I wish you enumerated the identity’s Iam permissions or at least did a describe-db-clusters it would give good insights into the internal security of the Aws service roles , I would have thought such a role would be restricted to only be used via internal network leg of the RDS not over the internet. Now we will never know and have to take their word for it. Imagine if that role was able to describe all instances in the region, or dump a backup to a public bucket of every rds . Now that would be a sensationalistic headline !
There are others like this. This is the one I can recall now . Basically the proxy mitm a Js agent which is pretty much vnc for your browser. You only get the view of the headless proxy sandbox rendering whatever page you requested . So if any escape happens it happens in an isolated disposable compute managed by the proxy
I think if you zoom in whilst showing a corner of the viewport it works because the hdr videos are still in play but if you zoom so the corners are not visible it will fade out
Its not the lambda run time that gets Ipv6, its the lambda API that is now dual stack. (the endpoint you hit when you want to invoke a lambda.)
When you do an invoke, if you use lambda.us-east-1.api.aws instead of the old ipv4 only lambda.us-east-2.amazonaws.com you will hit a v6 ula if you are on v6:
so if you want to talk to ipv6 unicast endpoint to invoke a lambda do so by specifying the new endpoint with --endpoint-url:
aws lambda invoke --function-name my-function out --log-type Tail --endpoint-url lambda.us-east-1.api.aws
Not mine, but it solves a problem that has been a pain for me for a long time I think it could be useful to others here since the WSL issue (https://github.com/microsoft/WSL/issues/4210) making static allocation difficult is popular. Surprisingly this repo does not have so much love thus posting in case it is helpful.