[jcims]

CapOne also maintains Cloud Custodian, which a lot of people use to great effect to help prevent stuff like this.

Ultimately I think it just shows that securing cloud infrastructure is difficult to do consistently when you move quickly and broadly at scale. It also shows that the specific mechanism for authenticating EC2 instances had some design issues. These have been known about for a long time of course and it is kind of disappointing how long it took AWS to do something about it.

[kapilvt]

Cloud custodian is maintained by the community, capitalone has not had any maintainers on staff for around a year, though they still use and occasionally contribute prs. The major contributors and maintainers over the last year have been the cloud providers. The community has been working with capitalone to move it into cncf in 2020.

[616c]

Huge fan working with you on one issue and glad to see you are everywhere setting the record straight, Kapil!

[jcims]

I stand corrected by an authority on the subject. :)