Cloud Security
Clint Gibler
Open original sourceRetained excerpt
I like the product screenshots, it seems like they gather app-relevant context thoughtfully. Cloud Security Some notes on Lambda MicroVMs Aidan Steele shares hands-on notes on AWS Lambda MicroVMs, a generalisation of Lambda functions that run code in a fresh VM for up to 8 hours. The shell side is a first-class capability since MicroVMs support PTYs natively with shell access through a dedicated AWS API, and inside the VM you can run Docker containers with full OS capabilities. Networking gets its own abstraction called a Lambda Network Connector, a configuration packaging subnets, security groups, and an IAM role for ENI management under its own ARN. The connectors create ENIs in your VPC but hide them by default unless a specific flag is set on the describe call, and AWS has placed resource-based policies on the ENIs so only the Lambda service can mutate them, closing off the old trick of attaching an elastic IP to a Lambda ENI for VPC-attached internet access. Holding blobs for…
This limited excerpt is retained to explain the source trail. Rights remain with the original publisher.