投稿時間:2022-03-29 19:37:03 RSSフィード2022-03-29 19:00 分まとめ(44件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
ROBOT	ロボスタ	自動配送ロボット「Hakobot」商業宇宙港「北海道スペースポート」で実証実験 悪路走破性、実際の作業環境で走行テスト	https://robotstart.info/2022/03/29/hakobot-hokkaido-space-port.html		2022-03-29 09:19:51
IT	ITmedia 総合記事一覧	[ITmedia ビジネスオンライン] 九電社長「要請聞いていない」　露産ガス代金のルーブル払い	https://www.itmedia.co.jp/business/articles/2203/29/news166.html	itmedia	2022-03-29 18:42:00
IT	ITmedia 総合記事一覧	[ITmedia ビジネスオンライン] 映画の世界に宿泊できる「トイ・ストーリーホテル」を公開	https://www.itmedia.co.jp/business/articles/2203/29/news165.html	itmedia	2022-03-29 18:30:00
IT	ITmedia 総合記事一覧	[ITmedia News] ガンダムメタバースの名前は「SIDE-G」　バーチャル空間の集合体に　「ガンプラコロニー」秋公開	https://www.itmedia.co.jp/news/articles/2203/29/news163.html	itmedia	2022-03-29 18:26:00
TECH	Techable（テッカブル）	Progateが新プログラミング学習サービス発表、実践型でエンジニアの実務を疑似体験	https://techable.jp/archives/176139	progate	2022-03-29 09:32:41
AWS	AWSタグが付けられた新着投稿 - Qiita	🎉 AWS認定資格11冠を達成しました	https://qiita.com/k_su21652/items/6e9ec7bee0f8efaf9165		2022-03-29 18:46:37
技術ブログ	Mercari Engineering Blog	merpay Backend Talk 〜決済基盤だけじゃない。メルペイを支える基盤開発の取り組み〜 を開催しました！ #merpay_backend	https://engineering.mercari.com/blog/entry/20220325-472df3f530/	hellip	2022-03-29 10:00:25
技術ブログ	Developers.IO	StepFunctionsから呼び出したLambda関数のエラー発生時に、Lambda関数の再試行が行われたか教えてください	https://dev.classmethod.jp/articles/tsnote-stepfunctions-lambda-retry-settings/	lambda	2022-03-29 09:29:53
技術ブログ	Developers.IO	パパ、お花とお話しできればいいのにね ～子育テック的な何か～	https://dev.classmethod.jp/articles/babytech/	観葉植物	2022-03-29 09:25:22
技術ブログ	Developers.IO	AWS Systems Managerのパラメータストアの値を手動管理からCloudFormation管理に変えてみた	https://dev.classmethod.jp/articles/aws-systems-manager-parameter-store-use-cloudformation/	awssystemsmanager	2022-03-29 09:18:15
技術ブログ	Developers.IO	Backlog API を使って Backlog に課題を大量登録してみた	https://dev.classmethod.jp/articles/backlog-api-many-issues/	backlog	2022-03-29 09:01:38
海外TECH	DEV Community	How to Be an Effective Boy/Girl-Scout Engineer🚩	https://dev.to/alexomeyer/how-to-be-an-effective-boygirl-scout-engineer-4olj	How to Be an Effective Boy Girl Scout EngineerAlways leave the code better than you found it it s that simple yet not everyone is doing it I ve published this article last year and decided to republish it as there are some new lessons I learned on this topic and want to share Most engineers have heard of the boy scout rule Always leave the code better than you found it It s often been heralded as a magic cure for technical debt if only all software engineers behaved like good citizens our software wouldn t deteriorate so relentlessly But if it s that simple why isn t everyone doing it to curb tech debt once and for all You guessed it it s not that simple So let s figure out whyーand what we can do about it Let s look at What makes it difficult for Engineers to follow this rule How to make it easy for Engineers to be a boy girl scout What strategy can help you clean up your code regularly The boy scout ruleーwhere does it come from anyway In the founder of the scouts Robert Stephenson Smyth Baden Powell said Try and leave this world a little better than you found it Over time this may have morphed into Always leave the campground cleaner than you found it but the sentiment is more or less the same The point is that small but consistent efforts to keep the campground clean avoid a massive clean up operation down the line Robert C Martin Uncle Bob applied this rule to software engineering Always leave the code better than you found it In other words engineers should continuously clean up small pieces of tech debt so they never have to undertake a giant refactoring project when they re too close to technical bankruptcy Simple enough What gets in the way of the boy scout ruleBusiness pressures typically force engineers to bolt new code onto existing code with limited time available for ensuring that the result is sane and maintainable This focus on short term outcomes creates future productivity bottlenecks or technical debt code written yesterday that slows you down today A vicious cycle emerges We want to ship quickly so we bolt on some new code This makes future work more difficult but we still want to ship quickly so we don t take the time to clean up the code We also don t have an easy way to create issues flag the problem and add it to the sprint and problematic code remains in the codebase It becomes even harder to contribute productively to that part of the codebase but the clean up job is too big now so we don t take care of it The code s health keeps getting worse deteriorating until we have no option and we have to do a massive clean up job to be able to keep shipping All of this is due to the false assumption that investing in software quality isn t worth the cost and will slow down the pace at which we ship However as Martin Fowler explains this assumption is flawed because clean code actually allows us to ship faster If you apply the boy scout rule and leave the campground cleaner than you found it you can break the cycle But applying it in practice is not easy To see the problem more clearly let s step into the shoes of a boy girl scout engineer for a moment The boy girl scout engineer s dilemmaI ve been assigned a ticket I ve got to ship within a certain timeframe because I ve committed to an estimate during planning I d like to achieve the goal and deliver business value on time but I d also like to leave my campground cleaner than I found itーthis will make it easier for my colleagues and I to work on the code later and the business will benefit because we ll be able to ship future work faster and it ll be of higher quality But how do I know how much cleaning capacity I have How do I identify the things most worthy of my cleaning time I can t clean up the company s entire codebase These are difficult questions to answer My cleaning capacity will vary based on how quickly I can complete the new work and identifying the few things most worthy of my cleaning time is difficult when there are so many options What actions might I take given the above I might over clean and end up delaying the shipment I might clean up a few things but not the most important ones This is my dilemma steps strategy for making any code betterTo avoid the situation where you need to stop all the development process to clean up your code make sure your Engineering team follows these extended version of the boy girl scout rule If you see small tech debt that can be fixed quickly →be a boy girl scout and fix it right away Get yourself a piece of cake once done If you see an issue that might take time to fix or you re unsure about →report and flag this issue in your editor Track big issues continuously prioritise them and add make them part of your sprintThe best way to do that is to use the use free Stepsize extensions for VSCode or JetBrains that integrate with Jira Linear Asana and other project management tools and will help you report and prioritise codebase problems directly in your editor This way you will always leave code better than you found it and have a healthy codebase What are the benefits Proponents of the boy scout rule like Robert C Martin Uncle Bob are rightーif followed consistently and applied properly it will be your most effective tool in managing tech debt We call it continuous tech debt management However there is more to this rule than meets the eye and the tough bit is clearly consistency Boy girl scout engineers need to learn about the laws and incentives that make it hard for them to be effective but they also need to acquire the right tools and skills to really have a lasting impact on their codebases health Code quality will speed up the whole engineering team and therefore the entire companyーsee our piece about how tech debt affects everyone in the company Code quality is worth the cost In the words of Robert C Martin as captured in Kevlin Henney s book Things Every Programmer Should Know I think if we all followed that simple rule we would see the end of the relentless deterioration of our software systems Instead our systems would gradually get better and better as they evolved We would also see teams caring for the system as a whole rather than just individuals caring for their own small part Being a boy girl scout might be tougher than you ever thought but you can do it and it will actually save you timeーso don t despair and be prepared	2022-03-29 09:48:08
海外TECH	DEV Community	TreeDataGrid is out!	https://dev.to/avalonia/treedatagrid-is-out-4do7	TreeDataGrid is out Our new control TreeDataGrid is now publicly available It is controls in one DataGrid and TreeView Our users have been asking us for more performant version of DataGrid and TreeView type controls capable of displaying huge datasets We started to develop this control internally a long time ago This control is already more performant than it s analogues from the main repository It supports virtualisation everything is strongly typed and we are even using internal experimental features like TypedBindings TreeDataGrid is still far behind DataGrid from the main repository in terms of features but our commercial customers do use this control in their applications and they are happy with it As of the time of writing it s great for display lots of data we have not yet however added the ability to edit said data Controls like these take a lot of expertise dedication and time to design and build We have wrestled with the idea to commercialise this control or to make it publicly available for free In the end we have decided to allow anyone to use it for free under the MIT license However will ask that support for these controls issues and pull requests can only be provided to paying customers See our support packages for more information Documentation is available on our site and NuGet package is also publicly available Please consider using this control and share your impressions in our Twitter and in our Telegram chat	2022-03-29 09:38:01
海外TECH	DEV Community	Centralising audit, compliance and incident detection	https://dev.to/aws-heroes/centralising-audit-compliance-and-incident-detection-11fi	Centralising audit compliance and incident detection IntroductionThis is the third in a series of posts looking at some of the core services building blocks and approaches that will help you build out a multi account best practice landing zone Part Initial setup up of a multi account AWS environmentPart Adding AWS SSO and controlling permissionsPart Centralising compliance and incident detectionPart Budget Alerts and reportingIn this post we will focus on some of the services that will provide security compliance and incident detection starting with CloudTrail The source code used is available in this GitHub repository CloudTrailAWS CloudTrail is an AWS service that helps you enable governance compliance and operational and risk auditing of your AWS account For this demo we are going to create an Organization Trail This is a trail that logs all events for all AWS accounts in the organization They are automatically applied to all member accounts In order to set up an organization trail you will first need to enable CloudTrail as a trusted service in you organization else you will get an error message like the following ERROR Resource OrgTrail failed because Resource handler returned message Invalid request provided The request could not be processed because your organization hasn t enabled CloudTrail service access Enable service access for CloudTrail and then try again To enable trusted access you can run the following command using a profile in the management account aws organizations enable aws service access service principal cloudtrail amazonaws comOr you can setup directly from within AWS Organizations in the management account by clicking on services and selecting CloudTrail and then enable trusted access Enabling trusted access automatically creates a service linked role called AWSServiceRoleForCloudTrail role in each account This is required for CloudTrail to successfully log events for an organization An organization trail can only be setup in the management account and so we use the following OrganizationBinding that applies only to this account OrganizationBindings OrgTrailBinding IncludeMasterAccount trueWe also pass in a number of parameters to the template which include specifying a name for the S bucket the organization trail and the CloudWatch log group In addition if we have not already done so we store the organizationId of our AWS Organization in the organization parameters yml file and pass this value in along with the resource prefix Parameters orgBucketName Sub resourcePrefix orgtrail CurrentAccount AccountId resourcePrefix Ref resourcePrefix organizationId Ref organizationId trailName central orgtrail logGroupName OrgTrail org audit logNow we define the cloudformation in the main template itself Create an S bucket in management accountFirst we need to create an S bucket that will receive the log files for the organization trail We use the PublicAccessBlockConfiguration settings to block open public access to the bucket We use the LifecycleConfiguration settings to only store the objects for a specific period of time We also setup server side encryption with S managed keys and enable versioning OrgTrailBucket OrganizationBinding Ref OrgTrailBinding Type AWS S Bucket DeletionPolicy Retain UpdateReplacePolicy Retain Properties BucketName Ref orgBucketName AccessControl Private PublicAccessBlockConfiguration BlockPublicAcls true BlockPublicPolicy true IgnorePublicAcls true RestrictPublicBuckets true LifecycleConfiguration Rules ExpirationInDays Ref logDeletionDays Id orgtrail bucket lifecycle configuration Status Enabled BucketEncryption ServerSideEncryptionConfiguration ServerSideEncryptionByDefault SSEAlgorithm AES VersioningConfiguration Status EnabledThis bucket needs a bucket policy that allows CloudTrail to put the log files in the bucket for the organization The resource with organizationId allows logging for the organization trail It also allows logging for the specific account itself in the event the trail is changed from an organization trail to a trail for that account only The aws SourceArn condition helps ensure that CloudTrail can write to the S bucket only for the specific trail Sid AWSCloudTrailAclCheck Effect Allow Principal Service cloudtrail amazonaws com Action s GetBucketAcl Resource GetAtt OrgTrailBucket Arn Sid AWSCloudTrailWrite Effect Allow Principal Service cloudtrail amazonaws com Action s PutObject Resource Sub OrgTrailBucket Arn AWSLogs AWS AccountId Sub OrgTrailBucket Arn AWSLogs organizationId Condition StringEquals s x amz acl bucket owner full control AWS SourceArn Sub arn aws cloudtrail eu west AWS AccountId trail trailName We also want our organization trail to support sending the events to a CloudWatch log group Before we set up the trail we need to set up the CloudWatch log role and the IAM role assumed by CloudTrail to write to CloudWatch We start off by creating the CloudWatch log group OrgTrailLogGroup OrganizationBinding Ref OrgTrailBinding Type AWS Logs LogGroup Properties RetentionInDays LogGroupName Ref logGroupNameWe then create the IAM role that will be assumed by CloudTrail This allows CloudTrail to create a log stream in the log group specified above and to deliver events to that log stream for both trails in the specific AWS account and for organization trails created in this account the management account that are applied to the organization with the specific organizationId OrgTrailLogGroupRole OrganizationBinding Ref OrgTrailBinding Type AWS IAM Role Properties RoleName orgtrail publish to cloudwatch log group AssumeRolePolicyDocument Version Statement Sid AssumeRole Effect Allow Principal Service cloudtrail amazonaws com Action sts AssumeRole Policies PolicyName cloudtrail policy PolicyDocument Version Statement Sid AWSOrgTrailCreateLogStream Effect Allow Action logs CreateLogStream logs PutLogEvents Resource Sub arn aws logs eu west AWS AccountId log group logGroupName log stream AWS AccountId CloudTrail eu west Sub arn aws logs eu west AWS AccountId log group logGroupName log stream organizationId Finally we create the trail providing all the relevant information OrgTrail OrganizationBinding Ref OrgTrailBinding Type AWS CloudTrail Trail DependsOn OrgTrailBucketPolicy OrgTrailLogGroup OrgTrailLogGroupRole Properties CloudWatchLogsLogGroupArn GetAtt OrgTrailLogGroup Arn CloudWatchLogsRoleArn GetAtt OrgTrailLogGroupRole Arn EnableLogFileValidation true IncludeGlobalServiceEvents true IsLogging true IsMultiRegionTrail true IsOrganizationTrail true SBucketName Ref OrgTrailBucket TrailName Ref trailNameBy default trails created without specific event selectors will be configured to log all read and write management events and no data events Data events provide insights into the resource “data plane operations performed on or within the resource itself Data events are often high volume activities and include operations such as Amazon S object level APIs and Lambda function invoke API Adding the following EventSelector to the properties section would log data events for all objects in all S buckets in your account with the trail logging both read and write events as well as management events Properties EventSelectors DataResources Type AWS S Object Values Sub arn aws s IncludeManagementEvents true ReadWriteType AllWhen the pipeline runs and the organization trail is created a trail with the given name will be created in every AWS account that belongs to the organization Users with the relevant permissions will be able to see this trail in their member accounts and will be able to view the event history directly in CloudTrail for their account However they will not be able to remove or modify the trail in any way Any attempt to do so will show an error message like the one shown in the console below By default the log files delivered by CloudTrail to your bucket are encrypted by Amazon server side encryption with Amazon S managed encryption keys SSE S To provide a security layer that is directly manageable you can instead use server side encryption with AWS KMS managed keys SSE KMS for your CloudTrail log files but that is currently outside the scope of this blog post CloudWatch AlarmsIn our second post we showed how to setup a cross account role so that a user in the IncidentResponse group in the Security account could jump across into a production account to investigate in the case of an incident To add an additional level of security and audit we will setup a CloudWatch alarm to alert us whenever the elevated role has been assumed To start off with we define a CloudWatch alarm that will exist in the management account with the centralised CloudWatch logs from CloudTrail We specify the name of the metric associated with the alarm Statistics are metric data aggregations over specified periods of time For this alarm we are simply summing the values of all the data points over a time period of seconds We are evaluating only over period This means that if one incident occurs in a second period the alarm will be triggered RoleAlarm Type AWS CloudWatch Alarm OrganizationBinding Ref OrgTrailBinding Properties AlarmName Security switched to Elevated Role in Prod AlarmDescription Alarm on usage of elevated role in the Prod account MetricName Sub resourcePrefix switch elevated count Namespace OrgTrailMetrics Statistic Sum Period EvaluationPeriods Threshold TreatMissingData notBreaching AlarmActions Ref AlarmNotificationTopic ComparisonOperator GreaterThanOrEqualToThresholdThen we define the MetricFilter This filter searches the CloudWatch log group for any events where the event name is SwitchRole and the assumed role is the elevated security role ProductionSupportRoleLoginsFilter Type AWS Logs MetricFilter OrganizationBinding Ref OrgTrailBinding Properties LogGroupName Ref logGroupName FilterPattern eventName SwitchRole amp amp userIdentity arn arn aws sts assumed role elevated security role MetricTransformations MetricValue MetricNamespace OrgTrailMetrics MetricName Sub resourcePrefix switch elevated count Finally we define the SNS topic where the notification will be sent if the alarm is triggered This is setup to send an email to our root email address AlarmNotificationTopic Type AWS SNS Topic OrganizationBinding Ref OrgTrailBinding Properties DisplayName Sub Notifies when alarm on usage of elevated role goes off TopicName Sub resourcePrefix switch elevatedrole alarm notification Subscription Endpoint GetAtt MasterAccount RootEmail Protocol emailWe can now log into the Security account as a user in the IncidentResponse group and switch role in the console to the elevated security role in the Production account This will have the result of the triggering our alarm which we can see in the CloudWatch Alarm console And when we see that this is in alarm we should also receive an email notifying us of the use of the elevated security role in production At this point we could use CloudTrail to view all the actions that were carried out by the user or take some other action This gives you an idea of the capability that exists using CloudTrail Now we will move onto AWS Config AWS ConfigAWS Config is a service that enables you to continually assess audit and evaluate the configurations of your AWS resources This includes how the resources are related to one another and how they were configured in the past and changed over time To start off with we create an S bucket in the Log Archive account and attach a bucket policy to it that allows the Config service to put objects into the bucket as shown here To enable AWS Config we must create a configuration recorder and a delivery channel AWS Config uses the delivery channel to deliver the configuration changes to your Amazon S bucket The configuration record describes the AWS resource types we want to record configuration changes for In the recording group we specify that AWS Config will record configuration changes for every supported type of regional resource It will also include all supported types of global resources such as IAM ConfigurationRecorder Type AWS Config ConfigurationRecorder Properties RecordingGroup AllSupported true IncludeGlobalResourceTypes true RoleARN GetAtt ConfigurationRecorderRole ArnThe delivery channel is used to deliver configuration information to our S bucket it also supports SNS We set it up to delivery configuration snapshots every hour to the S bucket DeliveryChannel Type AWS Config DeliveryChannel Properties ConfigSnapshotDeliveryProperties DeliveryFrequency One Hour SBucketName Ref ConfigAuditBucketWe also configure the IAM role that Config will assume This includes the AWSConfigRole AWS managed policy which will ensure that Config will have the right permissions to get configuration details whenever a new AWS resource type is supported The policy also allows Config to write the details to the S bucket ConfigurationRecorderRole Type AWS IAM Role Properties ManagedPolicyArns arn aws iam aws policy service role AWSConfigRole AssumeRolePolicyDocument Version Statement Sid AssumeRole Effect Allow Principal Service config amazonaws com Action sts AssumeRole Policies PolicyName s policy PolicyDocument Version Statement Effect Allow Action s PutObject Resource Sub ConfigAuditBucket Arn Condition StringLike s x amz acl bucket owner full control Effect Allow Action s GetBucketAcl Resource GetAtt ConfigAuditBucket ArnWe can push the changes to deploy the pipeline and now AWS Config will be enable and rolled out across all accounts in our organizations You can go into any account and view the resources through a dashboard However there are currently no compliance checks as we have not defined any rules So let s go and do that AWS Config Managed RulesAWS Config provides AWS managed rules which are predefined customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices After you activate a rule AWS Config compares your resources to the conditions of the rule After this initial evaluation AWS Config continues to run evaluations each time one is triggered We will setup compliance with an AWS managed rule to check if the incoming SSH traffic for a security group is accessible You can find here the list of AWS Config Managed Rules We will use the restricted ssh rule which has the Identifier of INCOMING SSH DISABLED This is setup using cloudformation in the template below It is rolled out to all accounts SSHOrganizationConfigRule Type AWS Config OrganizationConfigRule Properties OrganizationConfigRuleName OrganizationRestrictedSSH OrganizationManagedRuleMetadata RuleIdentifier INCOMING SSH DISABLED Description restricted ssh Having to setup lots of individual managed rules can be tedious and error prone so AWS also provide conformance packs which we will take a look at now AWS Config Conformance PackA conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account and a Region or across an organization in AWS Organizations Conformance packs are created by authoring a YAML template that contains the list of AWS Config managed or custom rules and remediation actions AWS provide a set of sample templates for conformance packs We will use the Operational Best Practices for Security Identity and Compliance Services The template is available in this GitHub repoThe steps to enable a conformance pack is straightforward Firstly we invoke a template that creates an S bucket in the management account CompliancePackBucket Type AWS S Bucket DeletionPolicy Retain UpdateReplacePolicy Retain Properties BucketName Ref bucketName AccessControl Private PublicAccessBlockConfiguration BlockPublicAcls true BlockPublicPolicy true IgnorePublicAcls true RestrictPublicBuckets true BucketEncryption ServerSideEncryptionConfiguration ServerSideEncryptionByDefault SSEAlgorithm AESWe then copy the conformance pack from GitHub to a local yml file Next we run a task to copy this file to the S bucket CopyToS Type copy to s DependsOn ConfigCompliancePackBucket LocalPath Operational Best Practices for Security Services yml RemotePath Sub s resourcePrefix conformance pack security services yml OrganizationBinding IncludeMasterAccount true Region eu west Finally we invoke a template that uses a OrganizationConformancePack resource to deploy the template in the S bucket to the organization OrganizationConformancePack Type AWS Config OrganizationConformancePack Properties OrganizationConformancePackName SecurityServices TemplateSUri Ref templateURIOnce deployed we have much richer information available to us on the compliance status of our resources Further options are available with AWS Config such as creating our own custom config rules and setting up a Config Aggregator to aggregate all findings from all accounts in the organization into one place We will show this in a future blog post but it is out of scope for this one One of the rules that is marked as non compliant is GuardDuty not being enabled so that is what we will look at now Amazon GuardDutyAmazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation We start off by configuring a new detector an object that represents the GuardDuty service which is required for GuardDuty to become operational This is deployed to all accounts in the organization The detector is setup to be enabled on creation and will export updated findings every minutes Detector Type AWS GuardDuty Detector OrganizationBinding Ref GuardDutyAllBinding Properties Enable true FindingPublishingFrequency FIFTEEN MINUTESThen we setup the AWS GuardDuty Master resource in each GuardDuty member account to accept an invitation from the GuardDuty administrator account which is designated as the Security account Master DependsOnAccount Ref SecurityAccount Type AWS GuardDuty Master OrganizationBinding Ref GuardDutyMemberBinding Properties DetectorId Ref Detector MasterId Ref SecurityAccountFinally we setup the AWS GuardDuty Member resource to add an AWS account as a GuardDuty member account to the GuardDuty administrator account This is only deployed to the Security account but loops through for all other AWS accounts and passes in their account IDs to be added as members Member Type AWS GuardDuty Member OrganizationBinding Ref GuardDutyMasterBinding ForeachAccount Ref GuardDutyMemberBinding Properties DetectorId Ref Detector Email GetAtt CurrentAccount RootEmail MemberId Ref CurrentAccount Status Invited DisableEmailNotification trueOnce deployed we can go and look in the Accounts section of the GuardDuty console in the Security account and we will see all other member accounts listed GuardDuty findings are automatically sent to CloudWatch Events Now we will look at how to send a simple notification when an incident takes place We start off by specifying an event rule on the default Amazon EventBridge FindingRule Type AWS Events Rule DependsOn FindingsTopicPolicy OrganizationBinding Ref GuardDutyMasterBinding Properties Name Sub resourcePrefix guardduty findings rule EventPattern source aws guardduty Targets Id FindingsTopic Arn Ref FindingsTopic State ENABLEDThe rule above looks for any event that is published from the GuardDuty service When a match is found it will push an event onto an SNS topic You can have fun looking at different rules with event patterns in EventBridge including using sample GuardDuty findings You could use the pattern below to trigger a notification for a specific finding type EventPattern source aws guardduty detail type UnauthorizedAccess EC MaliciousIPCaller CustomYou could use a pattern like the one below to trigger a notification if the severity of the finding is above a certain threshold EventPattern source aws guardduty detail severity numeric gt Finally we define an SNS topic in the cloudformation template which will be used to trigger an email notification when a finding is received FindingsTopic Type AWS SNS Topic OrganizationBinding Ref GuardDutyMasterBinding Properties DisplayName GuardDuty Findings TopicName Sub resourcePrefix guardduty findings notification Subscription Protocol email Endpoint GetAtt SecurityAccount RootEmailWe can test this out by logging into one of the AWS accounts using the root email address This is something that should be avoided and will trigger a GuardDuty finding for RootCredentialUsage This post has touched on a number of AWS services that help with audit and compliance as well as incident detection and response It is a very broad topic with powerful features available In the next post we will start to look at budgets and the world of FinOps and sustainability using the Cost and Usage Reports	2022-03-29 09:30:07
Apple	AppleInsider - Frontpage News	Mick Jagger talks about writing the theme song to 'Slow Horses' on Apple TV+	https://appleinsider.com/articles/22/03/29/mick-jagger-talks-about-writing-the-theme-song-to-slow-horses-on-apple-tv?utm_medium=rss	Mick Jagger talks about writing the theme song to x Slow Horses x on Apple TV Apple TV thriller Slow Horses features Mick Jagger s first ever television theme song and he says he wrote the lyrics because he already knew and liked the books the show is based on Mick Jagger in Source Wiki Commons Slow Horses is a bleakly comic spy thriller based on the novels by Mick Herron and made for Apple TV by See Saw Films Debuting on Friday April the series features Strange Game a theme song with lyrics by Jagger and music by Daniel Pemberton Read more	2022-03-29 09:53:01
海外TECH	Engadget	Amazon's kid-centric Glow video call device is now widely available in the US	https://www.engadget.com/amazons-kid-centric-glow-device-is-now-available-to-everyone-in-the-us-091941737.html?src=rss	Amazon x s kid centric Glow video call device is now widely available in the USLast year Amazon revealed one of the more original products we ve seen the kid focused Glow that does video calls and projects a touch sensitive play space onto a flat surface Now the company has announced that the Glow is available for all customers in the US complete with a year subscription for books visual arts activities play options and more nbsp The Amazon Glow combines an inch LCD teleconferencing display with a projector that creates a inch touch sensitive interactive space Parents and others can connect to the device via the Glow mobile app that lets them speak with kids and interact with the projected play space remotely In the original announcement video for example Amazon shows kids doing puzzles drawing and playing reading games while parents and grandparents are able to see what the kids are seeing nbsp quot We know a majority of parents say it s challenging for their kids to stay engaged on traditional video calls and let s be honest stay in one place quot said Glow GM Joerg Tewes quot For parents who are miles or minutes away from home for work Glow provides a new way to say good morning or good night to keep those important relationships strong quot The device comes with quot nearly games and visual arts activities quot through Amazon Kids Amazon said Those include Chess Checkers go Fish Whac A Mole and others It also includes thousands of books different play options remote or side by side the ability to interact with Disney characters Anna and Elsa Woody and Buzz etc and more Parents friends and others can use the Glow app on their existing Android and iOS smartphones tablets or on the Fire HD tablets nbsp Glow looks like a pretty cool product but it isn t exactly cheap You can now pick one up at Amazon BestBuy com and Target com starting at with a mat and mat case plus a year Amazon Kids subscription included It s also available with a Fire HD tablet for nbsp nbsp	2022-03-29 09:19:41
医療系	医療介護 CBnews	病院へのサイバー攻撃はオールジャパンで対策を-サイバーセキュリティーを考える（上）日病・大道副会長	https://www.cbnews.jp/news/entry/20220329173511	重要	2022-03-29 18:25:00
金融	金融庁ホームページ	「財務局長・経済産業局長合同会議」について公表しました。	https://www.fsa.go.jp/news/r3/ginkou/20220328.html	合同会議	2022-03-29 10:00:00
ニュース	BBC News - Home	Twenty fines to be issued over No 10 lockdown parties	https://www.bbc.co.uk/news/uk-politics-60911798?at_medium=RSS&at_campaign=KARANGA	parties	2022-03-29 09:34:48
ニュース	BBC News - Home	Queen to attend Prince Philip memorial service at Westminster Abbey	https://www.bbc.co.uk/news/uk-60902088?at_medium=RSS&at_campaign=KARANGA	westminster	2022-03-29 09:48:37
ニュース	BBC News - Home	Russia-Ukraine war: Abramovich spotted in Istanbul peace talks	https://www.bbc.co.uk/news/world-europe-60912474?at_medium=RSS&at_campaign=KARANGA	billionaire	2022-03-29 09:20:57
ニュース	BBC News - Home	P&O Ferries says sacking U-turn would cause collapse	https://www.bbc.co.uk/news/business-60913206?at_medium=RSS&at_campaign=KARANGA	secretary	2022-03-29 09:37:00
ニュース	BBC News - Home	Covid: 'Partygate' fines to be issued and home abortion service calls	https://www.bbc.co.uk/news/uk-60900881?at_medium=RSS&at_campaign=KARANGA	coronavirus	2022-03-29 09:13:44
北海道	北海道新聞	１８歳と１９歳、４月から成人　明治以来定義変わる、被害懸念	https://www.hokkaido-np.co.jp/article/662707/	被害	2022-03-29 18:35:58
北海道	北海道新聞	＜旅する流氷＞（１）きまぐれな動き「猫派」？	https://www.hokkaido-np.co.jp/article/662708/	白い	2022-03-29 18:34:00
北海道	北海道新聞	米アカデミー賞「ドライブ―」の俳優ら支えた味　赤平「珍来」トンカツラーメン　店主夫妻「携われてうれしい」	https://www.hokkaido-np.co.jp/article/662683/	米アカデミー賞	2022-03-29 18:33:00
北海道	北海道新聞	五稜郭に「御城印」　特別史跡指定７０周年、星形デザイン	https://www.hokkaido-np.co.jp/article/662706/	函館市五稜郭町	2022-03-29 18:31:00
北海道	北海道新聞	鹿部産タラノキ、お茶に　町民有志ら開発、販売　香りさわやか「特産品に」	https://www.hokkaido-np.co.jp/article/662704/	鹿部	2022-03-29 18:28:00
北海道	北海道新聞	防衛大生の任官辞退７２人、過去２番目の多さ　ウクライナ情勢など影響か	https://www.hokkaido-np.co.jp/article/662701/	任官辞退	2022-03-29 18:28:16
北海道	北海道新聞	脱炭素先進地域に支笏湖地区を登録　道内２番目	https://www.hokkaido-np.co.jp/article/662703/	温室効果ガス	2022-03-29 18:26:00
北海道	北海道新聞	＜宇野沢デジタル委員が読み解く＞しぼむ温泉、人気施設めぐる「不都合な真実」	https://www.hokkaido-np.co.jp/article/662207/	不都合な真実	2022-03-29 18:26:54
北海道	北海道新聞	北海道内、感染者数高止まり　まん延防止解除１週間、変異株懸念	https://www.hokkaido-np.co.jp/article/662689/	北海道内	2022-03-29 18:24:55
北海道	北海道新聞	道内公立高２次募集、３０５人が合格	https://www.hokkaido-np.co.jp/article/662687/	高次	2022-03-29 18:21:16
北海道	北海道新聞	ＪＲ西日本、運賃値上げへ　京阪神の一部、来年４月	https://www.hokkaido-np.co.jp/article/662700/	運賃	2022-03-29 18:19:00
北海道	北海道新聞	東京円、１２３円台後半　円安進行が一服、買戻しも	https://www.hokkaido-np.co.jp/article/662699/	円安進行	2022-03-29 18:17:00
北海道	北海道新聞	林外相、米軍機の基地外訓練容認　地位協定に明文規定なし	https://www.hokkaido-np.co.jp/article/662698/	在日米軍基地	2022-03-29 18:16:00
北海道	北海道新聞	不妊治療で支えられ一念発起　４１歳２児の母　春から看護師　旭川の山下さん「患者の不安取り除きたい」	https://www.hokkaido-np.co.jp/article/662256/	一念発起	2022-03-29 18:16:09
北海道	北海道新聞	センバツ、３０日に準決勝　決勝目指し４校調整	https://www.hokkaido-np.co.jp/article/662679/	準々決勝	2022-03-29 18:13:35
北海道	北海道新聞	小樽・北一バス駐車場全市営化　市が国有地取得　２４年度供用目指す	https://www.hokkaido-np.co.jp/article/662696/	観光バス	2022-03-29 18:12:00
北海道	北海道新聞	山下会長、流用に「説明責任を」　ＪＯＣ、バドミントン協会に再調査要求も	https://www.hokkaido-np.co.jp/article/662676/	山下泰裕	2022-03-29 18:10:57
北海道	北海道新聞	３０日の予告先発　日本ハムは加藤	https://www.hokkaido-np.co.jp/article/662695/	予告先発	2022-03-29 18:10:00
北海道	北海道新聞	大阪ＩＲ、４月認定申請へ　和歌山・長崎に先行	https://www.hokkaido-np.co.jp/article/662694/	大阪市議会	2022-03-29 18:05:00
マーケティング	MarkeZine	CAMPFIRE、クラウドファンディングデータから顧客ニーズを分析するサービスのベータ版を開始	http://markezine.jp/article/detail/38676	campfire	2022-03-29 18:15:00
海外TECH	reddit	無駄に全力を出して作った	https://www.reddit.com/r/lowlevelaware/comments/tqvtuh/無駄に全力を出して作った/	wlevelawarelinkcomments	2022-03-29 09:22:26