Security Newsletter - Supply-chain attack inside a supply-chain attack. Citizen Lab report on NSO activities. EU cyber cooperation in Cyber Solidarity Act. • AWS Notification Message • [tl;dr sec] #178 - DevOps Threat Matrix, LLMs in Security • AWS Notification Message • Amazon Chime - 1 updated methods • Amazon Chime SDK Media Pipelines - 3 updated methods • Amazon Chime SDK Meetings - 1 updated methods • Protect your Amazon Cognito user pool with AWS WAF • Use IAM roles to connect GitHub Actions to actions in AWS • How to prioritize IAM Access Analyzer findings • A sneak peek at the data protection sessions for re:Inforce 2023 • notifications: 21 new actions, 4 new resources, 8 new conditions • notifications-contacts: 9 new actions, 1 new resource, 4 new conditions • ram: 9 new actions, 1 new condition | 7 updated actions, 1 updated resource • Ensuring secure values by private keys in AWS (KMS, SSM, Secrets Manager) • Cross Account MSK Connectivity using AWS PrivateLink • Python 3.10 Runtime Now Supported in Lambdas • Amazon EFS now supports up to 10 GiB/s of throughput • AWS Skillbuilder down for maintenance • Five Rookie Mistakes with Kubernetes on AWS • Amazon's AWS Adds New Threat Detection Capabilities To Boost Customer Security - Amazon.com (NASDAQ:AMZN) - Benzinga • Swimlane-AWS partnership brings low-code automation to Amazon ... - SiliconANGLE News

ASD Logo

24
Monday April, 2023

📣 Sponsor

How much are rogue AWS accounts costing you?

While most organizations have policies in place to minimize the creation of cloud accounts outside of their centralized governance process, there are common reasons policy doesn’t always eliminate this problem. Check out this blog from Nudge Security covering these issues and how to avoid them.

Read the blog

🐿 In a nutshell

A lot of friction comes to mind when it comes to the debate about Lambda VPC or Standard Lambda function on AWS.

One key benefit of using Lambda inside VPC is to benefit VPC Flow logs and the possibility to apply control on outbound flows from Lambda (web filtering).

With this new feature from GuardDuty, AWS intends to control suspicious outbound activities on standard Lambda outside VPC ( which is the majority of Lambda use-case).

It comes at a cost: $1.00 per GB for the first 500GB of Network activity log analysis in us-east-1.

🔦 Highlight of the week

  1. Announcing Amazon GuardDuty support for AWS Lambda
  2. Zero Trust Access to Private Webapps on AWS ECS with Cloudflare Tunnel
  3. IAMbic is a multi-cloud identity and access management (IAM) control plane

📢 MAMIP (Monitor AWS Managed IAM Policies)

Policies changed since last week (16):

[...]

Weekly diff

Newsletters
Security Newsletter - Supply-chain attack inside a supply-chain attack. Citizen Lab report on NSO activities. EU cyber cooperation in Cyber Solidarity Act.
Dieter Van der StockApr 21
AWS Notification Message
GuardDutyAnnouncementsApr 20
[tl;dr sec] #178 - DevOps Threat Matrix, LLMs in Security
Clint at tl;dr secApr 20
AWS Notification Message
GuardDutyAnnouncementsApr 19
AWS API Changes
Amazon Chime - 1 updated methods
Apr 20
Adds support for Hindi and Thai languages and additional Amazon Transcribe parameters to the StartMeetingTranscription API.
Amazon Chime SDK Media Pipelines - 3 updated methods
Apr 20
Adds support for Hindi and Thai languages and additional Amazon Transcribe parameters to the StartMeetingTranscription API.
Amazon Chime SDK Meetings - 1 updated methods
Apr 20
Adds support for Hindi and Thai languages and additional Amazon Transcribe parameters to the StartMeetingTranscription API.

📣 Sponsor

Are you suffering from FOMO syndrome (Fear of missing out) when it comes to the latest news and trends in the AWS Security landscape? Fear not! Our AWS Security Digest Newsletter has got you covered.

We are excited to announce that sponsorship opportunities are still available for the end of May and June issues of our newsletter. This is a great chance to reach our engaged audience of AWS Security professionals and showcase your products and services.

Let us know, drop us a line!

AWS Security Blog
Protect your Amazon Cognito user pool with AWS WAF
Maitreya RanganathApr 21
Many of our customers use Amazon Cognito user pools to add authentication, authorization, and user management capabilities to their web and mobile applications. You can enable the built-in advanced security in Amazon Cognito to detect and block the use of credentials that have been compromised elsewhere, and to detect unusual sign-in activity …
Use IAM roles to connect GitHub Actions to actions in AWS
David RoweApr 20
Have you ever wanted to initiate change in an Amazon Web Services (AWS) account after you update a GitHub repository, or deploy updates in an AWS application after you merge a commit, without the use of AWS Identity and Access Management (IAM) user access keys? If you configure an OpenID …
How to prioritize IAM Access Analyzer findings
Swara GandhiApr 20
AWS Identity and Access Management (IAM) Access Analyzer is an important tool in your journey towards least privilege access. You can use IAM Access Analyzer access previews to preview and validate public and cross-account access before deploying permissions changes in your environment. For the permissions already in place, one of IAM …
A sneak peek at the data protection sessions for re:Inforce 2023
Katie CollinsApr 19
A full conference pass is $1,099. Register today with the code secure150off to receive a limited time $150 discount, while supplies last. AWS re:Inforce is fast approaching, and this post can help you plan your agenda. AWS re:Inforce is a security learning conference where you can gain skills and confidence …
IAM Permission Changes
notifications: 21 new actions, 4 new resources, 8 new conditions
Apr 22
21 new actions: AssociateChannel (Grants permission to associate a new Channel with a particular NotificationConfiguration), CreateEventRule (Grants permission to create a new EventRule, associating it with a NotificationConfiguration), CreateNotificationConfiguration (Grants permission to create a NotificationConfiguration), DeleteEventRule (Grants permission to delete an EventRule), DeleteNotificationConfiguration (Grants permission to delete a NotificationConfiguration), DeregisterNotificationHub …
notifications-contacts: 9 new actions, 1 new resource, 4 new conditions
Apr 22
9 new actions: ActivateEmailContact (Grants permission to activate the email contact associated with the given ARN if the provided code is valid), CreateEmailContact (Grants permission to create an email contact), DeleteEmailContact (Grants permission to delete an email contact associated with the given ARN), GetEmailContact (Grants permission to get an email …
ram: 9 new actions, 1 new condition | 7 updated actions, 1 updated resource
Apr 22
9 new actions: CreatePermission (Grants permission to create a Permission that can be associated to a Resource Share), CreatePermissionVersion (Grants permission to create a new version of a Permission that can be associated to a Resource Share), DeletePermission (Grants permission to delete a specified Permission), DeletePermissionVersion (Grants permission to delete …
Dev.to #aws, security
Ensuring secure values by private keys in AWS (KMS, SSM, Secrets Manager)
#aws #security #serverless
Cross Account MSK Connectivity using AWS PrivateLink
#aws #security #kafka
r/aws
Python 3.10 Runtime Now Supported in Lambdas
19828

https://aws.amazon.com/about-aws/whats-new/2023/04/aws-lambda-python-3-10/

Finally!

Amazon EFS now supports up to 10 GiB/s of throughput
11618aws.amazon.com
AWS Skillbuilder down for maintenance
92130

4/22/2023 7:00PM CST ----->

There is now a different maintenance page showing up at the Skill Builder URL! It seems like someone is working on something or atleast they are letting us know that they are aware and here is how you can get to other areas that are still …

Five Rookie Mistakes with Kubernetes on AWS
8723benchkram.de
"AWS Security" on Google News
Amazon's AWS Adds New Threat Detection Capabilities To Boost Customer Security - Amazon.com (NASDAQ:AMZN) - Benzinga
BenzingaApril 24
Swimlane-AWS partnership brings low-code automation to Amazon ... - SiliconANGLE News
SiliconANGLE NewsApril 18
  • 🖊️ Don't miss out on the latest industry insights - stay ahead of the game by subscribing
  • 📢 Gain visibility for your brand by sponsoring our content
  • 💌 If you have any suggestions for future topics, let us know