Last accessed information for AWS Services
After a launch last year for S3, last accessed information now extends to EC2, IAM and Lambda.
It is sometime hard to keep track on roles and instances, to ensure the implementation of least privilege principle, we should create roles for each lambda, ec2 instance (if needed) each roles will have multiple policies.
When a part of a project or an entire project is deprecated, lambda will be disable, but it’s easy to miss related IAM resources. Question like is this policy used by another role? Does another part of the project need this EC2 instance? In theory every resource should be well known tagged, documented, but in real world things are never that simple, a developer might have created an instance to access a VPC without opening anything but SSH, and when the developer leaves no one remember what the instance was used for.
This feature is a great help to recover from an undocumented state, it should not be used as primary way to control the AWS account state, but it’s a great auditing tool to improve security and free unused resources.
Elasticsearch Asynchronous Search
I’m not a big user of elastic search, mostly by lack of time and EL not being used that much in my team. However from a previous assignment I was was using portal supported by Elasticsearch. That’s why this feature got my eye, we are in a field where the the page didn’t load in 5 seconds flats, users are not happy. I even know users that will reload the page after 10 seconds because the portal “crashed” to their eyes.
Asynchronous search will help on large sets, no more need to wait until the load is complete, the end user can start working the data before having all data. This feature is great for the end user and for the service owners.
With this feature, might be what I need to start studying elasticsearch and check how to implement it in my use cases.
