Issue #112
Monday · April 03, 2023
🥗 AWS security blogs
- Simplify web app authentication: A guide to AD FS federation with Amazon Cognito user pools — August 13, 2018: Date this post was first published, on the Front-End Web and Mobile Blog. We updated the CloudFormation template, provided additional clarification on implementation steps, and revised to account for the new Amazon Cognito UI. User authentication and authorization can be challenging when you’re building web and mobile …
- Gain insights and knowledge at AWS re:Inforce 2023 — I’d like to personally invite you to attend the Amazon Web Services (AWS) security conference, AWS re:Inforce 2023, in Anaheim, CA on June 13–14, 2023. You’ll have access to interactive educational content to address your security, compliance, privacy, and identity management needs. Join security experts, peers, leaders, and partners from …
- The National Intelligence Center of Spain and AWS collaborate to promote public sector cybersecurity — Spanish version » The National Intelligence Center and National Cryptological Center (CNI-CCN)—attached to the Spanish Ministry of Defense—and Amazon Web Services (AWS) have signed a strategic collaboration agreement to jointly promote cybersecurity and innovation in the public sector through AWS Cloud technology. Under the umbrella of this alliance, the CNI-CCN …
- How to use Amazon GuardDuty and AWS WAF v2 to automatically block suspicious hosts — In this post, we’ll share an automation pattern that you can use to automatically detect and block suspicious hosts that are attempting to access your Amazon Web Services (AWS) resources. The automation will rely on Amazon GuardDuty to generate findings about the suspicious hosts, and then you can respond to …
🍛 Reddit threads on r/aws
- Amazon Fights Oregon Clean Energy Bill — https://www.oregonlive.com/business/2023/03/amazon-fights-oregon-data-center-clean-energy-bill.html But what about the new sustainability pillar!!?!?!?! Shit like this is the exact reason I say that their things like the "Sustainability Pillar" are pure bullshit. I love you to death AWS. But don't pretend you care about the environment. You're a big corporate machine with one goal: To …
- Aws reps keep pushing a specific vendor on me — Two aws reps with Amazon.com email addresses contacted me. They keep trying to push a well-architected review. They claim they have a specific vendor in mind for me. I told them that I was not interested, but then they tried to get me to install a tool that appears to …
- Amazon VPC Lattice now GA! — Amazon VPC Lattice is an application networking service that consistently connects, monitors, and secures communications between your services, helping to improve productivity so that your developers can focus on building features that matter to your business. You can define policies for network traffic management, access, and monitoring to connect compute …
- TLS 1.3 with ELB and ALB: The Wait is Over! — Our application is hosted on Elastic Beanstalk and we've been trying to select one of the TLS 1.3 security policies in the management console. However, we've been consistently receiving an error message stating that the policy is not supported. This has been a frustrating experience for us, as we know …
📌 Newsletters
📌 Top Links from Security Folks
- Exploring Amazon VPC Lattice – One Cloud Please — Today, AWS has released Amazon VPC Lattice to General Availability. This post walks through creating a simple VPC Lattice service using CloudFormation, and takes a …
- RFC: AppSync abstraction for SAM · aws/serverless-application-model · Discussion #3075 — Summary This RFC seeks feedback on a proposal for a new AWS::Serverless:GraphQLApi resource abstraction for SAM. In this proposal, we outline the challenges SAM customers …
📌 "AWS Security" on Google News
🧁 IAM permission changes
- guardduty: 3 new actions — 3 new actions: GetCoverageStatistics (Grants permission to list Amazon GuardDuty coverage statistics for the specified GuardDuty account in a Region), ListCoverage (Grants permission to list all the resource details for a given account in a Region), SendSecurityTelemetry (Grants permission to send security telemetry for a specific GuardDuty account in a …
- finspace: 1 updated condition — 1 updated condition: aws:TagKeys (type)
- applicationinsights: 1 new action — 1 new action: Link (Grants permission to share Application Insights resources with a monitoring account)
🍪 API changes
- Auto Scaling - 10 updated methods — Amazon EC2 Auto Scaling now supports Elastic Load Balancing traffic sources with the AttachTrafficSources, DetachTrafficSources, and DescribeTrafficSources APIs. This release also introduces a new activity status, "WaitingForConnectionDraining", for VPC Lattice to the DescribeScalingActivities API.
- AWS Batch - 1 updated methods — This feature allows Batch on EKS to support configuration of Pod Labels through Metadata for Batch on EKS Jobs.
- AWS Compute Optimizer - 4 updated methods — This release adds support for HDD EBS volume types and io2 Block Express. We are also adding support for 61 new instance types and instances that have non consecutive runtime.
