Issue #40
Monday · October 11, 2021
π₯ AWS security blogs
- Update the alternate security contact across your AWS accounts for timely security notifications β Amazon Web Services (AWS)Β will send you important security notifications from time to time related to your account. From a security perspective, the ability for AWS Security to reach you in a timely manner is important whether you have one AWS account or thousands. These notifications could include alerts from AWS β¦
- Enabling data classification for Amazon RDS database with Macie β Customers have been asking us about ways to use Amazon Macie data discovery on their Amazon Relational Database Service (Amazon RDS) instances. This post presents how to do so using AWS Database Migration Service (AWS DMS) to extract data from Amazon RDS, store it on Amazon Simple Storage Service (Amazon β¦
- How to set up a two-way integration between AWS Security Hub and Jira Service Management β If you use bothΒ AWS Security HubΒ andΒ Jira Service Management, you can use the new AWS Service Management Connector for Jira Service Management to create an automated, bidirectional integration between these two products that keeps your Security Hub findings and Jira issues in sync. In this blog post, Iβll show you how β¦
π Reddit threads on r/aws
- "And what does your AWS cloud look like?" "Well..."
- What's your oldest S3 bucket? β This post has a bucket from 16-Mar-2006 - just 2 days after S3 was launched! Fun fact: Only us-east-1 returns the true creation date for buckets, no matter what region the bucket is created in. Other regions return the last updated time instead.
- When you let a game dev make an UI for a cloud housekeeping tool ( Link to source in post )
- Pacu: The Open Source AWS Exploitation Framework
- AWS Access Keys - A Reference
π Newsletters
π AWS IAM Release Notes
- Updates to security best practices β Added information about creating IAM admin users instead of using root user credentials, removed the best practice of using user groups to assign permissions to IAM users, and clarified when to use managed policies instead of inline policies.
- Updates to policy evaluation logic topic for resource-based policies β Added information about the impact of resource-based policies and different principal types in the same account.
π r/netsec
π "AWS Security" on Google News
π§ IAM permission changes
- opsworks: 2 updated actions β 2 updated actions: TagResource (access), UntagResource (access)
- workmail: 2 new actions β 2 new actions: DescribeInboundDmarcSettings (read the settings in a dmarc policy for a specified organization), PutInboundDmarcSettings (enable or disable a dmarc policy for a given organization)
- backup: 2 new actions, 1 new condition | 2 updated actions β 2 new actions: DeleteBackupVaultLockConfiguration (remove the lock configuration from a backup vault), PutBackupVaultLockConfiguration (add a lock configuration to the backup vault); 1 new condition: backup:FrameworkArns (filters access by the framework arns); 2 updated actions: CreateReportPlan (conditions), UpdateReportPlan (conditions)
- s3: 1 new condition | 3 updated actions, 1 updated resource, 2 updated conditions β 1 new condition: s3:x-amz-server-side-encryption-customer-algorithm (filters access by customer-provided algorithm (sse-c) for server-side encryption); 3 updated actions: BypassGovernanceRetention (conditions), PutObject (conditions), ReplicateObject (conditions); 1 updated resource: multiregionaccesspoint (arn); 2 updated conditions: aws:TagKeys (type), s3:RequestObjectTagKeys (type)
πͺ API changes
- AWS Elemental MediaConvert - 3 new methods β AWS Elemental MediaConvert has added the ability to set account policies which control access restrictions for HTTP, HTTPS, and S3 content sources.
- Amazon Lex Model Building V2 - 3 updated methods β Added configuration support for an Amazon Lex bot to provide fulfillment progress updates to users while their requests are being processed. See documentation for more details: https://docs.aws.amazon.com/lexv2/latest/dg/streaming-progress.html
- Amazon Lex Runtime V2 - 3 updated methods β Updates API to latest version.
- AWS SecurityHub - 2 updated methods β Added new resource details objects to ASFF, including resources for WAF rate-based rules, EC2 VPC endpoints, ECR repositories, EKS clusters, X-Ray encryption, and OpenSearch domains. Added additional details for CloudFront distributions, CodeBuild projects, ELB V2 load balancers, and S3 buckets.
