Issue #55
Monday · January 31, 2022
π₯ AWS security blogs
- How to deploy AWS Network Firewall to help protect your network from malware β Protecting your network and computers from security events requires multi-level strategies, and you can use network level traffic filtration as one level of defense. Users need access to the internet for business reasons, but they can inadvertently download malware, which can impact network and data security. This post describes how β¦
- How to automate AWS account creation with SSO user assignment β Background AWS Control Tower offers a straightforward way to set up and govern an Amazon Web Services (AWS) multi-account environment, following prescriptive best practices. AWS Control Tower orchestrates the capabilities of several other AWS services, including AWS Organizations, AWS Service Catalog, and AWS Single Sign-On (AWS SSO), to build a β¦
- How to use tokenization to improve data security and reduce audit scope β Tokenization of sensitive data elements is a hot topic, but you may not know what to tokenize, or even how to determine if tokenization is right for your organizationβs business needs. Industries subject to financial, data security, regulatory, or privacy compliance standards are increasingly looking for tokenization solutions to minimize β¦
- Analyze AWS WAF logs using Amazon OpenSearch Service anomaly detection built on Random Cut Forests β This blog post shows you how to use the machine learning capabilities of Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) to detect and visualize anomalies in AWS WAF logs. AWS WAF logs are streamed to Amazon OpenSearch Service using Amazon Kinesis Data Firehose. Kinesis Data Firehose invokes an AWS β¦
π Reddit threads on r/aws
- How I Discovered Thousands of Open Databases on AWS
- Sharing the AWS Reddit love β This has nothing to do with any question. Iβm simply sharing the love for this forum. It is excellent and I have found it very valuable since I became aware of it. That is all. Thank you everyone π€©π
- One UI change in the AWS Console decimated our revenue β This is going to be a tale about how a simple UI change can negatively impact a business that relies upon another one. Background Our company is called 0x4447, and build products for the AWS Marketplace . We are not a big company with infinite resources, we are a boutique β¦
- Amazon GuardDuty now protects Amazon Elastic Kubernetes Service clusters
- Announcing Amazon Elastic File System Replication
π Newsletters
π r/netsec
π r/cloudsecurity
- Searching CloudTrail Logs with Ease β Wrote this short bit on fetching and analyzing AWS CloudTrail logs using JQ and Gigasheet. Hope y'all like it! https://www.gigasheet.co/post/how-to-search-aws-cloudtrail-logs
π "AWS Security" on Google News
π§ IAM permission changes
- kafka: 3 new actions | 1 updated action β 3 new actions: CreateClusterV2 (create an msk cluster), DescribeClusterV2 (describe an msk cluster), ListClustersV2 (list all msk clusters in this account); 1 updated action: DeleteCluster (dependents)
- es: 1 new action β 1 new action: DescribeDomainChangeProgress (view detail stage progress of an opensearch service domain)
- frauddetector: 2 new actions | 6 updated actions β 2 new actions: GetEventPredictionMetadata (get more details of a particular prediction), ListEventPredictions (get a list of past predictions); 6 updated actions: BatchGetVariable (resources), CreateDetectorVersion (resources), ListTagsForResource (resources), TagResource (resources), UntagResource (resources), UpdateDetectorVersion (resources)
πͺ API changes
- Amazon Connect Service - 1 updated methods β This release adds support for configuring a custom chat duration when starting a new chat session via the StartChatContact API. The default value for chat duration is 25 hours, minimum configurable value is 1 hour (60 minutes) and maximum configurable value is 7 days (10,080 minutes).
- Amazon Elastic Compute Cloud - 24 updated methods β X2ezn instances are powered by Intel Cascade Lake CPUs that deliver turbo all core frequency of up to 4.5 GHz and up to 100 Gbps of networking bandwidth
- Managed Streaming for Kafka - 9 updated methods β Amazon MSK has updated the CreateCluster and UpdateBrokerStorage API that allows you to specify volume throughput during cluster creation and broker volume updates.
- Amazon OpenSearch Service - 1 new 7 updated methods β Allows customers to get progress updates for blue/green deployments
