AWS Security Digest · Issue #45

Issue #45

Monday · November 15, 2021

🥗 AWS security blogs

Managing temporary elevated access to your AWS environment — In this post you’ll learn about temporary elevated access and how it can mitigate risks relating to human access to your AWS environment. You’ll also be able to download a minimal reference implementation and use it as a starting point to build a temporary elevated access solution tailored for your …
AWS achieves GSMA Security Certification for Europe (Paris) Region — We continue to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that our Europe (Paris) Region is now certified by the GSM Association (GSMA) under its Security Accreditation Scheme Subscription Management (SAS-SM) with scope Data Center Operations and Management (DCOM). This …
Managing permissions with grants in AWS Key Management Service — AWS Key Management Service (AWS KMS) helps customers to use encryption to secure their data. When creating a new encrypted Amazon Web Services (AWS) resource, such as an Amazon Relational Database Service (Amazon RDS) database or an Amazon Simple Storage Service (Amazon S3) bucket, all you have to do is …

100 Free AWS Courses on Amazon.com
AWS EKS Rant — So, anyone else find it absolutely infuriating that AWS EKS seems like it actively wants you to hate yourself? Let's go ahead and create a cloud provider offering of Kubernetes, but make it so that all of the functionality you'd get out of GKE natively you'll need to build via …
New whitepaper: IPv6 on AWS
What does t2 stand for in EC2 sizes? — Was curious and couldn't find the answer online
What would you like from /r/aws for re:Invent — We (the mods) are working on some things but would love any ideas/feedback.

AWS Security Hub adds three new FSBP controls and three new partners — AWS Security Huband, nbsp;has released three new controls for its Foundational Security Best Practice standardand, nbsp;(FSBP) to enhance customers' Cloud Security Posture Management (CSPM). These controls conduct fully-automatic checks against security best practices for Elastic Load Balancing and AWS Systems Manager. If you have Security Hub set to automatically enable …
Manage Access Centrally for JumpCloud Users with AWS Single Sign-On — Customers can now connect their JumpCloud Directory Platform (JumpCloud) to Amazon Web Services Single Sign-On (SSO) once, manage access to AWS centrally in AWS SSO, and enable end users to sign in using JumpCloud to access all their assigned AWS accounts. The integration helps customers simplify AWS access management across …
Manage Access Centrally for CyberArk Users with AWS Single Sign-On — Customers can now connect their CyberArk Workforce Identity (CyberArk) to AWS Single Sign-On (SSO) once, manage access to AWS centrally in AWS SSO, and enable end users to sign in using CyberArk Workforce Identity to access all their assigned AWS accounts. The integration helps customers simplify AWS access management across …

ChaosDB Explained: Azure's Cosmos DB Vulnerability Walkthrough | Wiz Blog — Pull back the curtain and get the step-by-step technical walkthrough of ChaosDB, one of the most sever Azure vulnerabilities of all time

Introducing the latest blog from Kloudle! — https://kloudle.com/blog/a-mysql-bug-that-causes-a-misconfiguration-in-the-waf-service-on-the-aws-cloud A quick read on how a decade old MySQL/MariaDB bug caused by the inability to parse a malformed scientific notation literal could be used to bypass Web Application Firewalls on-prem and more dangerously on the cloud.

sts: 1 new condition | 1 updated action — 1 new condition: sts:AWSServiceName (filters access by the service that is obtaining a bearer token); 1 updated action: GetServiceBearerToken (conditions)
chime: 7 new actions — 7 new actions: DeregisterAppInstanceUserEndpoint (deregister an endpoint for an app instance user), DescribeAppInstanceUserEndpoint (describe an endpoint registered for an app instance user), GetChannelMembershipPreferences (get the preferences for a channel membership), ListAppInstanceUserEndpoints (list the endpoints registered for an app instance user), PutChannelMembershipPreferences (put the preferences for a channel membership), RegisterAppInstanceUserEndpoint (register …
resiliencehub: 39 new actions, 4 new resources, 3 new conditions — 39 new actions: AddDraftAppVersionResourceMappings (add draft application version resource mappings), CreateApp (create application), CreateRecommendationTemplate (create recommendation template), CreateResiliencyPolicy (create resiliency policy), DeleteApp (batch delete application), DeleteAppAssessment (batch delete application assessment), DeleteRecommendationTemplate (batch delete recommendation template), DeleteResiliencyPolicy (batch delete resiliency policy), DescribeApp (describe application), DescribeAppAssessment (describe application assessment), DescribeAppVersionResourcesResolutionStatus (describe application …

Amazon Connect Service - 4 new 1 updated methods — This release adds APIs for creating and managing scheduled tasks. Additionally, adds APIs to describe and update a contact and list associated references.
Amazon DevOps Guru - 5 new 5 updated methods — Add support for cross account APIs.
Amazon Elastic Compute Cloud - 24 updated methods — C6i instances are powered by a third-generation Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz. G5 instances feature up to 8 NVIDIA A10G Tensor Core GPUs and second generation AMD EPYC processors.
AWS Elemental MediaConvert - 11 updated methods — AWS Elemental MediaConvert SDK has added automatic modes for GOP configuration and added the ability to ingest screen recordings generated by Safari on MacOS 12 Monterey.