Issue #104
Monday · February 06, 2023
π₯ AWS security blogs
- Define a custom session duration and terminate active sessions in IAM Identity Center β Managing access to accounts and applications requires a balance between delivering simple, convenient access and managing the risks associated with active user sessions. Based on your organizationβs needs, you might want to make it simple for end users to sign in and to operate long enough to get their work β¦
- How to set up ongoing replication from your third-party secrets manager to AWS Secrets Manager β Secrets managers are a great tool to securely store your secrets and provide access to secret material to a set of individuals, applications, or systems that you trust. Across your environments, you might have multiple secrets managers hosted on different providers, which can increase the complexity of maintaining a consistent β¦
- Reduce risk by implementing HttpOnly cookie authentication in Amazon API Gateway β Some web applications need to protect their authentication tokens or session IDs from cross-site scripting (XSS). Itβs an Open Web Application Security Project (OWASP) best practice for session management to store secrets in the browsersβ cookie store with the HttpOnly attribute enabled. When cookies have the HttpOnly attribute set, the β¦
- AWS achieves ISO 20000-1:2018 certification for 109 services β We continue to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that AWS Regions and AWS Edge locations are now certified by the International Organization for Standardization (ISO) 20000-1:2018 standard. This certification demonstrates our continuous commitment to adhere to the heightened β¦
π Newsletters
π "AWS Security" on Google News
π AWS IP Ranges Updates
- AWS IP Ranges update for 2023-01-28 00:43:08 β Changed by +2304 Added 96.0.112.0/21 Added 96.0.108.0/24
- AWS IP Ranges update for 2023-01-30 17:43:08 β Changed by +64 Added 13.34.91.0/26
π§ IAM permission changes
- cloudtrail-data: 1 new action, 1 new resource, 3 new conditions β 1 new action: PutAuditEvents (Grants permission to ingest your application events into CloudTrail Lake); 1 new resource: channel; 3 new conditions: aws:RequestTag/${TagKey} (Filters access by a tag's key and value in a request), aws:ResourceTag/${TagKey} (Filters actions based on the presence of tag key-value pairs in the request), aws:TagKeys (Filters access β¦
- kinesisvideo: 4 new actions β 4 new actions: DescribeMappedResourceConfiguration (Grants permission to describe the resource mapped to the Kinesis video stream), DescribeMediaStorageConfiguration (Grants permission to describe the media storage configuration of a signaling channel), JoinStorageSession (Grants permission to join a storage session for a channel), UpdateMediaStorageConfiguration (Grants permission to create or update an mapping between β¦
- cloudtrail: 6 new actions | 1 updated resource, 3 updated actions β 6 new actions: CreateChannel (Grants permission to create a channel), DeleteChannel (Grants permission to delete a channel), DeleteResourcePolicy (Grants permission to delete a resource policy from the provided resource), GetResourcePolicy (Grants permission to get the resource policy attached to the provided resource), PutResourcePolicy (Grants permission to attach a resource policy β¦
πͺ API changes
- AWS AppSync - 4 updated methods β This release introduces the feature to support EventBridge as AppSync data source.
- AWS CloudTrail - 6 new 1 updated methods β Add new "Channel" APIs to enable users to manage channels used for CloudTrail Lake integrations, and "Resource Policy" APIs to enable users to manage the resource-based permissions policy attached to a channel.
- AWS CloudTrail Data Service - 1 new methods β Add CloudTrail Data Service to enable users to ingest activity events from non-AWS sources into CloudTrail Lake.
- CodeArtifact - 1 new methods β This release introduces a new DeletePackage API, which enables deletion of a package and all of its versions from a repository.
