Issue #38
Monday · September 27, 2021
🥗 AWS security blogs
- AWS achieves GSMA security certification for US East (Ohio) Region — We continue to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that our US East (Ohio) Region (us-east-2) is now certified by the GSM Association (GSMA) under its Security Accreditation Scheme Subscription Management (SAS-SM) with scope Data Center Operations and Management …
🍛 Reddit threads on r/aws
- Posting for visibility: AWS needs to provide support for multi-account users — AWS recommends that we set up multiple AWS accounts for each developer working on a project, and in some cases, separate AWS accounts for dev/production. This is how we've set things up, and it works great, but there's one huge drawback: we can't get support to help with the sub-accounts. …
- In the Works – AWS Region in New Zealand
- Save 20% on EBS Costs by Migrating from GP2 to GP3
- Problems with elasticache in us-east-1? — Currently I have a couple of alarms in INSUFICIENT_DATA from 2 different redis nodes, and at the same time a node from a redis cluster failed over and it's taking longer to come back. Anyone seeing something similar?
- AWS Organizations - Checklist for 2021
📌 Newsletters
📌 AWS Security by CloudNews
- AWS WAF now offers in-line regular expressions — AWS WAF extends its regular expression (regex) support, allowing regex patterns to be expressed in-line within a rule statement. Previously, you had to create a regex pattern set, which provides a collection of regex patterns in a rule statement, even if you wanted to use just a single regex pattern …
- Amazon Macie adds support for selecting managed data identifiers — Amazon Macie now allows you to select which managed data identifiersand, nbsp;to use when you create a sensitive data discovery job. This allows you to customize what data types you deem sensitive and would like Macie to alert on per specific data governance and privacy needs in your organization. When …
- Amazon Detective supports S3 and DNS finding types, adds finding details — Amazon Detective expands security investigation support for Amazon Simple Storage Service (S3) and DNS-related findings on Amazon GuardDuty, providing full coverage of all detections from GuardDuty. Along with this, Detective now makes it even easier for a security analyst to investigate entities and behaviors using a revamped user experience.and, nbsp;
📌 Top Links from Security Folks
- It's Time for Vendor Security 2.0 — In a previous post I talked about how security questionnaires are security theater. They were in 2018---and they still are---but pointing this out always
📌 r/netsec
📌 r/cloudsecurity
- Beta Testers Needed — Hey all, We have a new cloud security suite we are deploying over the next couple months called Crowd Sentry. We are in desperate need of beta testers and would like to offer our services free till our launch in February. If you would like to be a beta tester …
📌 "AWS Security" on Google News
- Shiji's AWS Competency: Pioneering Data Security for Hotel Technology - PRNewswire
- Authority to Operate on AWS Brings Splunk, Telos Corporation and stackArmor Together to Create a Simple and Fast Way to Help Achieve Compliance - Yahoo Finance
- More than 130,000 malicious IP addresses were blocked during Census 2021: AWS - ZDNet
🧁 IAM permission changes
- connect-campaigns: 18 new actions, 1 new resource, 3 new conditions — 18 new actions: CreateCampaign (create a campaign), DeleteCampaign (delete a campaign), DescribeCampaign (describe a specific campaign), GetCampaignState (get state of a campaign), GetCampaignStateBatch (get state of campaigns), ListCampaigns (provide summary of all campaigns), ListTagsForResource (list tags for a resource), PauseCampaign (pause a campaign), PutConnectInstanceConfig (add configuration information for an amazon …
- appstream: 1 new action — 1 new action: CreateUpdatedImage (update an existing image within customer account)
- license-manager: 3 new actions | 4 updated actions — 3 new actions: CreateLicenseConversionTaskForResource (create a license conversion task for a resource), GetLicenseConversionTask (retrieve a license conversion task), ListLicenseConversionTasks (list license conversion tasks); 4 updated actions: CreateLicenseConfiguration (access), ListLicenseConfigurations (access), ListLicenses (access), ListTagsForResource (access)
- ecr: 1 new action | 3 updated actions — 1 new action: DescribeImageReplicationStatus (retrieve replication status about an image in a registry, including failure reason if replication fails); 3 updated actions: DescribeImages (access), DescribeRepositories (access), ListTagsForResource (access)
🍪 API changes
- AWS AppSync - 4 updated methods — Documented the new OpenSearchServiceDataSourceConfig data type. Added deprecation notes to the ElasticsearchDataSourceConfig data type.
- AWS Elemental MediaConvert - 11 updated methods — This release adds style and positioning support for caption or subtitle burn-in from rich text sources such as TTML. This release also introduces configurable image-based trick play track generation.
- Amazon Simple Systems Manager (SSM) - 4 updated methods — Added cutoff behavior support for preventing new task invocations from starting when the maintenance window cutoff time is reached.
- EC2 Image Builder - 10 updated methods — This feature adds support for specifying GP3 volume throughput and configuring instance metadata options for instances launched by EC2 Image Builder.
