One thing I noticed when I logged in today and asked Kiro to review the code across the four projects I broke this into is that it launched four subagents to review the code. I suspect this will produce better results and quicker analysis.
This turned out to be more complicated than expected of course. Gonna be a minute. The LLMs wrote really insecure code. Blogs coming.
A Script To Monitor Application Network Connections π How would you spot a reverse shell such as was used in Lexus Nexus breach? I vibe coded this script to see parent and child processes with application paths, process names, IPs, ports, IN or OUT.
teriradichel.substack.com/p/a-script-t...
Kiro CLI (opus actually) told me it was βjust thinking out loudβ and this amuses me too much. Iβm delirious from AI overload. π€
Yubikey Push To Run A Lambda Function πβοΈπ€ Leveraging a framework to kick off deterministic or AI agent batch jobs and workflows
teriradichel.substack.com/p/mfa-to-run...
Wondering why if Netgear is a US company when I go to login it is directing me to cognito-idp.eu-west-1.amazonaws.com
They donβt always report issues that only affect a few customers. Also not sure if it was me or my network. Weβll see how it goes today.
Lexus Nexus Breach Involving AWS Secrets Manger, RDS, ECS πβοΈ
Taking a look at the root cause of a breach on AWS, what is actually relevant, and how it may have been prevented
teriradichel.substack.com/p/lexus-nexu...
Never underestimate the value of the OGs.
Took a look at the health dashboard and does not show anything is wrong,
But I did notice Amazon was down today due to deployment issue. Hmm.
I got the commands from Google aimode which was working fine. So I think it was something specific to AWS. I even turned off my firewall to try those actions *gasp* and did not work.
Other parts of AWS console were slow but working. Finally I just opened CloudShell and ran commands to stop all instances and verified stopped.
Looking at the network traffic I can see my browser is trying to reach sa regions when it should stay in us-east-x. I also saw us-west-2 and ca.
I also saw a bunch of denied traffic to sa GuardDuty and other domains with sa in them and the global console domain.
For some reason I could not get to the AWS EC2 dashboard just now to stop an instance. I was trying over and over and looking at all the network traffic.
I had also just created a new account and could not add MFA to it. It kept rejecting my Yubikey. The screens looked different.
This test cost me $75. I thought I had deleted all the resources the same day. Turns out I missed some in an alternate region.
Iβm doing some testing here. I would *never* trust AI to deploy resources based on a prompt if I wasnβt researching something. Use AI to build deterministic scripts to deploy infrastructure on AWS. Then test and verify they work correctly before you use them in production.
Then it proceeded to set up an EC2 reserved instance associated with that service (yes really) in a region I wasnβt operating in.
I set up a script to deploy resources under a certain cost threshold. Turns out the AI intelligent brain thought it was good enough to just pick the first result in the price list for that service. Which was something cheap for a particular service.
But rather than tell me that itβs not possible, I got back plausible results with a spot check. It never told me what I was requesting was not possible. It just gave me a script that does something related.
Next, I had AI write a script to calculate the cost of running any AWS command. You canβt. (I added to to my AWS wishlist on builder.aws.com)
I think I told it to figure out and use the current region in the prompts. Can double check but will be creating a specific SCP for my lovely and creative agents.
I tested automatically creating some AWS infrastructure scripts and test them. Luckily I have an SCP set up to block all but there regions. It went off and created resources in all three regions.
So hereβs a couple of fun things I tried that show how counting on AI π€ to do the right thing can go terribly wrong if you are not testing and paying attention.
I came to a lot of the same conclusions as most of the white papers I have read just by using AI with no complicated overhead, infrastructure, or wordiness. Link pinned to my profile. Good Vibes section of my blog.
Everyone is writing these complicated hard to read white papers about AI. π€ If youβd rather get a quick rundown and understanding of how to use AI more effectively using a lot less words to explain check out my blog posts.
If you donβt need AirPlay on your Mac OS I suggest disabling it.
A Multi-Agent Workflow π€
Creating a multi-agent workflow with Kiro CLI (or any other AI tool for that matter) that processes tasks efficiently
teriradichel.substack.com/p/how-to-cre...
Just found out all my @Substack emails are being flagged as spam in some accounts even after the person adds the sender to the contact list and marks it as not spam. No idea how to resolve that but if you subscribe to my blog, check your spam folder.
I am currently performing API actions in S3 and getting network errors related to an Asia pacific region in the AWS console. Whatβs that all about?
KISS Your AI Prompts π€
Why you should reduce the complexity of your prompts
teriradichel.substack.com/p/kiss-your-...
