Issue #56
Monday · February 07, 2022
π₯ AWS security blogs
- How to build a multi-Region AWS Security Hub analytic pipeline and visualize Security Hub data β AWS Security Hub is a service that gives you aggregated visibility into your security and compliance posture across multiple Amazon Web Services (AWS) accounts. By joining Security Hub with Amazon QuickSightβa scalable, serverless, embeddable, machine learning-powered business intelligence (BI) service built for the cloudβyour senior leaders and decision-makers can use β¦
- AWS cloud services adhere to CISPE Data Protection Code of Conduct for added GDPR assurance β French version German version Iβm happy to announce that AWS has declared 52 services under the Cloud Infrastructure Service Providers Europe Data Protection Code of Conduct (CISPE Code). This provides an independent verification and an added level of assurance to our customers that our cloud services can be used in β¦
- How to configure rotation windows for secrets stored in AWS Secrets Manager β AWS Secrets Manager now enables you to specify a rotation window for each secret stored. With this launch, you can continue to follow best practice of regularly rotating your secrets, while using the defined time window of your choice. With Secrets Manager, you can manage, retrieve, and rotate database credentials, β¦
- Security practices in AWS multi-tenant SaaS environments β Securing software-as-a-service (SaaS) applications is a top priority for all application architects and developers. Doing so in an environment shared by multiple tenants can be even more challenging. Identity frameworks and concepts can take time to understand, and forming tenant isolation in these environments requires deep understanding of different tools β¦
π Reddit threads on r/aws
- Amazon Pip Horror Story (front-page on Hacker News)
- AWS Secrets Manager now supports rotation windows
- Why is it recommended to avoid S3 bucket for serving video? β I was going to allow certain users to upload relatively small videos of 50mb or less. I've heard an s3 bucket isn't good for serving videos. Is this mostly because of the costs? Or speed? Or other reasons? For 50mb videos would an s3 bucket serving video still be problematic? β¦
- Is there a way to escalate ignored support ticket? β I have problem with corrupted system table in Aurora. I have searched everywhere and the only solution seems to be "write AWS support ticket and they will fix it". I have developer support which costs me $350/month, so I created support ticket (9520368991) but it is still "unassigned" after 10 β¦
- Is there a good tool to βmapβ out AWS infrastructure in your account? β I would like to be able to pass a starting point to a tool, say an EC2 for example, and then it builds a list of dependencies, like any Security Groups, policies, ALBβs that use it, etc. Either as a diagram or at least as a list or something useful. β¦
π Newsletters
π r/netsec
π r/cloudsecurity
- How to monitor different SaaS solutions? The company I work for uses hundreds if not thousands of SaaS solutions from a variety of Independent Software Vendors who mostly use the usual culprits (AWS, Azure, GCP, Oracle) as their hosting providers. β My question is is there a way/tool I could fetch log events from all these solutions and aggregate in a single account and therefore have a single point of truth as well as some visibility for security?
π "AWS Security" on Google News
π§ IAM permission changes
- fis: 2 new actions β 2 new actions: GetTargetResourceType (get information about the specified resource type), ListTargetResourceTypes (list the resource types)
- comprehend: 4 new actions β 4 new actions: DeleteResourcePolicy (remove policy on resource), DescribeResourcePolicy (read attached policy on resource), ImportModel (import a trained comprehend model), PutResourcePolicy (attach policy to resource)
- medialive: 3 updated actions β 3 updated actions: BatchDelete (resources), BatchStart (resources), BatchStop (resources)
πͺ API changes
- Amazon Athena - 6 updated methods β You can now optionally specify the account ID that you expect to be the owner of your query results output location bucket in Athena. If the account ID of the query results bucket owner does not match the specified account ID, attempts to output to the bucket will fail with β¦
- Amazon Elastic Compute Cloud - 2 new methods β adds support for AMIs in Recycle Bin
- AWSMarketplace Metering - 1 updated methods β Add CustomerAWSAccountId to ResolveCustomer API response and increase UsageAllocation limit to 2500.
- Amazon Recycle Bin - 4 updated methods β Add EC2 Image recycle bin support.
