Issue #58
Monday · February 21, 2022
π₯ AWS security blogs
- Introducing s2n-quic, a new open-source QUIC protocol implementation in Rust β At Amazon Web Services (AWS), security, high performance, and strong encryption for everyone are top priorities for all our services. With these priorities in mind, less than a year after QUIC ratification in the Internet Engineering Task Force (IETF), we are introducing support for the QUIC protocol which can boost β¦
- Control access to Amazon Elastic Container Service resources by using ABAC policies β As an AWS customer, if you use multiple Amazon Elastic Container Service (Amazon ECS) services/tasks to achieve better isolation, you often have the challenge of how to manage access to these containers. In such cases, using tags can enable you to categorize these services in different ways, such as by β¦
- AWS User Guide to Financial Services Regulations and Guidelines in Switzerland and FINMA workbooks publications β AWS is pleased to announce the publication of the AWS User Guide to Financial Services Regulations and Guidelines in Switzerland whitepaper and workbooks. This guide refers to certain rules applicable to financial institutions in Switzerland, including banks, insurance companies, stock exchanges, securities dealers, portfolio managers, trustees and other financial entities β¦
- Top 2021 AWS Security service launches security professionals should review β Part 1 β Given the speed of Amazon Web Services (AWS) innovation, it can sometimes be challenging to keep up with AWS Security service and feature launches. To help you stay current, hereβs an overview of some of the most important 2021 AWS Security launches that security professionals should be aware of. This β¦
π Reddit threads on r/aws
- Announcing the general availability of AWS Backup for Amazon S3
- Announcing sub-millisecond read latencies for Amazon Elastic File System
- I created a very simple Python CLI tool to find unused IPv4 CIDR blocks in AWS VPCs. There's probably already something in the wild that fills this need but it was a fun to create nonetheless.
- AWS S3: Why sometimes you should press the $100k button
- Amazon VPC now supports an AWS-managed prefix list for Amazon CloudFront
π Newsletters
π r/netsec
π r/cloudsecurity
- Tips for learning cloud security posture management? β Not sure if proper place to post so feel free to point me in the right direction. I work in risk management but managed to land a contract gig in cyber and cloud security. Any recommendations/tips/resources for learning CSPM tools like Sonrai (or similar ones)? Or suggestions on learning more β¦
π "AWS Security" on Google News
π§ IAM permission changes
- proton: 1 new action β 1 new action: NotifyResourceDeploymentStatusChange (notify proton of resource deployment status changes)
- redshift: 11 new actions | 3 updated actions β 11 new actions: AddPartner (add a partner integration to a cluster), AuthorizeEndpointAccess (authorize endpoint related activities for redshift-managed vpc endpoint), CreateEndpointAccess (create a redshift-managed vpc endpoint), DeleteEndpointAccess (delete a redshift-managed vpc endpoint), DeletePartner (delete a partner integration from a cluster), DescribeEndpointAccess (describe redshift-managed vpc endpoints), DescribeEndpointAuthorization (authorize describe activity for β¦
- honeycode: 4 new actions β 4 new actions: DeleteDomains (delete amazon honeycode domains for your aws account), ListTagsForResource (list all tags for a resource), TagResource (tag a resource), UntagResource (untag a resource)
πͺ API changes
- AWS Budgets - 1 new methods β This change introduces DescribeBudgetNotificationsForAccount API which returns budget notifications for the specified account
- AWS Transfer Family - 3 updated methods β Properties for Transfer Family used with SFTP, FTP, and FTPS protocols. Display Banners are bodies of text that can be displayed before and/or after a user authenticates onto a server using one of the previously mentioned protocols.
- AWS Backup - 2 updated methods β AWS Backup add new S3_BACKUP_OBJECT_FAILED and S3_RESTORE_OBJECT_FAILED event types in BackupVaultNotifications events list.
- Amazon CloudWatch Evidently - 2 updated methods β Add support for filtering list of experiments and launches by status
