「AWS VPC data exfiltration using CodeBuild | Aidan Steele’s blog (usually about AWS)」
In September 2020, I published a guest blog post on Ian Mckay’s blog. The tl;dr is that “escaping” a privileged container running in an Amazon-managed AWS account isn’t a security concern for Amazon, thanks to defence-in-depth on both an EC2 and IAM level. Here’s a few paragraphs I left out of that blog post at the time.