Issue #102
Monday · January 23, 2023
π₯ AWS security blogs
- Use AWS WAF CAPTCHA to protect your application against common bot traffic β In this blog post, youβll learn how you can use a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) with other AWS WAF controls as part of a layered approach to provide comprehensive protection against bot traffic. Weβll describe a workflow that tracks the number of β¦
- Fall 2022 SOC reports now available in Spanish β Spanish version >> We continue to listen to our customers, regulators, and stakeholders to understand their needs regarding audit, assurance, certification, and attestation programs at Amazon Web Services (AWS). We are pleased to announce that Fall 2022 System and Organization Controls (SOC) 1, SOC 2, and SOC 3 reports are β¦
- C5 Type 2 attestation report now available with 156 services in scope β We continue to expand the scope of our assurance programs at Amazon Web Services (AWS), and we are pleased to announce that AWS has successfully completed the 2022 Cloud Computing Compliance Controls Catalogue (C5) attestation cycle with 156 services in scope. This alignment with C5 requirements demonstrates our ongoing commitment β¦
- Fall 2022 PCI DSS report available with six services added to compliance scope β Weβre continuing to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that six additional services have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification. This provides our customers with more options to process β¦
π Reddit threads on r/aws
- AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass | Datadog Security Labs
- Please teach me: I cannot for the life of me understand why I should use ECS over running containers on EC2 β Just spent a day of my weekend trying to get ECS basic functionality to work. What I mean by basic functionality is: Deploying the app Autoscaling Deployments and Updates I got 1 and 2 correct as it was pretty easy, but I could not for the life of me get β¦
- Add HTTP streaming to your Lambda with practically 0ms added latency
- Resource abstractions to be deprecated in AWS python SDK boto3
π Newsletters
π Top Links from Security Folks
- AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass | Datadog Security Labs β Public disclosure of a method to bypass CloudTrail for specific IAM actions.
- Incident report: stolen AWS access keys β Here we walk through what happens when attackers steal a set of AWS access keys. Recently, our SOC, threat hunting, and detection engineering teams collaborated β¦
π "AWS Security" on Google News
π AWS IP Ranges Updates
- AWS IP Ranges update for 2023-01-10 21:13:06 β Changed by +8 Added 142.4.161.16/29
- AWS IP Ranges update for 2023-01-11 11:43:08 β No changes to IPs
π§ IAM permission changes
- resource-groups: 2 new actions β 2 new actions: GetAccountSettings (Grants permission to get the current status of optional features in Resource Groups), UpdateAccountSettings (Grants permission to update optional features in Resource Groups)
- guardduty: 4 new actions β 4 new actions: AcceptAdministratorInvitation (Grants permission to accept invitations to become a GuardDuty member account), DisassociateFromAdministratorAccount (Grants permission to disassociate a GuardDuty member account from its GuardDuty administrator account), GetAdministratorAccount (Grants permission to retrieve details of the GuardDuty administrator account associated with a member account), GetRemainingFreeTrialDays (Grants permission to provide β¦
- config: 3 new actions β 3 new actions: GetResourceEvaluationSummary (Grants permission to return the summary of resource evaluations for a specific resource evaluation ID), ListResourceEvaluations (Grants permission to list the resource evaluation summaries for an AWS account in an AWS Region), StartResourceEvaluation (Grants permission to evaluate your resource details against the AWS Config rules in β¦
πͺ API changes
- Amazon Appflow - 12 updated methods β Adding support for Salesforce Pardot connector in Amazon AppFlow.
- Amazon Connect Service - 2 updated methods β Amazon Connect Chat introduces Persistent Chat, allowing customers to resume previous conversations with context and transcripts carried over from previous chats, eliminating the need to repeat themselves and allowing agents to provide personalized service with access to entire conversation history.
- Amazon Connect Participant Service - 1 updated methods β This release updates Amazon Connect Participant's GetTranscript api to provide transcripts of past chats on a persistent chat session.
- Amazon Elastic Compute Cloud - 2 updated methods β Adds SSM Parameter Resource Aliasing support to EC2 Launch Templates. Launch Templates can now store parameter aliases in place of AMI Resource IDs. CreateLaunchTemplateVersion and DescribeLaunchTemplateVersions now support a convenience flag, ResolveAlias, to return the resolved parameter value.
