Digest #169: GitHub MCP Exploited, Uber’s Multi-Cloud Secrets, Server Scheduling to Slash Costs, Google SRE Updates, Root Access in Prod & Lambda + RDS Pitfalls
GitHub security incident, secrets at scale, shutting down idle servers, tips from AWS and Google SREs, GitLab prompt injection, Terraform backend fixes, Kubernetes visibility, and open-source tools.
Welcome to this week’s edition of the DevOps Bulletin!
At AWS, engineers share how they enforce system correctness before things break. GitHub's MCP exploit raised fresh concerns about MCP security, and Uber walks us through how they built a multi-cloud secrets management platform.
Meanwhile, Google SREs are rethinking what reliability looks like. In cloud cost control, we’re featuring a new tool: Server Scheduling. It lets you visually schedule test and dev servers to shut down during off hours, downsize idle machines, and cut cloud waste.
This week’s video is packed with advice for security teams using AI and LLMs in real work.
Tutorials this week cover critical topics:
Who really has root access in production?
How remote prompt injection works in GitLab
Avoiding "Too Many Connections" in Lambda + RDS setups
A solid breakdown of atomics and concurrency
Solving the Terraform backend chicken-and-egg problem
Chat directly with your AWS bill
Gain central visibility of Kubernetes clusters across regions
Disaster recovery planning with Terraform
Understand how the Kubernetes Gateway API works
Projects of the week:
CloudPEASS for mapping cloud permissions and privilege escalation paths
PgDog, a transaction pooler and sharding tool for PostgreSQL
Arsenal is a quick way to store and run pentest commands
TerraForce, policy enforcement at every Terraform stage
All this and more in this week’s DevOps Bulletin—don’t miss out!
Newsworthy stories
Slash cloud costs with server scheduling
Test servers don't need to be online at 3 am. Manually schedule instances with a visual time grid.
Shut down servers during off hours
Downsize idle machines
Multi-cloud support: AWS, GCP & Azure
Video of the week
Tutorials of the week
Projects of the week
Go-based replacement for git add -i and git add -p, offering an interactive terminal UI with advanced features like hunk splitting, global regex filtering, and multi-mode patch operations.
CloudPEASS helps analyze permissions and detect escalation paths across AWS, Azure, and GCP using non-intrusive techniques.
PgDog is a transaction pooler and logical replication manager that can shard PostgreSQL.
Arsenal is just a quick inventory, reminder, and launcher for pentest commands.
TerraForce is a standalone policy enforcement tool for Terraform that runs checks at every stage of the Terraform lifecycle.
Microsandbox is a self-hosted platform for safely running untrusted or AI-generated code using lightweight microVMs.
Meme of the week
If you have feedback to share or are interested in sponsoring this newsletter, feel free to reach out via LinkedIn, or simply reply to this email.