Issue #41
Monday · October 18, 2021
π₯ AWS security blogs
- New AWS workbook for New Zealand financial services customers β We are pleased to announce a new AWS workbook designed to help New Zealand financial services customers align with the Reserve Bank of New Zealand (RBNZ) Guidance on Cyber Resilience. The RBNZ Guidance on Cyber Resilience sets out the RBNZ expectations for its regulated entities regarding cyber resilience, and aims β¦
- Introducing the Security at the Edge: Core Principles whitepaper β Amazon Web Services (AWS) recently released the Security at the Edge: Core Principles whitepaper. Todayβs business leaders know that itβs critical to ensure that both the security of their environments and the security present in traditional cloud networks are extended to workloads at the edge. The whitepaper provides security executives β¦
π Reddit threads on r/aws
- Is the console down? β Myself and several others are getting 504 when trying to access the console on the east coast. Anyone else? edit: AND WE'RE BACK PEOPLE β edit: health now shows errors: 8:30 AM PDTΒ We are investigating increased error rates and latencies for the AWS Management Console. Yeah... latency. β edit: β¦
- A chance to do something good while sticking it to AWS? β Yes, please. Hi, Iβm Corey Quinn. Iβm an AWS billing consultant and professional shitposter. Some of you might know me from Last Week In AWS, the snarky newsletter I write. (Some of you donβt know me. You are the lucky ones.) What a few of you know is that every β¦
- [New] Network Load Balancer (NLB) now supports TLS 1.3 β Network Load Balancer (NLB) now supports version 1.3 of the Transport Layer Security (TLS) protocol, enabling you to optimize the performance of your backend application servers while helping to keep your workloads secure. TLS 1.3 on NLB works by offloading encryption and decryption of TLS traffic from your application servers β¦
- How do you get over the learning curve? β I'm a software engineer, I know what ec2, dynamo, rds, elb, and all these services are but when it comes to putting a cloudformation or cdk infra as code script together I just get stuck. The amount of configuration variables and details you need to be aware of are just β¦
- Successfully made my first secure static site! (Even used new CloudFront functions to rewrite urls) β Many of you tried to help me when I was having trouble launching a site, as I'm new to AWS so this post is just an update. The struggle I was having was a certificate request kept timing out. It turns out that because I had deleted and recreated my β¦
π Newsletters
π Top Links from Security Folks
- Bypassing required reviews using GitHub Actions - Cider Security - Medium β Not using GitHub Actions? Youβre also vulnerable.
π r/netsec
π "AWS Security" on Google News
π§ IAM permission changes
- cloudformation: 1 new condition | 4 updated actions β 1 new condition: cloudformation:TargetRegion (filters access by stack set target region. use to control which regions iam users can use when they create or update stack sets); 4 updated actions: UpdateStackSet (conditions), CreateStackInstances (conditions), DeleteStackInstances (conditions), UpdateStackInstances (conditions)
- elasticmapreduce: 9 new actions β 9 new actions: AttachEditor (attach an emr notebook to a compute engine), CreatePersistentAppUI (create a persistent application history server), CreateStudioPresignedUrl (launch an emr studio using iam authentication mode), DescribePersistentAppUI (describe a persistent application history server), DescribeReleaseLabel (view information about an emr release, such as which applications are supported), DetachEditor (detach β¦
- servicequotas: 1 updated action β 1 updated action: ListTagsForResource (access)
- ec2: 7 new conditions | 188 updated actions, 29 updated resources, 1 updated condition | 2 removed conditions β 7 new conditions: ec2:AllocationId (filters access by the allocation id of the elastic ip), ec2:Domain (filters access domain of the elastic ip address), ec2:KeyPairType (filters access by a key pair type), ec2:KmsKeyId (filters access by an id of your aws key management service), ec2:Phase2DHGroup (filters access by the diffie-hellman group β¦
πͺ API changes
- Auto Scaling - 1 updated methods β Amazon EC2 Auto Scaling now supports filtering describe Auto Scaling groups API using tags
- Elastic Load Balancing - 1 updated methods β Adds new option to filter by availability on each type of load balancer when describing ssl policies.
- AWS RoboMaker - 16 updated methods β Adding support to GPU simulation jobs as well as non-ROS simulation jobs.
- AWS Config - 12 updated methods β Adding Config support for AWS::OpenSearch::Domain
