Richard Fan
@richardfan.xyz
AWS Security Hero | Security Engineer | OSCP
I can't overstate how significant the new #AWS Organization Inspector policy is
🔗 Example code: gist.github.com/richardfan11...
With a simple terraform stack, we can enable Amazon Inspector in all accounts, in all regions
📝 More example policy: docs.aws.amazon.com/organization...
#CloudSecurity
🔗 Example code: gist.github.com/richardfan11...
With a simple terraform stack, we can enable Amazon Inspector in all accounts, in all regions
📝 More example policy: docs.aws.amazon.com/organization...
#CloudSecurity
A terraform stack to enable Amazon Inspector in all AWS accounts in all regions
A terraform stack to enable Amazon Inspector in all AWS accounts in all regions - enable-amazon-inspector.tf
gist.github.com
November 25, 2025 at 5:06 AM
I can't overstate how significant the new #AWS Organization Inspector policy is
🔗 Example code: gist.github.com/richardfan11...
With a simple terraform stack, we can enable Amazon Inspector in all accounts, in all regions
📝 More example policy: docs.aws.amazon.com/organization...
#CloudSecurity
🔗 Example code: gist.github.com/richardfan11...
With a simple terraform stack, we can enable Amazon Inspector in all accounts, in all regions
📝 More example policy: docs.aws.amazon.com/organization...
#CloudSecurity
This is my most favourite announcement so far: #AWS issued-JWT
🔗 docs.aws.amazon.com/IAM/latest/U...
With sts:GetWebIdentityToken, we can now request JWT from AWS, with context inside that can be logged by external service.
#AWSCloud #Security #CloudSecurity #CloudSecurity #IAM #OIDC
🔗 docs.aws.amazon.com/IAM/latest/U...
With sts:GetWebIdentityToken, we can now request JWT from AWS, with context inside that can be logged by external service.
#AWSCloud #Security #CloudSecurity #CloudSecurity #IAM #OIDC
November 20, 2025 at 2:54 AM
This is my most favourite announcement so far: #AWS issued-JWT
🔗 docs.aws.amazon.com/IAM/latest/U...
With sts:GetWebIdentityToken, we can now request JWT from AWS, with context inside that can be logged by external service.
#AWSCloud #Security #CloudSecurity #CloudSecurity #IAM #OIDC
🔗 docs.aws.amazon.com/IAM/latest/U...
With sts:GetWebIdentityToken, we can now request JWT from AWS, with context inside that can be logged by external service.
#AWSCloud #Security #CloudSecurity #CloudSecurity #IAM #OIDC
There is an upcoming change on #GitHubActions Pull Request workflow starting from Dec 8
Let me explain what's going on and how you can check if your workflow is affected
👉 blog.richardfan.xyz/2025/11/17/g...
#GitHub #Security #CloudSecurity #CICD #DevOps
Let me explain what's going on and how you can check if your workflow is affected
👉 blog.richardfan.xyz/2025/11/17/g...
#GitHub #Security #CloudSecurity #CICD #DevOps
Breaking change on GitHub Actions pull_request_target
Richard’s blogs on Cloud Security
blog.richardfan.xyz
November 17, 2025 at 3:23 PM
There is an upcoming change on #GitHubActions Pull Request workflow starting from Dec 8
Let me explain what's going on and how you can check if your workflow is affected
👉 blog.richardfan.xyz/2025/11/17/g...
#GitHub #Security #CloudSecurity #CICD #DevOps
Let me explain what's going on and how you can check if your workflow is affected
👉 blog.richardfan.xyz/2025/11/17/g...
#GitHub #Security #CloudSecurity #CICD #DevOps
If you use #Microsoft365, check your subscription
If you don't need its AI, you can switch back to the Classic plan, and #Microsoft never told you in the email
#LegalTech #ConsumerLaw #MisleadingConduct #Subscriptions
www.accc.gov.au/media-releas...
If you don't need its AI, you can switch back to the Classic plan, and #Microsoft never told you in the email
#LegalTech #ConsumerLaw #MisleadingConduct #Subscriptions
www.accc.gov.au/media-releas...
Microsoft in court for allegedly misleading millions of Australians over Microsoft 365 subscriptions
The ACCC has commenced proceedings in the Federal Court against Microsoft Australia and its US-based parent company Microsoft Corporation for allegedly misleading approximately 2.7 million Australian ...
www.accc.gov.au
November 10, 2025 at 3:15 AM
If you use #Microsoft365, check your subscription
If you don't need its AI, you can switch back to the Classic plan, and #Microsoft never told you in the email
#LegalTech #ConsumerLaw #MisleadingConduct #Subscriptions
www.accc.gov.au/media-releas...
If you don't need its AI, you can switch back to the Classic plan, and #Microsoft never told you in the email
#LegalTech #ConsumerLaw #MisleadingConduct #Subscriptions
www.accc.gov.au/media-releas...
Can anyone tell me what is the difference between this M365 Copilot app and the Excel app?
If the Copilot app have all the full Word, Excel and Powerpoint feature, then why I need to install 3 more apps?
#Microsoft #MicrosoftOffice #MicrosoftM365 #M365 #Copilot #MicrosoftCopilot
If the Copilot app have all the full Word, Excel and Powerpoint feature, then why I need to install 3 more apps?
#Microsoft #MicrosoftOffice #MicrosoftM365 #M365 #Copilot #MicrosoftCopilot
October 27, 2025 at 6:24 AM
Can anyone tell me what is the difference between this M365 Copilot app and the Excel app?
If the Copilot app have all the full Word, Excel and Powerpoint feature, then why I need to install 3 more apps?
#Microsoft #MicrosoftOffice #MicrosoftM365 #M365 #Copilot #MicrosoftCopilot
If the Copilot app have all the full Word, Excel and Powerpoint feature, then why I need to install 3 more apps?
#Microsoft #MicrosoftOffice #MicrosoftM365 #M365 #Copilot #MicrosoftCopilot
The mysterious YouTube algorithm brought me to yet another niche video
This time, it's "Why you can't go faster than light"
But surprisingly, this channel gave me the most intuitive explanation ever to this question 😄
youtu.be/Vitf8YaVXhc?...
This time, it's "Why you can't go faster than light"
But surprisingly, this channel gave me the most intuitive explanation ever to this question 😄
youtu.be/Vitf8YaVXhc?...
I never understood why you can't go faster than light - until now!
YouTube video by FloatHeadPhysics
youtu.be
October 26, 2025 at 4:11 PM
The mysterious YouTube algorithm brought me to yet another niche video
This time, it's "Why you can't go faster than light"
But surprisingly, this channel gave me the most intuitive explanation ever to this question 😄
youtu.be/Vitf8YaVXhc?...
This time, it's "Why you can't go faster than light"
But surprisingly, this channel gave me the most intuitive explanation ever to this question 😄
youtu.be/Vitf8YaVXhc?...
I always hear news reporters say “QUOTE” when quoting someone
But I seldom hear them say “unquote”
So when do the quotes end?
An I the only one wondering?
But I seldom hear them say “unquote”
So when do the quotes end?
An I the only one wondering?
October 22, 2025 at 5:15 PM
I always hear news reporters say “QUOTE” when quoting someone
But I seldom hear them say “unquote”
So when do the quotes end?
An I the only one wondering?
But I seldom hear them say “unquote”
So when do the quotes end?
An I the only one wondering?
Session reservation for #AWSreInvent is opening soon, still struggling to plan your schedule among 2000+ sessions?
Use this planner made by @raphaelmanke.bsky.social to discover sessions you are interested in.
👉Link: reinvent-planner.cloud
#AWS #AWSCommunity #TechConference
Use this planner made by @raphaelmanke.bsky.social to discover sessions you are interested in.
👉Link: reinvent-planner.cloud
#AWS #AWSCommunity #TechConference
Unofficial AWS re:Invent Session Planner 2025
Easily browse sessions, create a personalized schedule, and get recommendations to make the most of your AWS re:Invent experience.
reinvent-planner.cloud
October 4, 2025 at 1:44 PM
Session reservation for #AWSreInvent is opening soon, still struggling to plan your schedule among 2000+ sessions?
Use this planner made by @raphaelmanke.bsky.social to discover sessions you are interested in.
👉Link: reinvent-planner.cloud
#AWS #AWSCommunity #TechConference
Use this planner made by @raphaelmanke.bsky.social to discover sessions you are interested in.
👉Link: reinvent-planner.cloud
#AWS #AWSCommunity #TechConference
After facing countless of limitation on #AWS #NitroEnclaves, the same feature is now available on normal EC2 instance.
The coming month must be a busy month for me to try it out
#ConfidentialComputing #AWSCloud
aws.amazon.com/about-aws/wh...
The coming month must be a busy month for me to try it out
#ConfidentialComputing #AWSCloud
aws.amazon.com/about-aws/wh...
AWS announces EC2 instance attestation - AWS
Discover more about what's new at AWS with AWS announces EC2 instance attestation
aws.amazon.com
September 30, 2025 at 3:06 AM
After facing countless of limitation on #AWS #NitroEnclaves, the same feature is now available on normal EC2 instance.
The coming month must be a busy month for me to try it out
#ConfidentialComputing #AWSCloud
aws.amazon.com/about-aws/wh...
The coming month must be a busy month for me to try it out
#ConfidentialComputing #AWSCloud
aws.amazon.com/about-aws/wh...
Totally worth a trip to #AWSCommunityDay #Warsaw
What a massive and successful community day
#aws #awscloud #awscommunity #networking #tech
What a massive and successful community day
#aws #awscloud #awscommunity #networking #tech
September 18, 2025 at 6:44 PM
Totally worth a trip to #AWSCommunityDay #Warsaw
What a massive and successful community day
#aws #awscloud #awscommunity #networking #tech
What a massive and successful community day
#aws #awscloud #awscommunity #networking #tech
September 18, 2025 at 5:41 AM
#fwdcloudsec EU is happening soon
Can’t make it? No worry
📹 Livestream is also available on YouTube: fwdcloudsec.org/conference/e...
#cybersecurity #security #cloudsecurity
Can’t make it? No worry
📹 Livestream is also available on YouTube: fwdcloudsec.org/conference/e...
#cybersecurity #security #cloudsecurity
September 15, 2025 at 6:39 AM
#fwdcloudsec EU is happening soon
Can’t make it? No worry
📹 Livestream is also available on YouTube: fwdcloudsec.org/conference/e...
#cybersecurity #security #cloudsecurity
Can’t make it? No worry
📹 Livestream is also available on YouTube: fwdcloudsec.org/conference/e...
#cybersecurity #security #cloudsecurity
After 14 hours of flight, finally arrived in Berlin,
What brings me here?
It’s #fwdcloudsec, a conference I always learn a lot from cloud security all-stars
Can’t make it? No worry
📹 Livestream is also available on YouTube: fwdcloudsec.org/conference/e...
#cybersecurity #security #cloudsecurity
What brings me here?
It’s #fwdcloudsec, a conference I always learn a lot from cloud security all-stars
Can’t make it? No worry
📹 Livestream is also available on YouTube: fwdcloudsec.org/conference/e...
#cybersecurity #security #cloudsecurity
September 13, 2025 at 4:17 PM
After 14 hours of flight, finally arrived in Berlin,
What brings me here?
It’s #fwdcloudsec, a conference I always learn a lot from cloud security all-stars
Can’t make it? No worry
📹 Livestream is also available on YouTube: fwdcloudsec.org/conference/e...
#cybersecurity #security #cloudsecurity
What brings me here?
It’s #fwdcloudsec, a conference I always learn a lot from cloud security all-stars
Can’t make it? No worry
📹 Livestream is also available on YouTube: fwdcloudsec.org/conference/e...
#cybersecurity #security #cloudsecurity
There are still tickets available for the upcoming #fwdcloudsec EU in Berlin
The speaker lineup is all-star level. Don't miss it if you love to learn practical cloud security.
fwdcloudsec.org/conference/e...
#cybersecurity #security #cloudsecurity
The speaker lineup is all-star level. Don't miss it if you love to learn practical cloud security.
fwdcloudsec.org/conference/e...
#cybersecurity #security #cloudsecurity
fwd:cloudsec Europe 2025 | fwd:cloudsec
fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security...
fwdcloudsec.org
August 20, 2025 at 12:56 PM
There are still tickets available for the upcoming #fwdcloudsec EU in Berlin
The speaker lineup is all-star level. Don't miss it if you love to learn practical cloud security.
fwdcloudsec.org/conference/e...
#cybersecurity #security #cloudsecurity
The speaker lineup is all-star level. Don't miss it if you love to learn practical cloud security.
fwdcloudsec.org/conference/e...
#cybersecurity #security #cloudsecurity
☁️ Hong Kong’s First AWS Community Day is here! ☁️
🔗 Event Site awscommunity.hk
🔗 Apply to speak: sessionize.com/aws-communit...
#AWS #AWSCommunityDay #AWSCommunity #CloudComputing #CloudTech #CloudInnovation
#TechEvents #TechCommunity #HongKongTech #HKTech #AWSUserGroup #AWSUGHK #DeveloperCommunity
🔗 Event Site awscommunity.hk
🔗 Apply to speak: sessionize.com/aws-communit...
#AWS #AWSCommunityDay #AWSCommunity #CloudComputing #CloudTech #CloudInnovation
#TechEvents #TechCommunity #HongKongTech #HKTech #AWSUserGroup #AWSUGHK #DeveloperCommunity
AWS Community Day 2025 | HONG KONG
Join us on 2 Nov 2025 at Dorsett Kai Tak for the first Hong Kong AWS Community Day — where cloud professionals and tech enthusiasts unite for a full day of innovation, learning, and networking.
awscommunity.hk
August 18, 2025 at 3:59 AM
☁️ Hong Kong’s First AWS Community Day is here! ☁️
🔗 Event Site awscommunity.hk
🔗 Apply to speak: sessionize.com/aws-communit...
#AWS #AWSCommunityDay #AWSCommunity #CloudComputing #CloudTech #CloudInnovation
#TechEvents #TechCommunity #HongKongTech #HKTech #AWSUserGroup #AWSUGHK #DeveloperCommunity
🔗 Event Site awscommunity.hk
🔗 Apply to speak: sessionize.com/aws-communit...
#AWS #AWSCommunityDay #AWSCommunity #CloudComputing #CloudTech #CloudInnovation
#TechEvents #TechCommunity #HongKongTech #HKTech #AWSUserGroup #AWSUGHK #DeveloperCommunity
If you created a new #AWS account with #FreeTier
DO NOT follow the console recommendation to create IAM Identity Center with AWS Organization, it will EXPIRE all your free credit ❗❗❗
If you want to use IAM Identity Center, create it on account instance!
#AWSCloud #CostOptimization #AWSFreeTier
DO NOT follow the console recommendation to create IAM Identity Center with AWS Organization, it will EXPIRE all your free credit ❗❗❗
If you want to use IAM Identity Center, create it on account instance!
#AWSCloud #CostOptimization #AWSFreeTier
August 2, 2025 at 3:03 PM
If you created a new #AWS account with #FreeTier
DO NOT follow the console recommendation to create IAM Identity Center with AWS Organization, it will EXPIRE all your free credit ❗❗❗
If you want to use IAM Identity Center, create it on account instance!
#AWSCloud #CostOptimization #AWSFreeTier
DO NOT follow the console recommendation to create IAM Identity Center with AWS Organization, it will EXPIRE all your free credit ❗❗❗
If you want to use IAM Identity Center, create it on account instance!
#AWSCloud #CostOptimization #AWSFreeTier
TIL, you only need write access on a #GitHub repo to manage variables and secrets, even under environment. No admin access required🫨
It's just that it can't be accessed via UI, you need to use API or gh cli
cli.github.com/manual/gh_va...
cli.github.com/manual/gh_se...
#devops #cicd #githubactions
It's just that it can't be accessed via UI, you need to use API or gh cli
cli.github.com/manual/gh_va...
cli.github.com/manual/gh_se...
#devops #cicd #githubactions
July 23, 2025 at 1:27 PM
TIL, you only need write access on a #GitHub repo to manage variables and secrets, even under environment. No admin access required🫨
It's just that it can't be accessed via UI, you need to use API or gh cli
cli.github.com/manual/gh_va...
cli.github.com/manual/gh_se...
#devops #cicd #githubactions
It's just that it can't be accessed via UI, you need to use API or gh cli
cli.github.com/manual/gh_va...
cli.github.com/manual/gh_se...
#devops #cicd #githubactions
I saw this debate on an Instagram post: www.instagram.com/reel/DI6SN7k...
Here's my solution, simple and clear
Why Americans love writing essay on traffic signs?
#RoadDesign #HighwayDesign #RoadSafety #SignDesign #RoadSign #TrafficSign
Here's my solution, simple and clear
Why Americans love writing essay on traffic signs?
#RoadDesign #HighwayDesign #RoadSafety #SignDesign #RoadSign #TrafficSign
June 30, 2025 at 7:13 AM
I saw this debate on an Instagram post: www.instagram.com/reel/DI6SN7k...
Here's my solution, simple and clear
Why Americans love writing essay on traffic signs?
#RoadDesign #HighwayDesign #RoadSafety #SignDesign #RoadSign #TrafficSign
Here's my solution, simple and clear
Why Americans love writing essay on traffic signs?
#RoadDesign #HighwayDesign #RoadSafety #SignDesign #RoadSign #TrafficSign
Copying the entire repo of another project and publishing it as your own project, and just vaguely mentioning the original project at the end of the README
Is it a standard and good-faithful way of open-source projects???
#OpenSource #OpenTofu #GitHub #DevOps
github.com/opentofu/vsc...
Is it a standard and good-faithful way of open-source projects???
#OpenSource #OpenTofu #GitHub #DevOps
github.com/opentofu/vsc...
Be more transparent about this project being a fork from other repo · Issue #65 · opentofu/vscode-opentofu
Description This project is a fork of https://github.com/gamunu/vscode-opentofu But this is only being vaguely mentioned at the end of the README Credit section Most of the other famous forked proj...
github.com
June 21, 2025 at 4:50 AM
Copying the entire repo of another project and publishing it as your own project, and just vaguely mentioning the original project at the end of the README
Is it a standard and good-faithful way of open-source projects???
#OpenSource #OpenTofu #GitHub #DevOps
github.com/opentofu/vsc...
Is it a standard and good-faithful way of open-source projects???
#OpenSource #OpenTofu #GitHub #DevOps
github.com/opentofu/vsc...
If you don't want your team create any exportable ACM cert, you can use the IAM policy condition "acm:Export"
Example: gist.github.com/richardfan11...
#aws #awscloud #cloudsecurity #awsreinforce
Example: gist.github.com/richardfan11...
#aws #awscloud #cloudsecurity #awsreinforce
IAM policy to block creating exportable ACM cert
IAM policy to block creating exportable ACM cert. GitHub Gist: instantly share code, notes, and snippets.
gist.github.com
June 18, 2025 at 9:44 AM
If you don't want your team create any exportable ACM cert, you can use the IAM policy condition "acm:Export"
Example: gist.github.com/richardfan11...
#aws #awscloud #cloudsecurity #awsreinforce
Example: gist.github.com/richardfan11...
#aws #awscloud #cloudsecurity #awsreinforce
Good news, ACM cert can be exported and used outside AWS now
Bad news for security team: you probably want to block this action from most of your AWS account or set monitoring on it.
aws.amazon.com/blogs/aws/aw...
#aws #awscloud #awsreinforce #cloudsecurity
Bad news for security team: you probably want to block this action from most of your AWS account or set monitoring on it.
aws.amazon.com/blogs/aws/aw...
#aws #awscloud #awsreinforce #cloudsecurity
AWS Certificate Manager introduces exportable public SSL/TLS certificates to use anywhere | Amazon Web Services
You can now use AWS Certificate Manager to issue exportable public certificates for your AWS, hybrid, or multicloud workloads that require secure TLS traffic termination.
aws.amazon.com
June 17, 2025 at 3:01 PM
Good news, ACM cert can be exported and used outside AWS now
Bad news for security team: you probably want to block this action from most of your AWS account or set monitoring on it.
aws.amazon.com/blogs/aws/aw...
#aws #awscloud #awsreinforce #cloudsecurity
Bad news for security team: you probably want to block this action from most of your AWS account or set monitoring on it.
aws.amazon.com/blogs/aws/aw...
#aws #awscloud #awsreinforce #cloudsecurity
2 free tickets to an absolutely amazing Cloud Security conference in the US
If you are (or know someone are) new to and want to learn cybersecurity, don't miss the chance
#fwdcloudsec #cybersecurity #CloudSecurity
www.linkedin.com/posts/ashish...
If you are (or know someone are) new to and want to learn cybersecurity, don't miss the chance
#fwdcloudsec #cybersecurity #CloudSecurity
www.linkedin.com/posts/ashish...
🚨 2 Cloud Security Conference Tickets 🎟️ for GiveAway! | Ashish Rajan 🤴🏾🧔🏾♂️
🚨 2 Cloud Security Conference Tickets 🎟️ for GiveAway! 🚨
If you work in Cloud Security or want to work in Cloud Security living in the US, then this is for you. 👇🏾
Cloud Security Podcast is one of t...
www.linkedin.com
June 17, 2025 at 1:01 PM
2 free tickets to an absolutely amazing Cloud Security conference in the US
If you are (or know someone are) new to and want to learn cybersecurity, don't miss the chance
#fwdcloudsec #cybersecurity #CloudSecurity
www.linkedin.com/posts/ashish...
If you are (or know someone are) new to and want to learn cybersecurity, don't miss the chance
#fwdcloudsec #cybersecurity #CloudSecurity
www.linkedin.com/posts/ashish...
June 9, 2025 at 10:25 AM