CloudPro #57: OpenAI announces SearchGPT, its AI-powered search engine

What really happened with CrowdStrike? A Technical Analysis

Welcome to the 57th edition of CloudPro! Today, we’ll talk about:

⭐Masterclass:

1. [Sponsored] How self-serve analytics can help you speed up data analysis

2. Attackers deploying new tactics in campaign targeting exposed Docker APIs

3. Build, Debug, Test, and Deploy AWS Lambda Functions Locally

4. How to achieve ultimate freedom with your load balancer

5. How to Migrate an Observability Platform to Open-Source and Cut Costs

6. Moving AWS Accounts and OUs Within An Organization - Not So Simple!

🔍Secret Knowledge:

1. The Problem with OpenTelemetry

2. Microsoft WebApp Deployments with GitHub Actions and Terraform

3. Combining Helm, Kustomize, and Raw Manifests

4. Zero Trust Network Router on AWS

5. AWS Resource Observability

⚡Techwave:

1. OpenAI announces SearchGPT, its AI-powered search engine

2. What really happened with CrowdStrike? A Technical Analysis

3. Google is transforming the Developer Experience with AI

4. What’s new with GKE Cluster Autoscaler

5. Introducing Docs in Proton Drive – collaborative document editing that’s actually private

🛠️HackHub: Best Tools for the Cloud

1. Analyze the real-time impact of Terraform changes

2. Enhances AWS CloudWatch Alarms

3. Guide for using Apache XTable on AWS

4. X.509 certificate signing requests using AWS KMS keys

Cheers,

Shreyans Singh

Editor-in-Chief

Forwarded this Email? Signup Here

---

⭐MasterClass: Tutorials & Guides

⭐Attackers deploying new tactics in campaign targeting exposed Docker APIs

Attackers are targeting exposed Docker APIs in a new cryptojacking campaign similar to the previously known Spinning YARN. They access Docker hosts with open port 2375 to deploy malware using novel binary payloads like `chkstart` for remote access and `exeremo` for lateral movement. These binaries dynamically execute further malicious payloads, making the attack harder to detect. Persistence is achieved by modifying systemd services, ensuring the malware continues running even after reboots. The campaign aims to hijack system resources to mine cryptocurrency, utilizing both existing and new attacker infrastructure.

⭐Build, Debug, Test, and Deploy AWS Lambda Functions Locally

Building, debugging, testing, and deploying AWS Lambda functions locally using AWS SAM (Serverless Application Model) streamlines the development process. First, ensure you have AWS CLI, AWS SAM CLI, Docker, and a configured AWS environment. Initialize a new SAM application and open it in VS Code. Set up a launch configuration for debugging in a `launch.json` file. Run the Lambda function locally and debug it by attaching a debugger to the SAM CLI. Resolve any port issues by terminating conflicting processes. Build the code using `sam build`, then deploy it to AWS with `sam deploy --guided`. Verify the deployment in the AWS Console, ensuring your Lambda function and API Gateway are correctly set up. This workflow ensures efficient and error-free serverless application development.

⭐How to achieve ultimate freedom with your load balancer

Open-source software's rise alongside cloud growth, including multicloud and hybrid infrastructures, emphasizes the need for flexible, feature-rich load balancers. Modern load balancers have evolved beyond traditional roles, offering advanced request routing, failover protection, security capabilities, and centralized management. Key characteristics of an ideal load balancer include open-source foundations, broad technology support, comprehensive environment and deployment model compatibility, and cost optimization. These features ensure freedom in tech stack choices, allowing seamless integration and efficient scaling of applications across various platforms and environments, ultimately maximizing operational efficiency and reducing costs.

⭐How to Migrate an Observability Platform to Open-Source and Cut Costs

Migrating an observability platform to open-source can significantly cut costs and provide more control over telemetry data, which is crucial as applications grow and generate vast amounts of data. This process involves carefully selecting key telemetry data, choosing an appropriate tech stack for logs, metrics, and traces, and conducting thorough testing and validation across various systems. Despite the challenges posed by diverse microservices and existing service provider commitments, a systematic approach including proofs-of-concept, risk analysis, and cross-team collaboration can streamline the transition, making it a cost-effective solution for enhanced observability.

⭐Moving AWS Accounts and OUs Within An Organization - Not So Simple!

Moving an AWS account or Organizational Unit (OU) within an organization can have significant implications. This process affects policy inheritance, CloudFormation StackSet deployments, IAM policy conditions, Resource Access Manager (RAM) shares, and AWS Control Tower enrollments. For instance, moving an account from one OU to another can change which policies apply, potentially causing service disruptions. IAM policies and resource policies may need to be updated to reflect the new OU paths, and resources shared through RAM could be impacted. Additionally, Control Tower governance controls might be enforced on newly moved accounts, and there is no "dry run" to foresee these changes, making careful planning and monitoring essential.

---

🔍Secret Knowledge: Learning Resources

🔍The Problem with OpenTelemetry

The problem with OpenTelemetry is that it has deviated from its original goal of providing a standard for tracing and has become overly complex by trying to encompass logging, metrics, and more. This dilution of focus makes it cumbersome and less effective for developers who primarily need tracing capabilities. Instead of a straightforward tracing solution, OpenTelemetry now requires understanding multiple concepts, leading to poor adoption and practical difficulties.

The proposed solution is to simplify and break out tracing into a dedicated, lightweight SDK, allowing developers to instrument their code with span annotations without the overhead of unnecessary features. This streamlined approach would make tracing more accessible and efficient, ultimately benefiting both developers and vendors.

🔍Microsoft WebApp Deployments with GitHub Actions and Terraform

Automating Microsoft web application deployments with GitHub Actions and Terraform simplifies the process of managing infrastructure and application code releases. By utilizing Infrastructure as Code (IaC) and Continuous Integration/Continuous Deployment (CI/CD) pipelines, you can eliminate manual processes that often lead to delays and errors, ensuring consistency across environments.

This guide demonstrates how to set up a pipeline using GitHub Actions and Terraform to deploy an ASP.NET Core web application to AWS, covering the steps from prerequisites and account setup to building and deploying the sample workload. The result is a streamlined, automated deployment process that aligns with AWS Well-Architected Framework principles, enhancing security, cost optimization, and best practices adherence.

🔍Combining Helm, Kustomize, and Raw Manifests

Combining Helm, Kustomize, and raw manifests streamlines Kubernetes manifest management by leveraging the unique strengths of each tool. Helm simplifies the packaging and sharing of Kubernetes applications, Kustomize allows for environment-specific customizations without modifying the base files, and raw manifests offer direct control over specific configurations. By integrating these tools, you can create highly customizable and adaptable Kubernetes deployments. This approach ensures efficient and flexible management of Kubernetes resources, accommodating the need for both standardization and specific customizations in deployment workflows.

🔍Zero Trust Network Router on AWS

A Zero Trust Network on AWS is designed with the principle of "never trust, always verify," meaning that no traffic is allowed by default unless it is known, verified, and wanted. Expert Thinking reviewed a customer's networking solution to implement this model, leveraging various AWS services. The approach entails creating a network where only explicitly permitted traffic can pass between nodes, enhancing security. As businesses expand and migrate to AWS, a Zero Trust Network simplifies complex networking setups by ensuring all devices, regardless of location, connect through a central, secure network that requires verification for all traffic. This article focuses on setting up a Zero Trust Appliance in AWS to facilitate such a network.

🔍AWS Resource Observability

The article on AWS Tip introduces the "AWS Resource Inventory," a CloudFormation template designed to streamline cloud resource management on AWS. It leverages AWS services like Systems Manager, Config, Athena, and Grafana to automate and visualize your AWS resources across multiple accounts and regions. Key features include detailed resource listings, automated scans, and customizable Grafana dashboards. This tool helps with cost optimization, compliance, and disaster recovery by providing a comprehensive view of your AWS infrastructure.

---

⚡ TechWave: Cloud News & Analysis

⚡OpenAI announces SearchGPT, its AI-powered search engine

OpenAI has introduced SearchGPT, a new AI-powered search engine designed to offer more organized and contextually rich search results compared to traditional search engines. Currently in a prototype phase, it aims to provide summaries and relevant details rather than just links, and will eventually be integrated into ChatGPT. Initial access is limited to 10,000 users, and OpenAI emphasizes clear attribution to news sources while addressing concerns over content use and accuracy.

⚡What really happened with CrowdStrike? A Technical Analysis

On July 19, 2024, CrowdStrike's Falcon platform encountered an issue due to a faulty content update for Windows sensors, causing system crashes (BSOD) on affected machines. The problem was with Rapid Response Content—dynamic updates designed to enhance threat detection. A bug in the content validation process allowed problematic content to be deployed, which triggered out-of-bounds memory access errors in the Falcon sensor. The issue was quickly addressed by reverting the update, and CrowdStrike is now improving their testing and validation processes to prevent similar issues in the future.

⚡Google is transforming the Developer Experience with AI

Generative AI is transforming software development by boosting productivity across various engineering disciplines. AI tools, like Google Cloud's Gemini models, enhance code generation, bug detection, automated testing, and data analysis, allowing developers to focus on higher-level tasks and innovate faster. AI also improves operational efficiency by optimizing CI/CD pipelines and incident management, and strengthens security through advanced threat detection and automated responses. Embracing AI helps streamline development processes, reduce time spent on routine tasks, and improve overall software quality and security.

⚡What’s new with GKE Cluster Autoscaler

Google Kubernetes Engine (GKE) has made significant improvements to its Cluster Autoscaler, which automatically adjusts the size of your clusters based on demand. Recent updates include faster scaling for large deployments, reduced CPU and memory waste, and improved efficiency in scaling identical pods. For example, new features reduce the time to deploy 5,000 pods by 55% and improve application response times by 20%. These enhancements, designed to operate seamlessly in the background, help optimize performance and reliability without requiring additional configuration from users.

⚡Introducing Docs in Proton Drive – collaborative document editing that’s actually private

Proton Drive is introducing a new collaborative document editor called Docs that prioritizes privacy. Unlike other online editors like Google Docs or Microsoft 365, Docs uses end-to-end encryption to ensure that your documents are fully private and secure, including keystrokes and cursor movements. You can create, edit, and share documents with real-time collaboration features, all while keeping your data safe from surveillance and data breaches. Docs is integrated into Proton Drive, maintaining the same high standards of privacy across your cloud storage and productivity tools.

---

🛠️HackHub: Best Tools for Cloud

🛠️Overmind

Overmind is a CLI tool that helps you analyze the real-time impact of Terraform changes, ensuring you understand dependencies and risks before applying changes to your infrastructure.

🛠️aws-samples/alarm-context-tool

The Alarm Context Tool (ACT) for AWS CloudWatch Alarms enhances alarm messages by adding context from metrics, logs, and traces, using AI to summarize findings and suggest fixes, thereby improving troubleshooting and response efficiency.

🛠️aws-samples/apache-xtable-on-aws-samples

The `apache-xtable-on-aws-samples` repository provides a guide for using Apache XTable on AWS to translate open table format metadata and integrate it with Amazon MWAA, including setup, dependencies, and cleanup instructions.

🛠️aws-samples/csr-builder-for-kms

`kmscsrbuilder` is a Python library for creating and signing X.509 certificate signing requests (CSRs) using AWS KMS keys.