผ่านมา·0 comments

Hyperscalar AI Tax

cloudyali.io
2 points·by heldsteel7·5 เดือนที่ผ่านมา·1 comments

The Guide to AWS Lambda Cost Optimization

cloudyali.io
3 points·by heldsteel7·ปีที่แล้ว·1 comments

Nat Gateway – How to Reduce Data Transfer Expenses

cloudyali.io
2 points·by heldsteel7·ปีที่แล้ว·2 comments

Cost Attribution in Cloud

cloudyali.io
1 points·by heldsteel7·ปีที่แล้ว·0 comments

Why You're Paying Twice for AWS Service Calls

cloudyali.io
1 points·by heldsteel7·2 ปีที่แล้ว·3 comments

[untitled]

3 points·by heldsteel7·2 ปีที่แล้ว·0 comments

Streamlining AWS Access for growing startups

cloudyali.io
2 points·by heldsteel7·2 ปีที่แล้ว·1 comments

Key Considerations for Securing AWS Infrastructure – 101

cloudyali.io
1 points·by heldsteel7·3 ปีที่แล้ว·0 comments

Do we need JIT access to Cloud?

cloudyali.io
2 points·by heldsteel7·3 ปีที่แล้ว·0 comments

AWS Tagging Evolution

cloudyali.io
2 points·by heldsteel7·3 ปีที่แล้ว·1 comments

How to Monitor AWS IAM Root Users at Scale

tldrsec.com
1 points·by heldsteel7·3 ปีที่แล้ว·1 comments

How to Onboard Any Number of AWS Member Accounts with CloudFormation StackSet

cloudyali.io
1 points·by heldsteel7·3 ปีที่แล้ว·1 comments

[untitled]

1 points·by heldsteel7·3 ปีที่แล้ว·0 comments

Cloudquery, Resoto, Steampipe, Airbyte, CloudYali – cloud resource inventory

old.reddit.com
1 points·by heldsteel7·3 ปีที่แล้ว·0 comments

AWS S3 Bucket Creation Date Discrepancy in Master and Other Regions

cloudyali.io
2 points·by heldsteel7·3 ปีที่แล้ว·1 comments

Monitor IAM User Activities and Access to Regions and Services at Scale

cloudyali.io
2 points·by heldsteel7·3 ปีที่แล้ว·1 comments

How to Monitor AWS IAM Root Users at Scale

cloudyali.io
2 points·by heldsteel7·3 ปีที่แล้ว·0 comments

comments

heldsteel7
·2 เดือนที่ผ่านมา·discuss
Every provider has an attribution mechanism. AWS has Inference Profiles. Azure tracks by deployment. GCP has request labels. But each one has a blind spot.
heldsteel7
·5 เดือนที่ผ่านมา·discuss
Hyperscalar prices will eventually rise due to AI Tax.
heldsteel7
·ปีที่แล้ว·discuss
This comprehensive guide covers right-sizing, smart code optimization, event filtering, and efficient monitoring techniques. Learn how to reduce Lambda costs without sacrificing performance, implement best practices, and avoid common pitfalls. Perfect for developers and architects looking to build cost-efficient serverless applications.
heldsteel7
·ปีที่แล้ว·discuss
AWS NAT Gateway is essential for managing traffic from private subnets, but it can silently inflate your cloud costs through data processing fees. Every AWS service call—whether to S3, DynamoDB, or other services—incurs a $0.045/GB charge when routed through NAT Gateway.
heldsteel7
·2 ปีที่แล้ว·discuss
Each AWS service call from private subnets could be adding unnecessary NAT Gateway charges ($0.045/GB) on top of standard data transfer fees. With 50TB monthly traffic, that's $2,250 in avoidable costs. Analysis of how VPC endpoints eliminate this double-charging, with performance implications and implementation patterns.
heldsteel7
·2 ปีที่แล้ว·discuss
[flagged]
heldsteel7
·2 ปีที่แล้ว·discuss
As your startup scales on AWS, managing access control becomes crucial. This blog post provides a roadmap for securing your cloud environment. You'll learn about the limitations of basic IAM users, the benefits of centralized identity management, and the capabilities of AWS IAM Identity Center with Just-In-Time access.
heldsteel7
·3 ปีที่แล้ว·discuss
From mere labelling in 2010 to the sophisticated tagging services of today, AWS tagging has seen a rapid evolution. These updates have provided users with additional functionality, greater control over their resources, and more effective monitoring, auditing, and management of their AWS infrastructure.
heldsteel7
·3 ปีที่แล้ว·discuss
CloudYali (https://www.cloudyali.io) provides insights into best practices and effective strategies for managing IAM users at scale.
heldsteel7
·3 ปีที่แล้ว·discuss
CloudFormation StackSet allows for automated onboarding of any number of member accounts, while also providing an exceptional user experience.
heldsteel7
·3 ปีที่แล้ว·discuss
AWS S3 bucket creation date may be reported differently in different regions. To get the S3 bucket creation date correctly call list api in us-east-1.
heldsteel7
·3 ปีที่แล้ว·discuss
CloudYali makes AWS IAM monitoring for large accounts a breeze.
heldsteel7
·3 ปีที่แล้ว·discuss
It is critical to understand that almost anything in the cloud can assume an identity. Resources can have direct and indirect relationships, some of which are not obvious.
heldsteel7
·5 ปีที่แล้ว·discuss
absolute gem!

A complimentary read https://nedbatchelder.com/text/unipain.html
heldsteel7
·5 ปีที่แล้ว·discuss
Great idea! How do you choose papers? Is it all free??

Would be good if you could further narrow down from the topic to subtopics.

A small glitch, when I deselect 'Select All' it doesn't clear topics.
heldsteel7
·5 ปีที่แล้ว·discuss
Congratulations on your launch. I'm don't have technical background to understand the nitty gritty, but reading through all the comments itself is an immense learning on the topic.Good luck.
heldsteel7
·5 ปีที่แล้ว·discuss
Awesome! Thanks for sharing.
heldsteel7
·5 ปีที่แล้ว·discuss
Thanks, can you please suggest improvement points?
heldsteel7
·5 ปีที่แล้ว·discuss
Very valid points Brad.

Currently it is third party service collecting the data, we reduct the sensitive information. The data is encrypted at rest and we follow best security rules.

Though our existing model is SaaS based, we are contemplating to separate the control plane into SaaS model, while keeping data plane within the users account. We want to work with our users feedback for this.

Please do try and share your valuable feedback.Thanks!
heldsteel7
·5 ปีที่แล้ว·discuss
I’m not surprised you asked how CloudYali is different from AWS Config. We have been asked this earlier as well.

As we know AWS Config, when debuted in 2014 it promised to be the configuration auditor for AWS. The mandate for any team working in AWS workload management, is security and cost effectiveness along with operational efficiency. This requires a great deal of visibility into the cloud workloads. These workloads consists of cloud assets (or resources) from multiple AWS services. As a configuration auditor, AWS Config is supposed to provide a complete visibility into the cloud assets, keep the configuration history of changes and help in achieving the regulatory compliance.

Today AWS has more than 200 services, and more than 500 cloud assets types. In 2017, AWS Config supported ~26 services and 72 resource types. In 2021, the coverage has reached barely 103 resource types. This is ~20% coverage across all the asset types. These assets have relationships which may cross the service boundaries. These relationships are important to be understood, from security point of view (lateral movement attacks). Similarly you need to know about all your assets from cost point of view. You never know if someone accidentally started any expensive service, say macie and you realise it only when the monthly bills arrive. Problem with AWS Config is lack of coverage and even slower addition of newer resource types into coverage.

Yet another issue is usability. AWS Config is a regional service, which needs to be configured across all regions and accounts. This is a sizeable effort. Recently only AWS Config started with Organizations support. When you’re in midst of incident resolution, the important t for any cloud team is access to historical information about the configuration changes. AWS Config UI and CLI is not something you want to deal with at that moment.

For CloudYali, the mission is to provide visibility across all the cloud with usability in mind. CloudYali works on multiple accounts and all regions by default. This means, by default you are looking at the cloud assets across your whole cloud. We have currently added a support for ~ 250 asset types (and we will keep adding).

CloudYali, also maintains the lifetime of the assets, and the history of configuration changes. It is like applying version control to the cloud. The configuration changes are visualised on the timeline, where you can choose to see configuration attributes at any given time. We clearly mark the assets as Live/Active or Deleted if asset no longer exists. It is also possible to filter assets based on the accounts, regions, or time duration so that it is easier to pinpoint assets. This makes troubleshooting easier for cloud operations. Consider for example, rules in load balancer, min/max for auto-scaling group. These things are often changed manually during production issues and if you don't have backups, it's quite easy to mis-configure and then spend time trying to recall previous values. CloudYali intends to be helpful in such scenarios.

I hope this answers your query.

Thanks,