Issue #35
Monday · September 06, 2021
π₯ AWS security blogs
- How US federal agencies can authenticate to AWS with multi-factor authentication β This post is part of a series about how AWS can help your US federal agency meet the requirements of the Presidentβs Executive Order on Improving the Nationβs Cybersecurity. We recognize that government agencies have varying degrees of identity management and cloud maturity and that the requirement to implement multi-factor, β¦
- Top 10 security best practices for securing data in Amazon S3 β With more than 100 trillion objects in Amazon Simple Storage Service (Amazon S3) and an almost unimaginably broad set of use cases, securing data stored in Amazon S3 is important for every organization. So, weβve curated the top 10 controls for securing your data in S3. By default, all S3 β¦
- How to improve visibility into AWS WAF with anomaly detection β When your APIs are exposed on the internet, they naturally face unpredictable traffic. AWS WAF helps protect your applicationβs API against common web exploits, such as SQL injection and cross-site scripting. In this blog post, youβll learn how to automatically detect anomalies in the AWS WAF metrics to improve your β¦
- Ransomware mitigation: Top 5 protections and recovery preparation actions β In this post, Iβll cover the top five things that Amazon Web Services (AWS) customers can do to help protect and recover their resources from ransomware. This blog post focuses specifically on preemptive actions that you can take. #1 β Set up the ability to recover your apps and data β¦
π Reddit threads on r/aws
- New for AWS CloudFormation β Quickly Retry Stack Operations from the Point of Failure
- Internal Amazon documents shed light on how company pressures out 6% of office workers (2021)
- Outage β If nobody else is going to say (you're probably scrambling as much as us), there's a network outage in Oregon (US-West-2).
- Congrats to /r/aws for hitting 180k members β Please let us know what we (mods) can do better to continue to improve the community and grow.
- Amazon Managed Grafana Is Now Generally Available with direct SSO, SAP, Jira and V8 updates
π Newsletters
π AWS Security by CloudNews
- ACM Private CA now supports the Online Certificate Status Protocol (OCSP) β AWS Certificate Manager (ACM) Private Certificate Authority (CA) announces the availability of Online Certificate Status Protocol (OCSP) for distributing certificate revocation information. When establishing an encrypted TLS connection, endpoints can use OCSP to query, in near real time, if a certificate has been revoked. Thus alerting the endpoint that the β¦
- AWS Firewall Manager now supports AWS WAF log filtering β AWS Firewall Manager now enables security administrators to specify which web requests to log and which requests to exclude from logs when using AWS WAF to inspect web traffic. If you use Firewall Manager security policies to centralize AWS WAF logging, you can now log only the information you want β¦
π r/netsec
π r/cloudsecurity
- Open Source CSPMs? β Has anyone used an open-source CSPM? I've found a few: Cloud Custodian, CloudSploit, OpenCSPM, and MagPie. Wondering if any of these are viable options. What were the pros and cons of going with open source instead of a vendor product?
π "AWS Security" on Google News
π§ IAM permission changes
- route53resolver: 3 updated actions β 3 updated actions: PutFirewallRuleGroupPolicy (access), PutResolverQueryLogConfigPolicy (access), PutResolverRulePolicy (access)
- cloud9: 14 new actions | 3 updated actions β 14 new actions: ActivateEC2Remote (start the amazon ec2 instance that your aws cloud9 ide connects to), CreateEnvironmentSSH (create an aws cloud9 ssh development environment), CreateEnvironmentToken (create an authentication token that allows a connection between the aws cloud9 ide and the user's environment), DescribeEC2Remote (get details about the connection to the β¦
- ssm: 1 updated resource | 1 removed condition β 1 updated resource: task (conditions)
- sagemaker: 1 new action β 1 new action: InvokeEndpointAsync (get inferences from the hosted model at the specified endpoint in an asynchronous manner)
πͺ API changes
- AWS Certificate Manager Private Certificate Authority - 4 updated methods β Private Certificate Authority Service now allows customers to enable an online certificate status protocol (OCSP) responder service on their private certificate authorities. Customers can also optionally configure a custom CNAME for their OCSP responder.
- Amazon Elastic File System - 2 updated methods β Adds support for EFS Intelligent-Tiering, which uses EFS Lifecycle Management to monitor file access patterns and is designed to automatically transition files to and from your corresponding Infrequent Access (IA) storage classes.
- Amazon FSx - 9 new 7 updated methods β Announcing Amazon FSx for NetApp ONTAP, a new service that provides fully managed shared storage in the AWS Cloud with the data access and management capabilities of ONTAP.
- Amazon Lex Model Building Service - 9 updated methods β Lex now supports Korean (ko-KR) locale.
