Issue #110
Monday · March 20, 2023
π₯ AWS security blogs
- New AWS Security Blog homepage β Weβve launched a new AWS Security Blog homepage! While we currently have no plans to deprecate our existing list-view homepage, we have recently launched a new, security-centered homepage to provide readers with more blog info and easy access to the rest of AWS Security. Please bookmark the new page, and β¦
- How to use Google Workspace as an external identity provider for AWS IAM Identity Center β March 8, 2023: We updated the post to reflect some name changes (G Suite is now Google Workspace; AWS Single Sign-On is now AWS IAM Identity Center) and associated changes to the user interface and workflow when setting up Google Workspace as an external identity provider for IAM Identity Center. β¦
π Reddit threads on r/aws
- Amazon Linux 2023 Officially Released
- Introducing Mountpoint for Amazon S3 - A file client that translates local file system API calls to S3 object API calls like GET and LIST.
- Aws services that are known to be failed/bad/on ice β I know there are some services in AWS that are known to be kind of failed or not good in a general sense. Iβm thinking of things like AppMesh where the road map is obviously frozen and the community at large uses other things (istio, Kong, glue, etc.). What are β¦
- A Dismal Guide to AWS Billing
π Newsletters
π Top Links from Security Folks
- [tl;dr sec] #173 - What Software Will Be Post GPT-4, the Cybersecurity Landscape, Reducing Attack Surface in AWS β The AI-based architecture thatβll replace most existing software, overview of cybersecurity companies and acquisitions, how to lock down instance creds and regions/services in AWS.
- Update detected Β· z0ph/MAMIP@f84614f β [MAMIP] Monitor AWS Managed IAM Policies Changes . Contribute to z0ph/MAMIP development by creating an account on GitHub.
π "AWS Security" on Google News
π§ IAM permission changes
- mobilehub: 23 new actions, 1 new resource β 23 new actions: CreateProject (Create a project), CreateServiceRole (Enable AWS Mobile Hub in the account by creating the required service role), DeleteProject (Delete the specified project), DeleteProjectSnapshot (Delete a saved snapshot of project configuration), DeployToStage (Deploy changes to the specified stage), DescribeBundle (Describe the download bundle), ExportBundle (Export the download β¦
- apprunner: 4 new actions, 1 new resource β 4 new actions: AssociateWebAcl (Grants permission to associate the service with an AWS WAF web ACL), DescribeWebAclForService (Grants permission to get the AWS WAF web ACL that is associated with an AWS App Runner service), DisassociateWebAcl (Grants permission to disassociate the service with an AWS WAF web ACL), ListAssociatedServicesForWebAcl (Grants β¦
- chatbot: 11 new actions β 11 new actions: CreateMicrosoftTeamsChannelConfiguration (Grants permission to create an AWS Chatbot Microsoft Teams Channel Configuration), DeleteMicrosoftTeamsChannelConfiguration (Grants permission to delete an AWS Chatbot Microsoft Teams Channel Configuration), DeleteMicrosoftTeamsConfiguredTeam (Grants permission to delete the Microsoft Teams configured with AWS Chatbot in an AWS account), DeleteMicrosoftTeamsUserIdentity (Grants permission to delete an AWS β¦
πͺ API changes
- Application Auto Scaling - 2 updated methods β Application Auto Scaling customers can now use mathematical functions to customize the metric used with Target Tracking policies within the policy configuration itself, saving the cost and effort of publishing the customizations as a separate metric.
- AWS Data Exchange - 6 updated methods β This release enables data providers to license direct access to S3 objects encrypted with Customer Managed Keys (CMK) in AWS KMS through AWS Data Exchange. Subscribers can use these keys to decrypt, then use the encrypted S3 objects shared with them, without creating or managing copies.
- Amazon Elastic Compute Cloud - 3 updated methods β This release adds a new DnsOptions key (PrivateDnsOnlyForInboundResolverEndpoint) to CreateVpcEndpoint and ModifyVpcEndpoint APIs.
