aws-toolkit-vscode
terraform-aws-github-runner
| aws-toolkit-vscode | terraform-aws-github-runner | |
|---|---|---|
| 17 | 17 | |
| 1,821 | 0 | |
| 3.5% | - | |
| 10.0 | 9.6 | |
| 3 days ago | 8 months ago | |
| TypeScript | HCL | |
| Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
aws-toolkit-vscode
- Malicious script injected into Amazon Q Developer for VS Code
- Malicious script injected into Amazon Q Developer for Visual Studio
-
Amazon's AI Coding Revealed a Dirty Little Secret
These are the malicious commits in question:
https://github.com/aws/aws-toolkit-vscode/commit/678851b
https://github.com/aws/aws-toolkit-vscode/commit/1294b38
Which were made using an "inappropriately scoped GitHub token" from build config files:
https://aws.amazon.com/security/security-bulletins/AWS-2025-...
> The incident points to a gaping security hole in generative AI that has gone largely unnoticed [...] The hacker effectively showed how easy it could be to manipulate artificial intelligence tools — through a public repository like Github — with the the right prompt.
Use of an LLM seems mostly incidental and not the source of any security holes in this case (at least not as far as we know - may be that vibe coding is responsible for the incorrectly scoped token). The attacker with write access to the repo could have just as easily made it run `rm -rf /` directly.
- Hacker slips malicious 'wiping' command into Amazon's Q AI coding assistant
- AWS merges malicious PR into Amazon Q
-
AWS Q for VSCode is having issues
https://github.com/aws/aws-toolkit-vscode/issues/7258 more issues
-
Amazon Q Developer Tips: No.24 Amazon Q Developer community resources
Amazon Q Developer plugin - you can view all the latest updates, including new features, bug fixes, and changes by review the release notes for the IDE plugin
-
Amazon Q Developer Tips: No.14 Navigating through your prompt history
In my daily review of the Amazon Q Developer plugin release log I got excited by the following:
-
Daily Tips to supercharge your Amazon Q Developer experience
You can actually see what I mean by checking the release notes of the VSCode plugin. The team are releasing frequently, adding improvements as well as addressing issues that are reported. When software is being updated as frequently as this, I find it easier to keep the auto-update enabled to make my life easier.
- aws/aws-toolkit-vscode: CodeWhisperer, CodeCatalyst, Local Lambda debug, SAM/CFN syntax, ECS Exec, AWS resources
terraform-aws-github-runner
- Show HN: Managed GitHub Actions Runners for AWS
- Show HN: Open-source x64 and Arm GitHub runners. Reduces GitHub Actions bill 10x
- Terraform module for scalable GitHub action runners on AWS
- Show HN: WarpBuild – x86-64 and arm GitHub Action runners for 30% faster builds
- Any tips on how to run auto scaling self-hosted GitLab runners well?
- Auto scaling Self-Hosted solution for GitHub Actions?
-
DeepFlow uses Spot Instances to speed up GitHub Action exploration
Terraform: Autoscale AWS EC2 as GitHub Runner with Terraform and AWS Lambda
What are some alternatives?
saml2aws - CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP
terraform-aws-oidc-github - Terraform module to configure GitHub Actions as an OpenID Connect (OIDC) identity provider in AWS.
evb-cli - Pattern generator and debugging tool for Amazon EventBridge
serverless-iam-roles-per-function - Serverless Plugin for easily defining IAM roles per function via the use of iamRoleStatements at the function level.
valheim-ecs-fargate-cdk - AWS CDK/Cloudformation to deploy a Valheim Server using ECS Fargate!
actions-runner-controller - Kubernetes controller for GitHub Actions self-hosted runners