Issue #59
Monday · February 28, 2022
π₯ AWS security blogs
- Scaling cross-account AWS KMSβencrypted Amazon S3 bucket access using ABAC β This blog post shows you how to share encrypted Amazon Simple Storage Service (Amazon S3) buckets across accounts on a multi-tenant data lake. Our objective is to show scalability over a larger volume of accounts that can access the data lake, in a scenario where there is one central account β¦
- What is cryptographic computing? A conversation with two AWS experts β Joan Feigenbaum Amazon Scholar, AWS Cryptography Bill Horne Principal Product Manager, AWS Cryptography AWS Cryptography tools and services use a wide range of encryption and storage technologies that can help customers protect their data both at rest and in transit. In some instances, customers also require protection of their data β¦
- AWS achieves FedRAMP P-ATO for 15 services in the AWS US East/West and AWS GovCloud (US) Regions β AWS is pleased to announce that 15 additional AWS services have achieved Provisional Authority to Operate (P-ATO) from the Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB). AWS is continually expanding the scope of our compliance programs to help customers use authorized services for sensitive and regulated β¦
- Fine-tune and optimize AWS WAF Bot Control mitigation capability β Introduction A few years ago at Sydney Summit, I had an excellent question from one of our attendees. She asked me to help her design a cost-effective, reliable, and not overcomplicated solution for protection against simple bots for her web-facing resources on Amazon Web Services (AWS). I remember the occasion β¦
π Reddit threads on r/aws
- Will AWS work in Russia after Ukraine war? β Hello. I live in Russia and I have a small mobile game hosted on Amazon Web Services. As I know, US wanna impose sanctions on Russia due to Ukraine conflicts. My app use serverless services (GameLift, Lambda, S3, DynamoDB, API Gateway, Cognito) that hard to bear out from provider. I β¦
- AWS Lambda adds support for .NET 6
- AWS CloudSaga - Simulate security events in AWS
- NEW for the AWS CDK: Triggers allow you to execute code during deployments.
- Granted: a CLI to access the AWS console for multiple accounts and regions at once β Hey r/aws! I find the AWS Console to be useful even though I mostly use APIs or infrastructure-as-code to interact with AWS. Itβs good to have an out of the box tool to explore resources or look at logs and metrics for my services. A frustration that I frequently run β¦
π Newsletters
π Top Links from Security Folks
- GitHub - SummitRoute/imdsv2_wall_of_shame: List of vendors that do not allow IMDSv2 enforcement β List of vendors that do not allow IMDSv2 enforcement - GitHub - SummitRoute/imdsv2_wall_of_shame: List of vendors that do not allow IMDSv2 enforcement
- Themes From Momentum Cyber's 2022 Cybersecurity Almanac β Interesting themes about the business of cybersecurity from the best data in the industry.
π r/netsec
π "AWS Security" on Google News
π§ IAM permission changes
- greengrass: 2 updated conditions, 1 updated action β 2 updated conditions: aws:MultiFactorAuthPresent (type), aws:SecureTransport (type); 1 updated action: StartBulkDeployment (conditions)
- s3: 2 new actions β 2 new actions: GetObjectAttributes (retrieve attributes related to a specific object), GetObjectVersionAttributes (retrieve attributes related to a specific version of an object)
- outposts: 2 new actions β 2 new actions: CreatePrivateConnectivityConfig (create a private connectivity configuration), GetPrivateConnectivityConfig (get a private connectivity configuration)
πͺ API changes
- Auto Scaling - 3 updated methods β You can now hibernate instances in a warm pool to stop instances without deleting their RAM contents. You can now also return instances to the warm pool on scale in, instead of always terminating capacity that you will need later.
- AWS Glue DataBrew - 6 updated methods β This AWS Glue Databrew release adds feature to merge job outputs into a max number of files for S3 File output type.
- Firewall Management Service - 4 updated methods β AWS Firewall Manager now supports the configuration of AWS Network Firewall policies with either centralized or distributed deployment models. This release also adds support for custom endpoint configuration, where you can choose which Availability Zones to create firewall endpoints in.
- Amazon Lightsail - 3 updated methods β This release adds support to delete and create Lightsail default key pairs that you can use with Lightsail instances.
