Hacker News: bnchandrapal

How 'What Can Go Wrong?' Went Wrong

bnchandrapal — Thu, 11 Dec 2025 02:42:53 +0000

Article URL: https://badshah.io/what-can-go-wrong-went-wrong/

Comments URL: https://news.ycombinator.com/item?id=46227025

Points: 2

# Comments: 0

New comment by bnchandrapal in "How not to get locked out of your AWS account"

bnchandrapal — Mon, 26 May 2025 05:08:34 +0000

TL;DR: Add MFA to AWS root user. If you don't have MFA with root AND your email server of root email is hosted in same AWS account, it gets tricky to recover.

Sidenote, I was shocked to see "There was an AWS keypair saved in the CI secrets that hadn't been used since 2022."

AWS Product Lifecycle: End of Life Information

bnchandrapal — Sat, 24 May 2025 16:17:20 +0000

Article URL: https://aws.amazon.com/products/lifecycle/

Comments URL: https://news.ycombinator.com/item?id=44082022

Points: 2

# Comments: 0

Setting Up a Cloud Security Roadmap for Your Startup

bnchandrapal — Sat, 24 May 2025 08:57:16 +0000

Article URL: https://awssecuritydigest.com/articles/cloud-security-roadmap-for-startups

Comments URL: https://news.ycombinator.com/item?id=44079779

Points: 4

# Comments: 0

Tailpipe – open-source SIEM for instant log insights, powered by DuckDB

bnchandrapal — Sat, 01 Feb 2025 13:23:50 +0000

Article URL: https://github.com/turbot/tailpipe

Comments URL: https://news.ycombinator.com/item?id=42898103

Points: 5

# Comments: 0

New comment by bnchandrapal in "Well, it's just an AWS Account ID"

bnchandrapal — Wed, 10 Jul 2024 04:31:03 +0000

Yes, you're right. Reading my statement in hindsight shows thats not correct. My intention was to convey that you can check for the existence of common IAM users and roles in the accounts (and even existence of company specific entities like users with first.last pattern, product names, etc) I've slightly updated the point a bit.

Well, it's just an AWS Account ID

bnchandrapal — Wed, 10 Jul 2024 02:21:30 +0000

Article URL: https://mail.cloudsecurity.club/p/well-just-aws-account-id

Comments URL: https://news.ycombinator.com/item?id=40923188

Points: 106

# Comments: 33

New comment by bnchandrapal in "Ask HN: Could you share your personal blog here?"

bnchandrapal — Thu, 06 Jul 2023 02:49:41 +0000

https://badshah.io/

Blog posts on Cloud Security, DevSecOps and other personal experiments+experiences in security

RSS: https://badshah.io/index.xml

My Love/Hate Relationship with Cloud Custodian

bnchandrapal — Mon, 10 Apr 2023 15:11:41 +0000

Article URL: https://badshah.io/my-love-hate-relationship-with-cloud-custodian/

Comments URL: https://news.ycombinator.com/item?id=35513278

Points: 1

# Comments: 0

One important feature that Dependabot is missing

bnchandrapal — Sun, 11 Dec 2022 11:07:27 +0000

Article URL: https://badshah.io/important-dependabot-feature/

Comments URL: https://news.ycombinator.com/item?id=33942179

Points: 2

# Comments: 0

Automating Cloud Security – AWS Edition (Workshop Slides) [pdf]

bnchandrapal — Sat, 12 Nov 2022 12:08:50 +0000

Article URL: https://badshah.io/talks/slides/2022-10-12-Automating-Cloud-Security-AWS.pdf

Comments URL: https://news.ycombinator.com/item?id=33572329

Points: 3

# Comments: 0

Did you completely remove secrets from Git repository? Really?

bnchandrapal — Fri, 07 Oct 2022 17:15:01 +0000

Article URL: https://badshah.io/remove-secrets-from-git-repo/

Comments URL: https://news.ycombinator.com/item?id=33124204

Points: 2

# Comments: 0

New comment by bnchandrapal in "AWS GuardDuty – the Good, the Bad, and the Ugly"

bnchandrapal — Mon, 15 Aug 2022 15:14:09 +0000

Ahhh. AWS Control tower has not cost but it requires AWS Config to be enabled. Config is yet another AWS service that can get costly over time (if continuous monitoring of changes is enabled)