Issue #107
Monday · February 27, 2023
🥗 AWS security blogs
- How to use granular geographic match rules with AWS WAF — In November 2022, AWS introduced support for granular geographic (geo) match conditions in AWS WAF. This blog post demonstrates how you can use this new feature to customize your AWS WAF implementation and improve the security posture of your protected application. AWS WAF provides inline inspection of inbound traffic at …
- How to monitor and query IAM resources at scale – Part 2 — In this post, we continue with our recommendations for using AWS Identity and Access Management (IAM) APIs. In part 1 of this two-part series, we described how you could create IAM resources and use them soon after for authorization decisions. We also described options for monitoring and responding to IAM …
- How to monitor and query IAM resources at scale – Part 1 — In this two-part blog post, we’ll provide recommendations for using AWS Identity and Access Management (IAM) APIs, and we’ll share useful details on how IAM works so that you can use it more effectively. For example, you might be creating new IAM resources such as roles and policies through automation and notice …
- Top 2022 AWS data protection service and cryptography tool launches — Given the pace of Amazon Web Services (AWS) innovation, it can be challenging to stay up to date on the latest AWS service and feature launches. AWS provides services and tools to help you protect your data, accounts, and workloads from unauthorized access. AWS data protection services provide encryption capabilities, …
🍛 Reddit threads on r/aws
- EC2 naming explained
- Amazon Athena quietly got a lot better — Engine version 3
- Amazon EKS now support Kubernetes version 1.25
- $300k bill after AWS account hacked! — A few months ago my company started moving into building tech. We are fairly new to the tech game, and brought in some developers of varying levels. Soon after we started, one of the more junior developers pushed live something that seems to have had some AWS keys attached to …
📌 Newsletters
📌 Top Links from Security Folks
- fwd:cloudsec 2023 — fwd:cloudsec is the industry’s leading independent, community-driven cloud security conference. All times listed are in US/Pacific time.
- How to monitor and query IAM resources at scale – Part 1 | Amazon Web Services — In this two-part blog post, we’ll provide recommendations for using AWS Identity and Access Management (IAM) APIs, and we’ll share useful details on how IAM …
- A role for all your EC2 instances — tl;dr: You can now pass an IAM role to every EC2 instance in your account + region.
- Create a Console Session from IAM Credentials - Hacking The Cloud — How to use IAM credentials to create an AWS Console session.
📌 "AWS Security" on Google News
📌 AWS IP Ranges Updates
- AWS IP Ranges update for 2023-02-17 00:13:06 — No changes to IPs
- AWS IP Ranges update for 2023-02-17 17:13:06 — Changed by -256 Removed 172.103.41.0/24
🧁 IAM permission changes
- internetmonitor: 4 updated actions, 2 updated resources — 4 updated actions: GetHealthEvent (resources), ListTagsForResource (resources), TagResource (resources), UntagResource (resources); 2 updated resources: Monitor (arn), HealthEvent (arn)
- ecs: 1 new action | 1 updated action — 1 new action: DeleteTaskDefinitions (Grants permission to delete the specified task definitions by family and revision); 1 updated action: TagResource (conditions)
- resiliencehub: 13 new actions — 13 new actions: CreateAppVersionAppComponent (Grants permission to create application app component), CreateAppVersionResource (Grants permission to create application resource), DeleteAppInputSource (Grants permission to remove application input source), DeleteAppVersionAppComponent (Grants permission to delete application app component), DeleteAppVersionResource (Grants permission to delete application resource), DescribeAppVersion (Grants permission to describe application version), DescribeAppVersionAppComponent (Grants …
