Issue #53
Monday · January 17, 2022
🥗 AWS security blogs
- Top 10 security best practices for securing backups in AWS — Security is a shared responsibility between AWS and the customer. Customers have asked for ways to secure their backups in AWS. This post will guide you through a curated list of the top ten security best practices to secure your backup data and operations in AWS. While this blog post …
- Configure AWS SSO ABAC for EC2 instances and Systems Manager Session Manager — In this blog post, I show you how to configure AWS Single Sign-On to define attribute-based access control (ABAC) permissions to manage Amazon Elastic Compute Cloud (Amazon EC2) instances and AWS Systems Manager Session Manager for federated users. This combination allows you to control access to specific Amazon EC2 instances based …
- 2021 AWS security-focused workshops — Every year, Amazon Web Services (AWS) looks to help our customers gain more experience and knowledge of our services through hands-on workshops. In 2021, we unfortunately couldn’t connect with you in person as much as we would have liked, so we wanted to create and share new ways to learn …
- New IRAP full assessment report is now available on AWS Artifact for Australian customers — We are excited to announce that a new Information Security Registered Assessors Program (IRAP) report is now available on AWS Artifact, after a successful full assessment completed in December 2021 by an independent ASD (Australian Signals Directorate) certified IRAP assessor. The new IRAP report includes reassessment of the existing 111 …
🍛 Reddit threads on r/aws
- The new Console Home - I didn't think you could do it. — Hello AWS humans, I'd like to congratulate you on the new Console Home - I'm impressed. I honestly like what I see, and didn't think you had it in you to make such thing. Congrats! And keep it coming 🥳
- Does anyone actually use CodeCommit? — I've been doing developer for 11 years now. I've primarily used GitHub, Gerrit, Gitlab, and now CodeCommit. I cannot believe how barebones CodeCommit is. Describing it as batteries not included doesn't even begin to explain the feature gap between it and something like Gitlab. I really feels like AWS is …
- CloudFormation Vulnerability found (and patched)
- How To Build A Minimalistic Zero Cost Lambda-Powered Social Media Dash
- Container Insights for EKS is a hot mess, and I just need to say it out loud — Disclaimer: It's not entirely AWS' fault. Kubernetes is notoriously fickle about versioning between its APIs and addons. Telemetry and infrastructure teams also aren't always the easiest to get on the same page in terms of creating a seamless "product". Plus, stuff that's leveraged by Container Insights mixes a variety of …
📌 Newsletters
📌 Top Links from Security Folks
- Orca Discovers AWS CloudFormation Vulnerability - Orca Security — Orca Security’s vulnerability researcher, Tzah Pahima, discovered a zero day AWS CloudFormation vulnerability, which AWS quickly mitigated within 6 days.
- Orca Security Discovers AWS Glue Vulnerability - Orca Security — Orca’s Research Team discovered a critical vulnerability that could allow an actor to create resources and access data of AWS Glue customers.
📌 r/netsec
📌 r/cloudsecurity
- Data Security Models in Cloud Computing. — hi guys! i’m a student of a west african university & currently in my final year but in order to complete my degree programme in computer science, i would have to write a project (a well written and gratifying one) you’re my family, my tech family. i request that you …
📌 "AWS Security" on Google News
🧁 IAM permission changes
- iotdeviceadvisor: 1 new action | 10 updated actions, 2 updated resources — 1 new action: GetEndpoint (get a device advisor endpoint); 10 updated actions: UpdateSuiteDefinition (resources), StopSuiteRun (resources), ListTagsForResource (resources), GetSuiteRun (resources), GetSuiteRunReport (resources), DeleteSuiteDefinition (resources), UntagResource (resources), ListSuiteRuns (resources), GetSuiteDefinition (resources), TagResource (resources); 2 updated resources: Suiterun (arn), Suitedefinition (arn)
- ssm: 1 new condition | 1 updated action — 1 new condition: ssm:DocumentCategories (filters access by verifying that a user has permission to access a document belonging to a specific category); 1 updated action: GetDocument (conditions)
- eks: 2 new actions — 2 new actions: DeregisterCluster (deregister an external cluster), RegisterCluster (register an external cluster)
🍪 API changes
- Amazon CloudWatch Application Insights - 5 updated methods
- AWS Config - 12 updated methods — Update ResourceType enum with values for CodeDeploy, EC2 and Kinesis resources
- Amazon Honeycode - 8 updated methods — Added read and write api support for multi-select picklist. And added errorcode field to DescribeTableDataImportJob API output, when import job fails.
- Amazon Lookout for Metrics - 1 new 2 updated methods — This release adds a new DeactivateAnomalyDetector API operation.
📺 AWS security bulletins
- Reported AWS CloudFormation Issue — Initial Publication Date: 2022/01/13 13:00 PST Security researchers recently identified and reported an issue in AWS CloudFormation. Specifically, the reported issue was in the AWS CloudFormation service itself, which allowed viewing of some local configuration files on an AWS-internal host or attempted unauthenticated HTTP GET requests from the same host. …
- Reported AWS Glue Issue — Initial Publication Date: 2022/01/13 13:00 PST A security researcher recently reported an issue that allowed them to take actions as the AWS Glue service. Utilizing an AWS Glue feature, researchers obtained credentials specific to the service itself, and an AWS-internal misconfiguration permitted the researchers to use these credentials as the …
