Implementing error handling for AWS Lambda asynchronous invocations

Post Syndicated from Eric Johnson original https://aws.amazon.com/blogs/compute/implementing-error-handling-for-aws-lambda-asynchronous-invocations/

This blog is written by Poornima Chand, Senior Solutions Architect, Strategic Accounts and Giedrius Praspaliauskas, Senior Solutions Architect, Serverless.

AWS Lambda functions allow both synchronous and asynchronous invocations, which both have different function behaviors and error handling:

When you invoke a function synchronously, Lambda returns any unhandled errors in the function code back to the caller. The caller can then decide how to handle the errors. With asynchronous invocations, the caller does not wait for a response from the function code. It hands off the event to the Lambda service to handle the process.

As the caller does not have visibility of any downstream errors, error handling for asynchronous invocations can be more challenging and must be implemented at the Lambda service layer.

This post explains the error behaviors and approaches for handling errors in Lambda asynchronous invocations to build reliable serverless applications.

Overview

AWS services such as Amazon S3, Amazon SNS, and Amazon EventBridge invoke Lambda functions asynchronously. When you invoke a function asynchronously, the Lambda service places the event in an internal queue and returns a success response without additional information. A separate process reads the events from the queue and sends those to the function.

You can configure how a Lambda function handles the errors either by implementing error handling within the code and using the error handling features provided by the Lambda service. The following diagram depicts the solution options for observing and handling errors in asynchronous invocations.

Architectural overview

Architectural overview

Understanding the error behavior

When you invoke a function, two types of errors can occur. Invocation errors occur if the Lambda service rejects the request before the function receives it (throttling and system errors (400-series and 500-series)). Function errors occur when the function’s code or runtime returns an error (exceptions and timeouts). The Lambda service retries the function invocation if it encounters unhandled errors in an asynchronous invocation.

The retry behavior is different for invocation errors and function errors. For function errors, the Lambda service retries twice by default, and these additional invocations incur cost. For throttling and system errors, the service returns the event to the event queue and attempts to run the function again for up to 6 hours, using exponential backoff. You can control the default retry behavior by setting the maximum age of an event (up to 6 hours) and the retry attempts (0, 1 or 2). This allows you to limit the number of retries and avoids retrying obsolete events.

Handling the errors

Depending on the error type and behaviors, you can use the following options to implement error handling in Lambda asynchronous invocations.

Lambda function code

The most typical approach to handling errors is to address failures directly in the function code. While implementing this approach varies across programming languages, it commonly involves the use of a try/catch block in your code.

Error handling within the code may not cover all potential errors that could occur during the invocation. It may also affect Lambda error metrics in CloudWatch if you suppress the error. You can address these scenarios by using the error handling features provided by Lambda.

Failure destinations

You can configure Lambda to send an invocation record to another service, such as Amazon SQS, SNS, Lambda, or EventBridge, using AWS Lambda Destination. The invocation record contains details about the request and response in JSON format. You can configure separate destinations for events that are processed successfully, and events that fail all processing attempts.

With failure destinations, after exhausting all retries, Lambda sends a JSON document with details about the invocation and error to the destination. You can use this information to determine re-processing strategy (for example, extended logging, separate error flow, manual processing).

For example, to use Lambda destinations in an AWS Serverless Application Model (AWS SAM) template:

ProcessOrderForShipping:
    Type: AWS::Serverless::Function
    Properties:
      Description: Function that processes order before shipping
      Handler: src/process_order_for_shipping.lambda_handler
      EventInvokeConfig:
        DestinationConfig:
          OnSuccess:
            Type: SQS
            Destination: !GetAtt ShipmentsJobsQueue.Arn 
          OnFailure:
            Type: Lambda
            Destination: !GetAtt ErrorHandlingFunction.Arn

Dead-letter queues

You can use dead-letter queues (DLQ) to capture failed events for re-processing. With DLQs, message attributes capture error details. You can configure a standard SQS queue or standard SNS topic as a dead-letter queue for discarded events. For dead-letter queues, Lambda only sends the content of the event, without details about the response.

This is an example of using dead-letter queues in an AWS SAM template:

SendOrderToShipping:
    Type: AWS::Serverless::Function
    Properties:
      Description: Function that sends order to shipping
      Handler: src/send_order_to_shipping.lambda_handler
      DeadLetterQueue:
        Type: SQS
        TargetArn: !GetAtt OrderShippingFunctionDLQ.Arn

Design considerations

There are a number of design considerations when using DLQs:

  • Error handling within the function code works well for issues that you can easily address in the code. For example, retrying database transactions in the case of failures because of disruptions in network connectivity.
  • Scenarios that require complex error handling logic (for example, sending failed messages for manual re-processing) are better handled using Lambda service features. This approach would keep the function code simpler and easy to maintain.
  • Even though the dead-letter queue’s behavior is the same as an on-failure destination, a dead-letter queue is part of a function’s version-specific configuration.
  • Invocation records sent to on-failure destinations contain more information about the failure than DLQ message attributes. This includes the failure condition, error message, stack trace, request, and response payloads.
  • Lambda destinations also support additional targets, such as other Lambda functions and EventBridge. This allows destinations to give you more visibility and control of function execution results, and reduce code.

Gaining visibility into errors

Understanding of the behavior and errors cannot rely on error handling alone.

You also want to know why errors address the underlying issues. You must also know when there is elevated error rate, the expected baseline for the errors, other activities in the system when errors happen. Monitoring and observability, including metrics, logs and tracing, brings visibility to the errors and underlying issues.

Metrics

When a function finishes processing an event, Lambda sends metrics about the invocation to Amazon CloudWatch. This includes metrics for the errors that happen during the invocation that you should monitor and react to:

  • Errors – the number of invocations that result in a function error (include exceptions that both your code and the Lambda runtime throw).
  • Throttles – the number of invocation requests that are throttled (note that throttled requests and other invocation errors don’t count as errors in the previous metric).

There are also metrics specific to the errors in asynchronous invocations:

  • AsyncEventsDropped – the number of events that are dropped without successfully running the function.
  • DeadLetterErrors – the number of times that Lambda attempts to send an event to a dead-letter queue (DLQ) but fails (typically because of mis-configured resources or size limits).
  • DestinationDeliveryFailures – the number of times that Lambda attempts to send an event to a destination but fails (typically because of permissions, mis-configured resources, or size limits).

CloudWatch Logs

Lambda automatically sends logs to Amazon CloudWatch Logs. You can write to these logs using the standard logging functionality for your programming language. The resulting logs are in the CloudWatch Logs group that is specific to your function, named /aws/lambda/<function name>. You can use CloudWatch Logs Insights to query logs across multiple functions.

AWS X-Ray

AWS X-Ray can visualize the components of your application, identify performance bottlenecks, and troubleshoot requests that resulted in an error. Keep in mind that AWS X-Ray does not trace all requests. The sampling rate is one request per second and 5 percent of additional requests (this is non-configurable). Do not rely on AWS X-Ray as an only tool while troubleshooting a particular failed invocation as it may be missing in the sampled traces.

Conclusion

This blog post walks through error handling in the asynchronous Lambda function invocations using various approaches and discusses how to gain observability into those errors.

For more detail on the topics covered, visit:

For more serverless learning resources, visit Serverless Land.

How Long Should You Keep Backups?

Post Syndicated from Kari Rivas original https://www.backblaze.com/blog/how-long-should-you-keep-backups/

A decorative image showing a calendar, a laptop, a desktop, and a phone.

You know you need to back up your data. Maybe you’ve developed a backup strategy and gotten the process started, or maybe you’re still in the planning phase. Now you’re starting to wonder: how long do I need to keep all these backups I’m going to accumulate? It’s the right question to ask, but the truth is there’s no one-size-fits-all answer.

How long you keep your backups will depend on your IT team’s priorities, and will include practical factors like storage costs and the operational realities that define the usefulness of each backup. Highly regulated industries like banking and healthcare have even more challenges to consider on top of that. With all that in mind, here’s what you need to know to determine how long you should keep your backups.

First Things First: You Need a Retention Policy

If you’re asking how long you should keep your backups, you’re already on your way to designing a retention policy. Your organization’s retention policy is the official protocol that will codify your backup strategy from top to bottom. The policy should not just outline what data you’re backing up and for how long, but also explain why you’ve determined to keep it for that length of time and what you plan to do with it beyond that point.

Practically speaking, the decision about how long to keep your backups boils down to a balancing act between storage costs and operational value. You need to understand how long your backups will be useful in order to determine when it’s time to replace or dispose of them; keeping backups past their viability leads to both unnecessary spend and the kind of complexity that breeds risk.

Backup vs. Archive

Disposal isn’t the only option when a backup ages. Sometimes it’s more appropriate to archive data as a long-term storage option. As your organization’s data footprint expands, it’s important to determine how you interact with different types of data to make the best decisions about how to safeguard it (and for how long).

While backups are used to restore data in case of loss or damage, or to return a system to a previous state, archives are more often used to off-load data from faster or more frequently accessed storage systems.

  • Backup: A data recovery strategy for when loss, damage, or disaster occurs.
  • Archive: A long-term or permanent data retrieval strategy for data that is not as likely to be accessed, but still needs to be retained.

Knowing archiving is an option can impact how long you decide to keep your backups. Instead of deleting them completely, you can choose to move them from short-term storage into a long-term archive. For instance, you could choose to keep more recent backups on premises, perhaps stored on a local server or network attached storage (NAS) device, and move your archives to cloud storage for long-range safekeeping.

How you choose to store your backups can also be a factor into your decision on how long to keep them. Moving archives to cloud storage is more convenient than other long-term retention strategies like tape. Keeping archives in cloud storage could allow you to keep that data for longer simply because it’s less time-consuming than maintaining tape archives, and you also don’t have to worry about the deterioration of tape over time.

Putting your archive in cloud storage can help manage the cost side of the equation, too, but only if handled carefully. While cloud storage is typically cheaper than tape archives in the long run, you might save even more by moving your archives from hot to cold storage. For most cloud storage providers, cold storage is generally a cheaper option if you’re talking dollars per GB stored. But, it’s important to remember that retrieving data from cold storage can incur high egress fees and take 12–48 hours to retrieve data. When you need to recover data quickly, such as in a ransomware attack or cybersecurity breach, each moment you don’t have your data means more time your business is not online—and that’s expensive.

How One School District Balances Storage Costs and Retention

With 200 servers and 125TB of data, Bethel School District outside of Tacoma, Washington needed a scalable cloud storage solution for archiving server backups. They’d been using Amazon S3, but high costs were straining their budget—so much so that they had to shorten needed retention periods.

Moving to Backblaze produced savings of 75%, and Backblaze’s flat pricing structure gives the school district a predictable invoice, eliminating the guesswork they anticipated from other solutions. They’re also planning to reinstate a longer retention period for better protection from ransomware attacks, as they no longer need to control spiraling Amazon S3 costs.

Next Order of Business: The Structure of Your Backup Strategy

The types of backups you’re storing will also factor into how long you keep them. There are many different ways to structure a secure backup strategy, and it’s likely that your organization will interact with each kind of backup differently. Some backup types need to be stored for longer than others to do their job, and those decisions have a lot to do with how the various types interact to form an effective strategy.

The Basics: 3-2-1

The 3-2-1 backup strategy is the widely accepted industry minimum standard. It dictates keeping three copies of your data: two stored locally (on two different types of devices) and one stored off-site. This diversified backup strategy covers all the bases; it’s easy to access backups stored on-site, while off-site (and often offline or immutable) backups provide security through redundancy. It’s probably a good idea to have a specific retention policy for each of your three backups—even if you end up keeping your two locally stored files for the same length of time—because each copy serves a different purpose in your broader backup strategy.

Full vs. Incremental Backups

While designing your backup strategy, you’ll also need to choose how you’re using full versus incremental backups. Performing full backups each time (like completely backing up a work computer daily) requires huge amounts of time, bandwidth, and space, which all inflate your storage usage at the end of the day. Other options serve to increase efficiency and reduce your storage footprint.

  • Full backup: A complete copy of your data, starting from scratch either without any pre-existing backups or as if no other backup exists yet.
  • Incremental backup: A copy of any data that has been added or changed since your last full backup (or your last incremental backup).

When thinking about how long to keep your full backups, consider how far back you may need to completely restore a system. Many cyber attacks can go unnoticed for some time. For instance, you could learn that an employee’s computer was infected with malware or a virus several months ago, and you need to completely restore their system with a full backup. It’s not uncommon for businesses to keep full backups for a year or even longer. On the other hand, incremental backups may not need to be kept for as long because you can always just restore from a full backup instead.

Grandfather-Father-Son Backups

Effectively combining different backup types into a cohesive strategy leads to a staggered, chronological approach that is greater than the sum of its parts. The grandfather-father-son system is a great example of this concept in action. Here’s an example of how it might work:

  1. Grandfather: A monthly full backup is stored either off-site or in the cloud.
  2. Father: Weekly full backups are stored locally in a hot cloud storage solution.
  3. Son: Daily incremental backups are stored as a stopgap alongside father backups.

It makes sense that different types of backups will need to be stored for different lengths of time and in different places. You’ll need to make decisions about how long to keep old full backups (once they’ve been replaced with newer ones), for example. The type and the age of your data backups, along with their role in the broader context of your strategy, should factor into your determination about how long to keep them.

A Note on Minimum Storage Duration Policies

When considering cloud storage to store your backups, it’s important to know that many providers have minimum storage duration policies. These are fees charged for data that is not kept in cloud storage for some period of time defined by the cloud storage provider, and it can be anywhere from 30–180 days. These are essentially delete penalties—minimum retention requirement fees apply not only to data that gets deleted from cloud storage but also any data that is overwritten. Think about that in the context of the backup strategies we’ve just outlined: each time you create a new full backup, you’re overwriting data.

So if, for example, you choose a cloud storage provider with a 90-day minimum storage duration, and you keep your full backups for 60 days, you will be charged fees each time you overwrite or delete a backup. Some cloud storage providers, like Backblaze B2 Cloud Storage, do not have a minimum storage duration policy, so you do not have to let that influence how long you choose to keep backups. That kind of flexibility to keep, overwrite, and delete your data as often as you need is important to manage your storage costs and business needs without the fear of surprise bills or hidden fees.

Don’t Forget: Your Industry’s Regulations Can Tip the Scales

While weighing storage costs and operational needs is the fundamental starting point of any retention policy, it’s also important to note that many organizations face regulatory requirements that complicate the question of how long to keep backups. Governing bodies designed to protect both individuals and business interests often mandate that certain kinds of data be readily available and producible upon request for a set amount of time, and they require higher standards of data protection when you’re storing personally identifiable information (PII). Here are some examples of industries with their own unique data retention regulations:

  • Healthcare: Medical and patient data retention is governed by HIPAA rules, but how those rules are applied can vary from state to state.
  • Insurance: Different types of policies are governed by different rules in each state, but insurance companies do generally need to comply with established retention periods. More recently, companies have also been adding cyber insurance, which comes with its own set of requirements.
  • Finance: A huge web of legislation (like the Bank Secrecy Act, Electronic Funds Transfer Act, and more) mandates how long banking and financial institutions must retain their data.
  • Education: Universities sit in an interesting space. On one hand, they store a ton of sensitive data about their students. They’re often public services, which means that there’s a certain amount of governmental regulation attached. They also store vast amounts of data related to research, and often have on-premises servers and private clouds to protect—and that’s all before you get to larger universities which have medical centers and hospitals attached. With all that in mind, it’s unsurprising that they’re subject to higher standards for protecting data.

Federal and regional legislation around general data security can also dictate how long a company needs to keep backups depending on where it does business (think GDPR, CCPA, etc.). So in addition to industry-specific regulations, your company’s primary geographic location—or your customers’ location—can also influence how long you need to keep data backups.

The Bottom Line: How Long You Keep Backups Will Be Unique to Your Business

The answer to how long you need to keep your backups has everything to do with the specifics of your organization. The industry you’re in, the type of data you deal with, and the structure of your backup strategy should all combine to inform your final decision. And as we’ve seen, you’ll likely wind up with multiple answers to the question pertaining to all the different types of backups you need to create and store.

The post How Long Should You Keep Backups? appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Celestica Shows an 800G Broadcom Tomahawk 5 Switch at OCP Regional Summit 2023 Prague

Post Syndicated from Cliff Robinson original https://www.servethehome.com/celestica-shows-an-800g-broadcom-tomahawk-5-switch-at-ocp-regional-summit-2023-prague/

We saw a Celestica 800G Broadcom Tomahawk 5 switch at OCP Regional Summit 2023 in Prague that implemented a cool cabling trick

The post Celestica Shows an 800G Broadcom Tomahawk 5 Switch at OCP Regional Summit 2023 Prague appeared first on ServeTheHome.

An update on the GCC frontend for Rust

Post Syndicated from original https://lwn.net/Articles/930135/

Philip Herron and Arthur Cohen have posted an
update on the status of gccrs — the GCC frontend for the Rust language
— and why it will not be a part of the upcoming GCC 13 release.

While all of this appears like a lot of work, we are confident in
our progress and hope to get closer and closer to getting the
core crate working in the next few months. There is also a
lot of important work remaining in order to produce a valid Rust
compiler, which is why we will spend the coming months focusing on
the core crate as well as a borrow-checker implementation,
and the development of the necessary tooling to allow us to try and
pass the Rust 1.49 testsuite.

We aim to distribute the Rust 1.49 version of the standard library
with our compiler in the next major GCC release, GCC 14, and hope
to backport enough changes to the GCC 13 branch to get the core
crate working in time for the GCC 13.2 release. This will enable
users to easily start experimenting with the compiler for
#![no_std] Rust programs and, hopefully, some embedded
targets.

4 Takeaways from the 2023 Gartner® Market Guide for CNAPP

Post Syndicated from Aaron Wells original https://blog.rapid7.com/2023/04/25/4-takeaways-cnapp-2023-gartner-market-guide-report/

4 Takeaways from the 2023 Gartner® Market Guide for CNAPP

In an ongoing effort to help security organizations gain greater visibility into risk, we’re pleased to offer this complimentary Gartner research, and share our 4 Takeaways from the 2023 Gartner® Market Guide for CNAPP. This critical research can help security leaders take an in-depth look into cloud-native application protection platforms (CNAPPs), and evaluate potential solutions that best fit their specific environments.

Takeaway #1: Attack surfaces are increasing

There’s nothing minor about misconfigurations. If a cloud resource or service is misconfigured, attackers will target and exploit it. It may not even be a misconfiguration in your cloud network, but one found in a supply chain partner that puts everyone’s infrastructure at risk. Application programming interfaces (APIs) are at risk as well, and are being increasingly targeted by threat actors because they’re such a critical component of the build process. The report states:

“CNAPP offerings bring together multiple disparate security and protection capabilities into a single platform that most importantly is able to identify, prioritize, enable collaboration and help remediate excessive risk across the extremely complex logical boundary of a modern cloud-native application.”

Takeaway #2: Developer scope is expanding

As organizations increasingly look to shift left, developers are being asked to take on a more active role in ensuring their applications and the supporting cloud infrastructure are secure and compliant. We feel the report reiterates this point, stating:

“Shifting risk visibility left requires a deep understanding of the development pipeline and artifacts and extending vulnerability scanning earlier into the development pipeline as these artifacts are being created.”

However, the report also states that developers are increasingly responsible for operational tasks, such as addressing vulnerabilities, deploying infrastructure as code, and deploying and tearing down implementations in production, thus requiring tools that address this expanded scope

Extra tooling is needed to address these concerns, with the very real possibility that tooling will be fragmented if it’s coming from different vendors and addressing different parts of the application development process. As far as recommendations, the report states:

“Reduce complexity and improve the developer experience by choosing integrated CNAPP offerings that provide complete life cycle visibility and protection of cloud-native applications across development and staging and into runtime operation.”

Takeaway #3: Context around risk is needed

Developers simply do not want the process to be slowed. Security is important, but if developers are constantly tripped up in their workflows, it’s almost inevitable that adoption of security practices and tooling will become a struggle. Therefore, it’s critical to prioritize security tasks and provide the context needed to remediate the issue as quickly as possible.

That can, however, be easier said than done when collecting disparate information and trying to gain as much visibility as possible into an environment. Let’s look at a few ways to understand context in security data:

  • Set VM processes to detect more than just vulnerabilities in the cloud. It’s also key to be able to see misconfigurations and issues with IAM permissions as well as understand resource/service configurations, permissions and privileges, which applications are running and what data is stored inside. These processes help to contextualize and action on the highest-priority risks.
  • Identify if a vulnerable instance is publicly accessible and the nature of its business application — this will help you determine the scope of the vulnerability.
  • Simply saying developers need to find and fix vulnerabilities in production or pre-production by shifting security left is generally an oversimplification. It’s critical to communicate with developers about why a vulnerability is being prioritized and specific actions they can take to remediate.

Takeaway #4: Depth of functionality is critical

Gartner states that “multiple providers market CNAPP capabilities — some starting with runtime expertise and some starting with development expertise. Few offer the required breadth and depth of functionality with integration between all components across development and operations.” Each customer’s situation will be specific; therefore, there will be no one-size-fits-all solution. Ideally, though, a provider should be able to offer runtime risk visibility, cloud risk visibility, and development artifact risk visibility.

As customer feedback helps to refine the offerings of CNAPP providers, Gartner shares that one of the reasons for moving towards consolidation to a CNAPP offering is to eliminate redundant capabilities. Moving forward, there is a strong customer preference to consolidate vendors.

To secure and protect

That’s the name of the game: to secure and protect cloud-native applications across the development and production lifecycle. Unknown risks can appear anywhere in the process, but it’s possible to mitigate many of these vulnerabilities and blockers. Learn how CNAPP offerings deliver an integrated set of capabilities spanning runtime visibility and control, CSPM capabilities, software composition analysis (SCA) capabilities and container scanning. Download and read the full Market Guide now.

Gartner, “Market Guide for Cloud-Native Application Protection Platforms” Neil MacDonald, Charlie Winckless, Dale Koeppen. 14 March 2023.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Security updates for Tuesday

Post Syndicated from original https://lwn.net/Articles/930128/

Security updates have been issued by CentOS (firefox, java-11-openjdk, and thunderbird), Debian (apache2), Fedora (kernel), Oracle (emacs), Red Hat (emacs, haproxy, java-1.8.0-openjdk, kernel, kernel-rt, kpatch-patch, pcs, pki-core:10.6, and qatzip), and SUSE (avahi, cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, giflib, kernel, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container, ovmf, and protobuf-c).

SLP: a new DDoS amplification vector in the wild

Post Syndicated from Alex Forster original https://blog.cloudflare.com/slp-new-ddos-amplification-vector/

SLP: a new DDoS amplification vector in the wild

SLP: a new DDoS amplification vector in the wild

Earlier today, April 25, 2023, researchers Pedro Umbelino at Bitsight and Marco Lux at Curesec published their discovery of CVE-2023-29552, a new DDoS reflection/amplification attack vector leveraging the SLP protocol. If you are a Cloudflare customer, your services are already protected from this new attack vector.

Service Location Protocol (SLP) is a “service discovery” protocol invented by Sun Microsystems in 1997. Like other service discovery protocols, it was designed to allow devices in a local area network to interact without prior knowledge of each other. SLP is a relatively obsolete protocol and has mostly been supplanted by more modern alternatives like UPnP, mDNS/Zeroconf, and WS-Discovery. Nevertheless, many commercial products still offer support for SLP.

Since SLP has no method for authentication, it should never be exposed to the public Internet. However, Umbelino and Lux have discovered that upwards of 35,000 Internet endpoints have their devices’ SLP service exposed and accessible to anyone. Additionally, they have discovered that the UDP version of this protocol has an amplification factor of up to 2,200x, which is the third largest discovered to-date.

Cloudflare expects the prevalence of SLP-based DDoS attacks to rise significantly in the coming weeks as malicious actors learn how to exploit this newly discovered attack vector.

Cloudflare customers are protected

If you are a Cloudflare customer, our automated DDoS protection system already protects your services from these SLP amplification attacks.
To avoid being exploited to launch the attacks, if you are a network operator, you should ensure that you are not exposing the SLP protocol directly to the public Internet. You should consider blocking UDP port 427 via access control lists or other means. This port is rarely used on the public Internet, meaning it is relatively safe to block without impacting legitimate traffic. Cloudflare Magic Transit customers can use the Magic Firewall to craft and deploy such rules.

Автоматите за връщане на бутилки – отвъд похвалите и критиката

Post Syndicated from Светла Енчева original https://www.toest.bg/avtomatite-za-vrushtane-na-butilki-otvud-pohvalite-i-kritikata/

Автоматите за връщане на бутилки – отвъд похвалите и критиката

В края на март т.г. две от големите вериги супермаркети в България, собственост на една и съща германска фирма, обявиха, че въвеждат автомати за връщане на пластмасови бутилки и кенове. Новината, разпространена непосредствено преди парламентарния вот на 2 април, потъна в изборните страсти. Тъй като обаче тези автомати се инсталират с екологична цел, а в страните, в които са масово разпространени, те имат и определен социален смисъл, въвеждането им в България заслужава специално внимание.

Какво представлява новата система за връщане на бутилки и кенчета

Автомати за връщане на пластмасови бутилки и кенчета първоначално ще има в общо 15 магазина на двете търговски вериги – 4 в София, 3 в Пловдив, 2 във Варна и по един в Монтана, Добрич, Троян, Провадия, Балчик и Габрово. В тях може да се връщат пластмасови бутилки и алуминиеви кенчета. Бутилките трябва да са до 3-литрови и рециклируеми, т.е. със символ PET на дъното. Не се приемат бутилки от мляко и млечни продукти, олио, зехтин, оцет, почистващи препарати, както и мръсни или смачкани бутилки и кенчета. Стъклените бутилки и хартиените опаковки също не влизат в сметката.

За всяка предадена бутилка или кен получавате 5 стотинки. Но за да придобият те реална стойност, е необходимо да изпълните още няколко условия. Първото е да предадете минимум 40 бутилки и/или кенове. Тогава машината ви издава ековаучер на стойност 2 лв. Второто условие е да направите покупки за минимум 10 лв., за да може да ви се приспадне ековаучерът. Третото е да използвате ваучера само в магазина, в който сте го получили. Четвъртото – да го използвате най-късно 90 дни след издаването му. Петото – да не си купувате само цигари (цигари и нещо друго може, за алкохола нищо не се казва).

Депозитната система за връщане на бутилки и кенчета в Германия

Не е случайно, нито е неочаквано, че такива автомати се въвеждат в България именно от германска компания. В Германия още през 1991 г. се приема, че трябва да се въведе система за връщане на бутилки. Тя става факт чак 12 години по-късно, през 2003 г., когато министър на околната среда е Юрген Тритин, представител на „Зелените“.

Опаковките, които се връщат в Германия, са за еднократна и многократна употреба, а обхватът на това, което се приема, все повече се разширява. Връщането на опаковка за еднократна употреба – пластмасова бутилка или кен – струва 25 евроцента, независимо от размера ѝ. Стъклените бутилки за многократна употреба струват между 2 и 60 евроцента. Най-популярните бирени бутилки са по 8 цента. Ако са с тапа, закрепена с метална „закопчалка“ – между 15 и (рядко) 60 цента, в зависимост от региона, в който се намирате. Шише от напитка на фирмата „Швепс“ е 10 цента, а за еднолитрова бутилка вино ще получите едва 2–3 цента.

От всичко това следва, че хората в Германия са много по-склонни да връщат опаковки за еднократна употреба – те струват повече от бутилките за многократно използване, а и са по-леки. Това е търсен ефект, тъй като пластмасата и алуминият са далеч по-вредни за околната среда от стъклото, а и бутилките за многократна употреба се наричат така, защото може да се използват повече от веднъж.

Как е възможна системата в Германия?

Вероятно вече си задавате въпроса откъде се вземат всички пари, които живеещите в Германия получават за предадените бутилки и кенове. Отговорът е много прост: самите хора са ги платили предварително. Основното в германската система е, че тя е депозитна – при купуването на напитка в пластмасова бутилка вие плащате и 25 цента депозит (на немски – Pfand) за самата бутилка. И понеже 25 цента са си пари, човек трябва да е будала, за да не си ги вземе обратно, нали?

Бутилки и кенове в Германия впрочем се връщат не само в автомати, а и в огромна част от магазините и заведенията, в които се продават съответните напитки. Освен това може да сте купили бутилката от супермаркета и да я върнете в заведението за бързо хранене в мола, или обратното. Ще ви възстановят парите, без да ви карат да си купувате каквото и да е.

Единственото условие е да сте закупили напитката от Германия и на опаковката да е отпечатан специалният знак на депозитните опаковки. Ако искате да върнете бутилката от кола, която сте купили прескъпо на софийското летище (както смятах да направя веднъж, но се отказах, щом разбрах каква е работата) – ами не, не е добра идея. Дори продавачката от заведението, на която я дадете, да не обърне внимание на липсата на специалното лого, после автоматът няма да приеме бутилката и жената ще трябва да възстанови 25 цента от джоба си.

„Ако ме търсиш, ще ме намериш при депозитния автомат за бутилки“

Така започва песента „Серотонин“ на германската рокгрупа Isolation Berlin и продължава с думите „там си вземам обратно, каквото ми принадлежи“. Тя е написана от гледна точка на онези изпаднали хора, които може да се видят на някои места в Германия покрай въпросните автомати. Сред тях има крайно бедни, безработни, алкохолици, наркозависими, клошари, бездомници, понякога – всичко накуп. Те събират изоставени бутилки от улици, градинки и най-вече от кошчета за боклук, за да ги пуснат в машината и да получат ваучер, с който да си купят нещо. И да не разбирате немски, от видеоклипа към песента можете да се ориентирате за какви типажи става дума:

Героите на тази песен видях още при първото си посещение в Германия през 2007 г. Тогава още не знаех за депозитната система и се чудех защо се въртят около пейката, на която седях, чакайки да допия съдържанието на бутилката си, за да я вземат веднага от ръцете ми. По този начин научих за системата и си дадох сметка, че в нея се съдържа едновременно екологичен и социален смисъл. Събирайки „безнадзорните“ бутилки, за да вземат някое и друго евро, тези хора допринасят и в борбата със замърсяването.

Изхвърлени пластмасови бутилки и кенчета в Германия може да се видят все по-рядко, защото, както вече стана ясно, живеещите в страната в общия случай си ги връщат. Но там, където има много туристи, все се намират неориентирани чужденци като мен през 2007 г., които да третират този ценен ресурс като боклук. И изпадналите членове на германското общество, които живеят на тези места, получават чрез депозитните автомати – макар и малка – компенсация за социалното си изключване. Както се пее в песента на Isolation Berlin, празните бутилки се превръщат в носители на надежда.

За кого ще са от полза новите автомати в България?

За да има успех инициативата на двете търговски вериги, трябва да има и хора, за които връщането на бутилки и кенове в автоматите да е стимулиращо. Кои и какви са тези хора обаче? Дали това са масовите потребители, или еколозите активисти, или типажи, подобни на описаните в песента?

Както беше казал непрежалимият Ясен Бориславов, „ще дам пример със себе си, защото в момента съм си подръка“. Откакто научих за автоматите за връщане на бутилки в Германия, си мечтая да има такива и в България. Затова приветствам въвеждането им. Означава ли това обаче, че ще ги ползвам? Нямам личен автомобил, а най-близкият магазин, в който мога да върна опаковките, е на около 40 минути с обществен транспорт от дома ми. Ала дори да се инсталират автомати във всички магазини, толкова рядко си купувам напитки в пластмасови бутилки или кенчета, че ще са ми нужни години, за да се сдобия със заветния ековаучер за 2 лв. Затова ще продължа да ги изхвърлям в контейнера за разделно събиране на отпадъци пред блока.

Имам съсед алкохолик. Понякога ми иска по 10 лв. След няколко седмици ми ги връща. Той обаче няма късмета с автоматите на германските си събратя по съдба. Не само защото тук предаването на една бутилка струва 10 пъти по-малко, отколкото в Германия, нито защото му се налага да намери 40 бутилки, за да получи 2 лв. (лесно може да ги извади от контейнера пред входа). А защото много често няма 10 лв., за колкото трябва да пазарува, за да му се приспадне двулевката от ековаучера. Ако имаше 10 лв., нямаше да е опрял до тези два.

Излиза, че новите автомати не са от полза нито за мен, нито за тукашните аналози на героите от песента на Isolation Berlin, за които изискването да пазаруват поне за 10 лв. е своеобразна социална цедка. Може би те ще бъдат стимул за хора с развито гражданско съзнание, които купуват напитки в пластмасови бутилки в големи количества (примерно вместо чешмяна вода пият само бутилирана) и които или живеят в близост до съответните магазини, или имат кола. Или за еколози активисти – не защото така ще забогатеят, а за да подкрепят нововъведението.

Най-много биха спечелили собствениците на заведения (или работещите в тях), в които се консумират напитки в пластмасови бутилки или кенчета. Така че на този етап ползата не е толкова екологична, социална пък съвсем не е, а е най-вече корпоративна.

Защо тукашната система с автоматите не е като германската?

Инсталирайки автомати за връщане на пластмасови бутилки и алуминиеви кенове, двете търговски вериги показват социална отговорност, и по-специално ангажираност към околната среда. Те обаче са собственост на частна компания и основната им задача е да бъдат на печалба. С въвеждането на много ниска цена за една опаковка, както и на различни прагове за осребряването ѝ, компанията е направила така, че да не излезе на загуба.

Какво щеше да стане, ако компанията беше въвела депозитна система? Да кажем, за 25 ст. (два пъти по-малко, отколкото в Германия, но пак е нещо). Купувате си безалкохолно или бира, маркирани с определен знак, плащате 25 ст. повече, но после си ги вземате обратно, без да се налага да пазарувате на определена стойност. Това вероятно би зарадвало само хората с развито екологично съзнание (а в България те са дефицитни). Останалите просто ще видят, че напитката  струва с 25 ст. по-скъпо. И ще отидат при конкуренцията, където ще могат да я купят на старата цена заедно с бутилката или кенчето.

Ето защо от депозитна система има смисъл, ако се въведе на национално равнище. А това вече е въпрос на държавна политика, а не на инициативността на една частна чуждестранна компания. Сигурно си мислите: всичко Мара втасала в българската политика, ние бюджет още нямаме, нито правителство – точно до депозитна система за връщане на опаковки за еднократна употреба ли сме опрели?

Да, това не е най-спешната задача на България, въпреки че не е без значение с оглед на поетите международни ангажименти на страната ни в областта на екологията. Но в тази статия не се очертават националните приоритети, а се развива тезата, че практическият ефект от една конкретна и иначе хубава частна инициатива е под въпрос.

Накрая – за автоцензурата

Досега нарочно не споменах кои са търговските вериги, въвели автоматите. Защото темата тук не е политиката на определена компания – нито в положителните ѝ аспекти, нито като обект на критика. Темата е как е възможна работеща система за връщане на опаковки за еднократна употреба и как такава система може да има не само екологичен, а и социален смисъл.

За да не заподозре читателят обаче, че спестявам имената заради автоцензура (и защото е редно да се позова на източниците си на информация), ще кажа кои са веригите. Става дума за „Лидл“ и „Кауфланд“.

Водещо изображение: кадър от видеото към песента Serotonin на Isolation Berlin.

Cyberweapons Manufacturer QuaDream Shuts Down

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2023/04/cyberweapons-manufacturer-quadream-shuts-down.html

Following a report on its activities, the Israeli spyware company QuaDream has shut down.

This was QuadDream:

Key Findings

  • Based on an analysis of samples shared with us by Microsoft Threat Intelligence, we developed indicators that enabled us to identify at least five civil society victims of QuaDream’s spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. We are not naming the victims at this time.
  • We also identify traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware. The exploit was deployed as a zero-day against iOS versions 14.4 and 14.4.2, and possibly other versions. The suspected exploit, which we call ENDOFDAYS, appears to make use of invisible iCloud calendar invitations sent from the spyware’s operator to victims.
  • We performed Internet scanning to identify QuaDream servers, and in some cases were able to identify operator locations for QuaDream systems. We detected systems operated from Bulgaria, Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, United Arab Emirates (UAE), and Uzbekistan.

I don’t know if they sold off their products before closing down. One presumes that they did, or will.

Какво да очакваме от въвеждането на дигитално ЕВРО и как това ще засеге личните ни финанси?

Post Syndicated from VassilKendov original http://kendov.com/cbdc_what_to_expect/

Всички сте чували за Биткойн, но много малко от вас знаят какво е UMU (Universal Monetary Unit). Преди няколко дни на 10-ти Април 2023, се проведе среща на Международния валутен фонд (МВФ), на която бе обявена новата дигитална валута UMU. Идеята е тя да стане стандартна валута за разплащания между централните банки, а МВФ ще я налага чрез отпусканите помощи и кредити.

С две думи тя ще е на принципа на Блокчейн технологията, на която работи Биткойн, но за разлика от него, ще е изцяло контролирана от МВФ.

Има още една абривиатура, която ще свикнете да използвате – (CBDC) central bank digital currency. Това е обобщено наименование на дигиталните валути, с които централните банки по света се предполага, че ще заменят парите в брой – дигитален лев, дигитално евро, дигитален долар… Всички те се наричат с обобщеното понятие CBDC.

Финансите вървят към дигитализация и собствеността върху парите ще става все по-условно понятие. За разлика от дигиталните пари, чието притежание зависи от това какво каже някой сървър, парите във Вашия джоб са си само Ваши и можете да ги харчите за каквото прецените. Нека разгледаме един пример, как дигиталните пари (CBDC) биха засегнали начина Ви на живот.

Да приемем, че сте били на лекар и имате проблем с ASAT и ALAT. Това е отразено в здравния Ви картон, който също се очаква да стане дигиален (както електронните рецепти по здравна каса). От друга страна имате рожден ден и искате да почерпите с една водка в офиса. Водката е предпочитано питие в офисите, понеже дъхът Ви не мирише ако прекалите с нея. Отивате в магазина и искате да се разплатите с дигитално Евро. Купувате сельодка (макар тя да мирише повечко), купувате ядки и сладки, но когато дойде време за бутилката водка, тя не може да бъде платена с дигитални пари понеже Вие вече имате повишени стойности на ASAT и ALAT, а дигиталните пари са програмируеми. В тях е закодирано на кого са, какво може и какво не може да се купува с тях. Изобщо блокчейн тенологията ще даде възможност да се проследи движението и собствеността на всяка една дигитална стотинка от създаването и до момента. Какво е плащано с нея, кой я е притежавал и в какви сделки е участвала.

В един момент ще се окаже, че Вашите пари не са съвсем Ваши, когато са дигитални и не можете да плащате с тях каквото си поискате.

Друг пример, който често давам за дигиталните пари е с пътуването. Ако се разплащате с тях и утре се обяви пандемия, тогава няма да има нужда от КПП-та за да се ограничи Вашето движение. Буквално с няколко клавиша разплащанията с дигиталните Ви пари ще бъдат ограничени до няколко прсечки от мястото в което живеете. Ако тръгнете за Пловдив (примерно, защото всички обичат Пловдив), то там няма да можете да си платите кафето или да заредите гориво за обратния път. Изобщо няма да се налага да Ви следят или гонят за нарушения на забраната за движение. Вие сами ще се откажете от нарушаване на правилата.

Надявам се след тези примери да сте почувствали разликата между парите в джоба и дигиталните пари. Само да вметна, че плащането с кредитни карти и всякакви дигитални приложения на телефоните е вид електронно разплащане и Европейската Централна Банка (ЕЦБ) възнамерява именно през тези канали да осъществи тестовете на дигиталното Евро.
На сайта на ЕЦБ е обяснено подробно какво следва. Ето линк https://www.ecb.europa.eu/paym/digital_euro/html/index.en.html

Ето и превод на част от текста
“Цифровото евро би предложило електронно средство за плащане, което всеки би могъл да използва в еврозоната. Би било сигурно и лесно за потребителя, както днес са парите в брой. Като пари на централната банка, емитирани от ЕЦБ, те биха били различни от „частните пари“, но можете също да използвате карта или телефонно приложение, за да плащате с цифрово евро.

За  срещa с мен моля използвайте посочената форма.

[contact-form-7]

Ако се зачетете в линка, ще видите, че очакванията са през Октомври 2023 да се вземе решение за въвеждането на дигиталното евро. Надали сте виждали по телевизиите и инетрнет информация за тези намерения на ЕЦБ. И за да е по-пълна картината, в Китай и Русия са още по-напред с проекта за дигитализация на рублата и юана.

Лошото е, че няма как да се противопоставим на предстоящата дигитализация. Ако се замислите, ще видите, колко хора са щастливи от факта, че плащат с телефон или с кредитна карта. Естествено няма да са щастливи, ако не могат да плащат с тях, но както се казва за това ще мислим като се случи. А то вече се случва. Поне на мен се случи доста отдавна в Швеция и безисходицата беше пълна. Ето линк към цялата случка, ако искате да преживеете моята емоция. http://kendov.com/923-2/

И както обичам да правя за финал – давам по един безплатен съвет по отношение на писаното в статията. В конкретния случай бих Ви посъветвал да се замислите в какво да инвестирате свободния „кеш” в следващите 2 години. Нещо бизнес ориентирано, което да задоволява някаква първична човешка нужда и да Ви носи дивидент. Оставете си средства колкото да поддържате стандарта си на живот за 6 месеца, а останалото го вложете в нещо. Когато въведат дигиталните пари (CBDC) не се знае дали ще можете да ги използвате по Ваше осмотрение или по осмотрението на някой сървър.

Васил Кендов – финансов съветник
Лошото момче на българските финанси

The post Какво да очакваме от въвеждането на дигитално ЕВРО и как това ще засеге личните ни финанси? appeared first on Kendov.com.

AWS achieves an AAA Pinakes rating for Spanish financial entities

Post Syndicated from Daniel Fuertes original https://aws.amazon.com/blogs/security/aws-achieves-an-aaa-pinakes-rating-for-spanish-financial-entities/

Amazon Web Services (AWS) is pleased to announce that we have achieved an AAA rating from Pinakes. The scope of this qualification covers 166 services in 25 global AWS Regions.

The Spanish banking association Centro de Cooperación Interbancaria (CCI) developed Pinakes, a rating framework intended to manage and monitor the cybersecurity controls of service providers that Spanish financial entities depend on. The requirements arise from the European Banking Authority guidelines (EBA/GL/2019/02).

Pinakes evaluates the cybersecurity levels of service providers through 1,315 requirements across 4 categories (confidentiality, integrity, availability of information, and general) and 14 domains:

  • Information security management program
  • Facility security
  • Third-party management
  • Normative compliance
  • Network controls
  • Access control
  • Incident management
  • Encryption
  • Secure development
  • Monitoring
  • Malware protection
  • Resilience
  • Systems operation
  • Staff safety

Each requirement is associated to a rating level (A+, A, B, C, D), ranging from the highest A+ (provider has implemented the most diligent measures and controls for cybersecurity management) to the lowest D (minimum security requirements are met).

An independent third-party auditor has verified the implementation status for each section. As a result, AWS has been qualified with A ratings for Confidentiality, Integrity and Availability, getting an overall rating of AAA.

Our Spanish financial customers can refer to the AWS Pinakes rating to confirm that the AWS control environment is appropriately designed and implemented. By receiving an AAA, AWS demonstrates our commitment to meet the heightened security expectations for cloud service providers set by the CCI. The full evaluation report will be published on AWS Artifact upon request. Pinakes participants who are AWS customers can contact their AWS account manager to request access to it.

As always, we value your feedback and questions. Reach out to the AWS Compliance team through the Contact Us page. To learn more about our other compliance and security programs, see AWS Compliance Programs.

 
If you have feedback about this post, please submit them in the Comments section below.

Want more AWS Security news? Follow us on Twitter.

Daniel Fuertes

Daniel Fuertes

Daniel is a Security Audit Program Manager at AWS based in Madrid, Spain. Daniel leads multiple security audits, attestations, and certification programs in Spain and other EMEA countries. Daniel has nine years of experience in security assurance, including previous experience as an auditor for the PCI DSS security framework.

Borja Larrumbide

Borja Larrumbide

Borja is a Security Assurance Manager for AWS in Spain and Portugal. Previously, he worked at companies such as Microsoft and BBVA in different roles and sectors. Borja is a seasoned security assurance practitioner with years of experience engaging key stakeholders at national and international levels. His areas of interest include security, privacy, risk management, and compliance.

AWS Week in Review – April 24, 2023: Amazon CodeCatalyst, Amazon S3 on Snowball Edge, and More…

Post Syndicated from Jeff Barr original https://aws.amazon.com/blogs/aws/aws-week-in-review-april-24-2023-amazon-codecatalyst-amazon-s3-on-snowball-edge-and-more/

As always, there’s plenty to share this week: Amazon CodeCatalyst is now generally available, Amazon S3 is now available on Snowball Edge devices, version 1.0.0 of AWS Amplify Flutter is here, and a lot more. Let’s dive in!

Last Week’s Launches
Here are some of the launches that caught my eye this past week:

Amazon CodeCatalyst – First announced at re:Invent in preview form (Announcing Amazon CodeCatalyst, a Unified Software Development Service), this unified software development and delivery service is now generally available. As Steve notes in the post that he wrote for the preview, “Amazon CodeCatalyst enables software development teams to quickly and easily plan, develop, collaborate on, build, and deliver applications on AWS, reducing friction throughout the development lifecycle.” During the preview we added the ability to use AWS Graviton2 for CI/CD workflows and deployment environments, along with other new features, as detailed in the What’s New.

Amazon S3 on Snowball Edge – You have had the power to create S3 buckets on AWS Snow Family devices for a couple of years, and to PUT and GET object. With this new launch you can, as Channy says, “…use an expanded set of Amazon S3 APIs to easily build applications on AWS and deploy them on Snowball Edge Compute Optimized devices.” This launch allows you to manage the storage using AWS OpsHub, and to address multiple Denied, Disrupted, Intermittent, and Limited Impact (DDIL) use cases. To learn more, read Amazon S3 Compatible Storage on AWS Snowball Edge Compute Optimized Devices Now Generally Available.

Amazon Redshift Updates – We announced multiple updates to Amazon Redshift including the MERGE SQL command so that you can combine a series of DML statements into a single statement, dynamic data masking to simplify the process of protecting sensitive data in your Amazon Redshift data warehouse, and centralized access control for data sharing with AWS Lake Formation.

AWS Amplify – You can now build cross-platform Flutter apps that target iOS, Android, Web, and desktop using a single codebase and with a consistent user experience. To learn more and to see how to get started, read Amplify Flutter announces general availability for web and desktop support. In addition to the GA, we also announced that AWS Amplify supports Push Notifications for Android, Swift, React Native, and Flutter apps.

X in Y – We made existing services available in additional regions and locations:

For a full list of AWS announcements, take a look at the What’s New at AWS page and consider subscribing to the page’s RSS feed. If you want even more detail, you can Subscribe to AWS Daily Feature Updates via Amazon SNS.

Interesting Blog Posts

Other AWS Blogs – Here are some fresh posts from a few of the other AWS Blogs:

AWS Open Source – My colleague Ricardo writes a weekly newsletter to highlight new open source projects, tools, and demos from the AWS Community. Read edition 154 to learn more.

AWS Graviton Weekly – Marcos Ortiz writes a weekly newsletter to highlight the latest developments in AWS custom silicon. Read AWS Graviton weekly #33 to see what’s up.

Upcoming Events
Here are some upcoming live and online events that may be of interest to you:

AWS Community Day Turkey will take place in Istanbul on May 6, and I will be there to deliver the keynote. Get your tickets and I will see you there!

AWS Summits are coming to Berlin (May 4), Washington, DC (June 7 and 8), London (June 7), and Toronto (June 14). These events are free but I highly recommend that you register ahead of time.

.NET Enterprise Developer Day EMEA is a free one-day virtual conference on April 25; register now.

AWS Developer Innovation Day is also virtual, and takes place on April 26 (read Discover Building without Limits at AWS Developer Innovation Day for more info). I’ll be watching all day and sharing a live recap at the end; learn more and see you there.

And that’s all for today!

Jeff;

Choose Korean in AWS Support as Your Preferred Language

Post Syndicated from Channy Yun original https://aws.amazon.com/blogs/aws/choose-korean-in-aws-support-as-your-preferred-language/

Today, we are announcing the general availability of AWS Support in Korean as your preferred language, in addition to English, Japanese, and Chinese.

As the number of customers speaking Korean grows, AWS Support is invested in providing the best support experience possible. You can now communicate with AWS Support engineers and agents in Korean when you create a support case at the AWS Support Center.

Now all customers can receive account and billing support in Korean by email, phone, and live chat at no additional cost during the supported hours. Per your Support plan, customers subscribed to Enterprise, Enterprise On-Ramp, or Business Support plans can receive personalized technical support 24 hours a day and 7 days a week in Korean. Customers subscribed to the Developer Support plan can receive technical support during business hours generally defined as 9:00 AM to 6:00 PM in the customer country as set in My Account console, excluding holidays and weekends. These times may vary in countries with multiple time zones.

We also added the localized user interface of the AWS Support Center in Korean, in addition to Japanese and Chinese. AWS Support Center will be displayed in the language you select from the dropdown of available languages in Unified Settings of your AWS Account.

Here is a new AWS Support Center page in Korean:

You can also access customer service, AWS documentation, technical papers, and support forums in Korean.

Getting Started with Your Supported Language in AWS Support
To get started with AWS Support in your supported language, create a Support case in AWS Support Center. In the final step in creating a Support case, you can choose a supported language, such as English, Chinese (中文), Korean (한국어), or Japanese (日本語) as your Preferred contact language.

When you choose Korean, the customized contact options will be shown by your support plan.

For example, in the case of Basic Support plan customers, you can choose Web to get support via email, Phone, or Live Chat when available. AWS customers with account and billing inquiries can receive support in Korean from our customer service representatives with proficiency in Korean at no additional cost during business hours defined as 09:00 AM to 06:00 PM Korean Standard Time (GMT+9), excluding holidays and weekends.

If you get technical support per your Support plan, you may choose Web, Phone, or Live Chat depending on your Support plan to get in touch with support staff with proficiency in Korean, in addition to English, Japanese, and Chinese.

Here is a screen in Korean to get technical support in the Enterprise Support plan:

When you create a support case in your preferred language, the case will be routed to support staff with proficiency in the language indicated in your preferred language selection. To learn more, see Getting started with AWS Support in the AWS documentation.

Now Available
AWS Support in Korean is now available today, in addition to English, Japanese, and Chinese. Give it a try, learn more about AWS Support, and send feedback to your usual AWS Support contacts.

Channy

This article was translated into Korean (한국어) in the AWS Korea Blog.

The collective thoughts of the interwebz