SRE Weekly Issue #292 • 📖 [The CloudSecList] Issue 109 • [tl;dr sec] #105 - DevSecOps, Ransomware & S3 • Auto Scaling - 1 updated methods • Elastic Load Balancing - 1 updated methods • AWS RoboMaker - 16 updated methods • AWS Config - 12 updated methods • New AWS workbook for New Zealand financial services customers • Introducing the Security at the Edge: Core Principles whitepaper • cloudformation: 1 new condition | 4 updated actions • elasticmapreduce: 9 new actions • servicequotas: 1 updated action • ec2: 7 new conditions | 188 updated actions, 29 updated resources, 1 updated condition | 2 removed conditions • Bypassing required reviews using GitHub Actions - Cider Security - Medium • In 2016, <a href="https://twitter.com/dagrz" target="_blank">@dagrz</a> gave one of the greatest cloud security talks ever, filled with new techniques that have been rediscovered repeatedly in the years since. I've remastered it from video obtained from an audience member and the slide deck. <a href="https://t.co/o0sMXeZPiw" target="_blank">youtube.com/watch?v=8ZXRw4…</a> • The playlist from the conference is now up! <a href="https://t.co/88sFfkAc6Y" target="_blank">youtube.com/playlist?list=…</a> • The <a href="https://twitter.com/fwdcloudsec" target="_blank">@fwdcloudsec</a> 2021 talk videos are now up on YouTube. ☁️🔓📺 Check out all the great speakers from the playlist: <a href="https://t.co/SdqHDdv8vA" target="_blank">youtube.com/playlist?list=…</a> • The Infrastructure as Code rebel alliance are applying a new tactic to discourage use of the console. • 💚I love that in AWS I can have two ongoing email threads with senior leaders. One about critical infrastructure decisions and the other bantering about pumpkin spice everything. Our quirkiness is legit. 🎃☕ • 🗒️ <a href="https://twitter.com/hashtag/Kubernetes" target="_blank">#Kubernetes</a> Security Checklist and Requirements A checklist by <a href="https://twitter.com/vinumsec" target="_blank">@vinumsec</a> covering: * AuthN and AuthZ * Secrets * Cluster config * Auditing and logging * OS config * Network security * Secure configuration of workloads * Securely building images <a href="https://t.co/vZ65pO2qth" target="_blank">github.com/Vinum-Security…</a> • TIL that the AWS Route 53 team: * use exclamation marks in their error messages! * think example[.]com is more deserving of protection than chime[.]aws • Now that GitHub-&gt;AWS OIDC federation is almost here, I want more controls on the AWS side of things. Without them, I don't see large orgs being as enthusiastic about this feature as solo yolo devs. tldr: 1. Trust policy boundaries 2. Claim-tag mappings <a href="https://t.co/8UFPLSmOsa" target="_blank">awsteele.com/blog/2021/10/1…</a> • ⚠️ Risk-Based Security Decision Making at <a href="https://twitter.com/netflix" target="_blank">@netflix</a> This presentation on Thursday sounds 👌 * How Netflix uses risk to make informed decisions * Deep dive into app risk quantification * Using ML to scale expert knowledge * + more H/T <a href="https://twitter.com/travismcpeak" target="_blank">@travismcpeak</a> <a href="https://t.co/UNFx3O6Bkx" target="_blank">eventbrite.com/e/risk-based-s…</a> • Oh man. That feeling when OWASP tweets your name ☺️ feelsgoodman.png Super excited for this talk! • Is the console down? • A chance to do something good while sticking it to AWS? • [New] Network Load Balancer (NLB) now supports TLS 1.3 • How do you get over the learning curve? • Successfully made my first secure static site! (Even used new CloudFront functions to rewrite urls) • Experimenting with TempestSDR. Decoding the "leaking" HDMI signal. Got much higher resolution with a HackRF than with a RTL-SDR • New GitHub vulnerability: Bypassing required reviews using GitHub Actions • Coalfire announces HITRUST Accelerator with AWS Security Assurances Services (AWS SAS) - The Grand Junction Daily Sentinel • 10 Ways to Quickly Improve Security for Your AWS Environment - CPO Magazine