Loss of Region due to Object impact

isotopp@infosec.exchange

Loss of Region due to Object impact

How do you even handle that?

https://blog.koehntopp.info/2023/02/18/this-is-not-a-drill/
This is not a drill, this is just Tuesday

(Article from 2023)

masek@infosec.exchange

@isotopp The problem for AWS is: they cannot really test it either.

I would guess that 90% of all workload deployed by customers is "one AZ only".

So even if all their own mechanisms work, they would end up with tons of pissed customers.

They could test it with a new region they start up. But usually they don't build three AZs right from the start.

isotopp@infosec.exchange

@masek Yes, if you are single AZ you don't even have to test.

You already know the outcome.

masek@infosec.exchange

@isotopp What I meant:

The outcome for the customer is clear.

But the outcome for AWS itself is open.

And they can't test it because of the customers mentioned above.

isotopp@infosec.exchange

@masek Google had that problem, internally, with their centralized Zookeeper service.

They solved that by introducing a guaranteed minimum downtime per month (x minutes random unavailability without announcement per month).

masek@infosec.exchange

@isotopp Yep, and I think AWS should do it as well. It would greatly improve IT in general.

But I guess some beancounters will object .