Issue #111
Monday · March 27, 2023
🥗 AWS security blogs
- Automate the deployment of an NGINX web service using Amazon ECS with TLS offload in CloudHSM — Customers who require private keys for their TLS certificates to be stored in FIPS 140-2 Level 3 certified hardware security modules (HSMs) can use AWS CloudHSM to store their keys for websites hosted in the cloud. In this blog post, we will show you how to automate the deployment of …
- Use backups to recover from security incidents — Greetings from the AWS Customer Incident Response Team (CIRT)! AWS CIRT is dedicated to supporting customers during active security events on the customer side of the AWS Shared Responsibility Model. Over the past three years, AWS CIRT has supported customers with security events in their AWS accounts. These include the …
- Simplify management of Network Firewall rule groups with VPC managed prefix lists — In this blog post, we will show you how to use managed prefix lists to simplify management of your AWS Network Firewall rules and policies across your Amazon Virtual Private Cloud (Amazon VPC) in the same AWS Region. AWS Network Firewall is a stateful, managed, network firewall and intrusion detection …
- How to use Amazon Macie to reduce the cost of discovering sensitive data — Amazon Macie is a fully managed data security service that uses machine learning and pattern matching to discover and help protect your sensitive data, such as personally identifiable information (PII), payment card data, and Amazon Web Services (AWS) credentials. Analyzing large volumes of data for the presence of sensitive information …
🍛 Reddit threads on r/aws
- Amazon is laying off another 9,000 employees across AWS, Twitch, advertising
- Application Load Balancer now supports TLS 1.3 — Just like it sounds, TLS 1.3 is now available on ALB. https://aws.amazon.com/about-aws/whats-new/2023/03/application-load-balancer-tls-1-3/
- FTC Seeks Comment on Business Practices of Cloud Computing Providers that Could Impact Competition and Data Security
- Clean Rooms are now generally available? Clearly my kids didn’t get the message! /s
📌 Newsletters
📌 Top Links from Security Folks
- fwd:cloudsec — fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense …
- We updated our RSA SSH host key | The GitHub Blog — At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations …
📌 "AWS Security" on Google News
🧁 IAM permission changes
- chime: 33 new actions, 4 new resources | 44 updated actions — 33 new actions: CreateAppInstanceBot (Grants permission to create a bot under an Amazon Chime AppInstance), CreateMediaInsightsPipeline (Grants permission to create a media insights pipeline), CreateMediaInsightsPipelineConfiguration (Grants permission to create a media insights pipeline configuration), CreateVoiceProfile (Grants permission to create a voice profile), CreateVoiceProfileDomain (Grants permission to create a voice profile …
- ivs: 7 new actions, 1 new resource | 3 updated actions — 7 new actions: CreateParticipantToken (Grants permission to create a participant token), CreateStage (Grants permission to create a stage), DeleteStage (Grants permission to delete the stage for a specified ARN), DisconnectParticipant (Grants permission to disconnect a participant from for the specified stage ARN), GetStage (Grants permission to get stage information for …
- refactor-spaces: 2 updated actions — 2 updated actions: ListRoutes (resources), ListApplications (resources)
🍪 API changes
- AWS Batch - 4 updated methods — This feature allows Batch to support configuration of ephemeral storage size for jobs running on FARGATE
- Amazon Chime SDK Identity - 6 new 2 updated methods — AppInstanceBots can be used to add a bot powered by Amazon Lex to chat channels. ExpirationSettings provides automatic resource deletion for AppInstanceUsers.
- Amazon Chime SDK Media Pipelines - 7 new 5 updated methods — This release adds Amazon Chime SDK call analytics. Call analytics include voice analytics, which provides speaker search and voice tone analysis. These capabilities can be used with Amazon Transcribe and Transcribe Call Analytics to generate machine-learning-powered insights from real-time audio.
