Issue #60
Monday · March 07, 2022
π₯ AWS security blogs
- SOC reports now available in Spanish β At Amazon Web Services (AWS), we continue to listen to our customers, regulators, and stakeholders to understand their needs regarding audit, assurance, certification, and attestation programs. We are pleased to announce that Fall 2021 AWS SOC 1, SOC 2 and SOC 3 reports are now available in Spanish. These translated β¦
- Streamlining evidence collection with AWS Audit Manager β In this post, we will show you how to deploy a solution into your Amazon Web Services (AWS) account that enables you to simply attach manual evidence to controls using AWS Audit Manager. Making evidence-collection as seamless as possible minimizes audit fatigue and helps you maintain a strong compliance posture. β¦
π Reddit threads on r/aws
- RDS multi-az will now allow you to use the standby instance as a read replica (on newer versions)
- What Exactly are VPC Endpoints and Why They Need Real Inter-Region Support
- GitHub Project: Botocove Run a function against a selection of AWS accounts, Organizational Units (OUs), regions, or all AWS accounts in an organization, concurrently with thread safety.
- I wrote a Glue tutorial for beginners, hope it helps someone :)
- Why should I NOT store customers API keys in DynamoDB? β I understand I should be using Parameter Store or Secrets Manager to store my customers third-party API keys, but I haven't yet seen a good explanation why this is. My DynamoDB tables are only able to be accessed by my Lambda API, and it uses Cognito JWT authentication to ensure β¦
π Newsletters
π r/netsec
π r/cloudsecurity
- Newbie question: how to protect yourself about loosing the control of your cloud account β I'm a total newbie in security and I'm wondering how can you protect yourself about loosing the control of your main cloud account. I mean, an attacker is able to get your account credentials and remove your access to your account. Is it that even possible under normal circumstances? How β¦
π "AWS Security" on Google News
π§ IAM permission changes
- redshift: 2 new actions β 2 new actions: DescribeReservedNodeExchangeStatus (describe exchange status details and associated metadata for a reserved-node exchange. statuses include such values as in progress and requested), GetReservedNodeExchangeConfigurationOptions (get the configuration options for the reserved-node exchange)
- elasticmapreduce: 4 new actions β 4 new actions: DeleteWorkspaceAccess (block an identity from opening a collaborative workspace), ListWorkspaceAccessIdentities (list identities that are granted access to a workspace), PutWorkspaceAccess (allow an identity to open a collaborative workspace), UpdateEditor (update an emr notebook)
- connect: 1 new action β 1 new action: UpdateContactFlowModuleContent (update contact flow module content in an amazon connect instance)
πͺ API changes
- Amazon Connect Service - 5 updated methods β This release updates the *InstanceStorageConfig APIs so they support a new ResourceType: REAL_TIME_CONTACT_ANALYSIS_SEGMENTS. Use this resource type to enable streaming for real-time contact analysis and to associate the Kinesis stream where real-time contact analysis segments will be published.
- Amazon DevOps Guru - 2 new 4 updated methods β Amazon DevOps Guru now integrates with Amazon CodeGuru Profiler. You can view CodeGuru Profiler recommendations for your AWS Lambda function in DevOps Guru. This feature is enabled by default for new customers as of 3/4/2022. Existing customers can enable this feature with UpdateEventSourcesConfig.
- Amazon Appflow - 3 updated methods β Launching Amazon AppFlow Marketo as a destination connector SDK.
- AWSKendraFrontendService - 1 updated methods β Amazon Kendra now suggests spell corrections for a query. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/query-spell-check.html
