Issue #44
Monday · November 08, 2021
π₯ AWS security blogs
- Implement OAuth 2.0 device grant flow by using Amazon Cognito and AWS Lambda β In this blog post, youβll learn how to implement the OAuth 2.0 device authorization grant flow for Amazon Cognito by using AWS Lambda and Amazon DynamoDB. When you implement the OAuth 2.0 authorization framework (RFC 6749) for internet-connected devices with limited input capabilities or that lack a user-friendly browserβsuch as β¦
- The Five Ws episode 2: Data Classification whitepaper β AWS whitepapers are a great way to expand your knowledge of the cloud. Authored by Amazon Web Services (AWS) and the AWS community, they provide in-depth content that often addresses specific customer situations. Weβre featuring some of our whitepapers in a new video series, The Five Ws. These short videos β¦
π Reddit threads on r/aws
- Amazon CloudFront now supports configurable CORS, security, and custom HTTP response headers
- Goodbye Microsoft SQL Server, Hello Babelfish
- GitHub - pistazie/cdk-dia: Automated diagrams of CDK provisioned infrastructure
- Where to start with a mess? β I recently started at an org that exploded in growth over a short time, and was presented with an unusual (and unexpected) ... "challenge." There is only one AWS account in the organization, and it is the management account. Everything, dev, staging, prod, is deployed in this account. 300+ IAM β¦
- $17,000 bill after support prematurely closed case β Hey everyone, I've been dealing with this situation for 2 weeks now and would appreciate any advice on how to handle this. On Oct 21, my account was hacked and AWS Support granted the intruder access to remove service limits on the account, even though this person was from Japan β¦
π Newsletters
π AWS Security by CloudNews
- AWS Security Hub adds support for AWS PrivateLink for private access to Security Hub APIs β AWS Security Huband, nbsp;now supports Amazon Virtual Private Cloud (VPC) endpoints via AWS PrivateLinkand, nbsp;so that you can securely initiate API calls to Security Hub from within your VPC without requiring those calls to traverse across the Internet. AWS PrivateLink support for Security Hub is now available in all AWS β¦
- AWS Secrets Manager increases secrets limit to 500K per account β AWS Secrets Manager now supports a limit of up to 500,000 secrets per account per region, up from 40,000 secrets in the past. This simplifies secrets management for software as a service (SaaS) or platform as a service (PaaS) applications that rely on unique secrets for large numbers of end β¦
π Top Links from Security Folks
- permissions.cloud β Permissions Reference for AWS IAM
π r/netsec
π "AWS Security" on Google News
π§ IAM permission changes
- securityhub: 5 new actions, 1 new resource β 5 new actions: CreateFindingAggregator (create a finding aggregator, which contains the cross-region finding aggregation configuration), DeleteFindingAggregator (delete a finding aggregator, which disables finding aggregation across regions), GetFindingAggregator (retrieve details for a finding aggregator, which configures finding aggregation across regions), ListFindingAggregators (retrieve a list of finding aggregators, which contain the cross-region β¦
- servicequotas: 1 updated condition β 1 updated condition: servicequotas:service (type)
- iotwireless: 26 new actions, 2 new resources β 26 new actions: AssociateMulticastGroupWithFuotaTask (associate the multicastgroup with fuotatask), AssociateWirelessDeviceWithFuotaTask (associate the wireless device with fuotatask), AssociateWirelessDeviceWithMulticastGroup (associate the wirelessdevice with multicastgroup), CancelMulticastGroupSession (cancel the multicastgroup session), CreateFuotaTask (create a fuotatask resource), CreateMulticastGroup (create a multicastgroup resource), DeleteFuotaTask (delete the fuotatask), DeleteMulticastGroup (delete the multicastgroup), DisassociateMulticastGroupFromFuotaTask (disassociate the multicastgroup from β¦
πͺ API changes
- Amazon Chime SDK Meetings - 11 new methods β The Amazon Chime SDK Meetings APIs allow software developers to create meetings and attendees for interactive audio, video, screen and content sharing in custom meeting applications which use the Amazon Chime SDK.
- Amazon Connect Service - 5 new methods β This release adds CRUD operation support for Security profile resource in Amazon Connect
- Amazon Elastic Compute Cloud - 4 updated methods β This release adds a new instance replacement strategy for EC2 Fleet, Spot Fleet. Now you can select an action to perform when your instance gets a rebalance notification. EC2 Fleet, Spot Fleet can launch a replacement then terminate the instance that received notification after a termination delay
- AWS IoT Wireless - 26 new 3 updated methods β Adding APIs for the FUOTA (firmware update over the air) and multicast for LoRaWAN devices and APIs to support event notification opt-in feature for Sidewalk related events. A few existing APIs need to be modified for this new feature.
