Follow

You know, I'd totally livestream my devops work if there were a way to live-censor confidential stuff. I could probably rig up a pretty-close browser extension, but half of what I'm doing is in a terminal or, say, inspecting JSON in an editor. It's one thing to regex-match AWS keys, it's another to recognize PII in a scrolling log in the 16.6 milliseconds before it needs to render out to OBS.

· · Web · 1 · 0 · 1

@ironiridis I've recently done a couple internal-only live streams of dev sessions, to expose some of our interns to some of what/how we do. These were great fun.

AWS SSO makes avoiding secret exposure very easy, as no credentials are ever output to the terminal.

Your log point is much harder to solve, though. For this, we have a strict "no PII in logs" policy, which mostly covers it, but yeah there's always a chance something slips through.

@ironiridis Perhaps streaming while working on your dev/test environment would be easier in this regard, with mock/anonymized data?

@iamdoon We're making the very gradual and painful transition from loads of legacy services on semi-permanent EC2 instances to containerized ephemeral ones, so we're definitely not mature enough to enforce log policy yet. It's been a thing.

@iamdoon The keys are mostly a concern wrt IAM management, as we do not have automated vending of credentials (ask me again in 2 years) and I'm handling password resets, policies, etc. I'm also a hardass and I consider even policy disclosure to be off-limits.

@ironiridis Eesh, I don't envy the yak shaving you're doing. Moving from IAM users to SSO was the #1 most transformative thing I've done in my 10 years of using AWS. It's a crime that they even allow IAM (human) users to be created for new accounts without pushing hard for admins to adopt SSO.

@iamdoon Hard agree. I came on to this org about 1.5 years ago, but the root account is from 2016. And ... that's the only account in the org. I've fixed a lot but we've got a long ... long way to go.

@ironiridis oh my.

Well if you ever want to get together to share war stories and tips/tricks, I'm game.

Sign in to participate in the conversation
MSP Social.net

A community centered on the Twin Cities of Minneapolis and St. Paul, Minnesota, and their surrounding region. Predominantly queer with a focus on urban and social justice issues.

<svg xmlns="http://www.w3.org/2000/svg" id="hometownlogo" x="0px" y="0px" viewBox="25 40 50 20" width="100%" height="100%"><g><path d="M55.9,53.9H35.3c-0.7,0-1.3,0.6-1.3,1.3s0.6,1.3,1.3,1.3h20.6c0.7,0,1.3-0.6,1.3-1.3S56.6,53.9,55.9,53.9z"/><path d="M55.9,58.2H35.3c-0.7,0-1.3,0.6-1.3,1.3s0.6,1.3,1.3,1.3h20.6c0.7,0,1.3-0.6,1.3-1.3S56.6,58.2,55.9,58.2z"/><path d="M55.9,62.6H35.3c-0.7,0-1.3,0.6-1.3,1.3s0.6,1.3,1.3,1.3h20.6c0.7,0,1.3-0.6,1.3-1.3S56.6,62.6,55.9,62.6z"/><path d="M64.8,53.9c-0.7,0-1.3,0.6-1.3,1.3v8.8c0,0.7,0.6,1.3,1.3,1.3s1.3-0.6,1.3-1.3v-8.8C66,54.4,65.4,53.9,64.8,53.9z"/><path d="M60.4,53.9c-0.7,0-1.3,0.6-1.3,1.3v8.8c0,0.7,0.6,1.3,1.3,1.3s1.3-0.6,1.3-1.3v-8.8C61.6,54.4,61.1,53.9,60.4,53.9z"/><path d="M63.7,48.3c1.3-0.7,2-2.5,2-5.6c0-3.6-0.9-7.8-3.3-7.8s-3.3,4.2-3.3,7.8c0,3.1,0.7,4.9,2,5.6v2.4c0,0.7,0.6,1.3,1.3,1.3 s1.3-0.6,1.3-1.3V48.3z M62.4,37.8c0.4,0.8,0.8,2.5,0.8,4.9c0,2.5-0.5,3.4-0.8,3.4s-0.8-0.9-0.8-3.4C61.7,40.3,62.1,38.6,62.4,37.8 z"/><path d="M57,42.7c0-0.1-0.1-0.1-0.1-0.2l-3.2-4.1c-0.2-0.3-0.6-0.5-1-0.5h-1.6v-1.9c0-0.7-0.6-1.3-1.3-1.3s-1.3,0.6-1.3,1.3V38 h-3.9h-1.1h-5.2c-0.4,0-0.7,0.2-1,0.5l-3.2,4.1c0,0.1-0.1,0.1-0.1,0.2c0,0-0.1,0.1-0.1,0.1C34,43,34,43.2,34,43.3v7.4 c0,0.7,0.6,1.3,1.3,1.3h5.2h7.4h8c0.7,0,1.3-0.6,1.3-1.3v-7.4c0-0.2,0-0.3-0.1-0.4C57,42.8,57,42.8,57,42.7z M41.7,49.5h-5.2v-4.9 h10.2v4.9H41.7z M48.5,42.1l-1.2-1.6h4.8l1.2,1.6H48.5z M44.1,40.5l1.2,1.6h-7.5l1.2-1.6H44.1z M49.2,44.6h5.5v4.9h-5.5V44.6z"/></g></svg>