Issue #61
Monday · March 14, 2022
π₯ AWS security blogs
- How to set up federated single sign-on to AWS using Google Workspace β Organizations who want to federate their external identity provider (IdP) to AWS will typically do it through AWS Single Sign-On (AWS SSO), AWS Identity and Access Management (IAM), or use both. With AWS SSO, you configure federation once and manage access to all of your AWS accounts centrally. With AWS β¦
- Customers can now request the AWS CyberGRX report for their third-party supplier due diligence β Gaining and maintaining customer trust is an ongoing commitment atΒ Amazon Web Services (AWS). We are continuously expanding our compliance programs to provide customers with more tools and resources to be able to perform effective due diligence on AWS. We are excited to announce the availability of the AWS CyberGRX report β¦
π Reddit threads on r/aws
- Why Step Functions is the Best AWS Service You Are Not Using
- Amazon EC2 adds new AMI property to view timestamp of the latest instance launch using the AMI
- SQS appears down in us-east-1 β Seeing SQS download due to DNS issue and it's also impacting SES.
- Protect against subdomain takeover
- AWS GWLB: Deep Packet Manipulation
π Newsletters
π r/netsec
π r/cloudsecurity
- Compliance Confusion β Hey, So I recently attended a Cyber related conference and I was bewildered to see how many companies are unaware of SOC 2. I understand that this a new concept especially for start ups with regards to vulnerability in data security. If you have any questions regarding SOC 2 compliance. β¦
π "AWS Security" on Google News
π§ IAM permission changes
- imagebuilder: 2 new conditions | 2 updated actions β 2 new conditions: imagebuilder:Ec2MetadataHttpTokens (filters access by the ec2 instance metadata http token requirement specified in the request), imagebuilder:StatusTopicArn (filters access by the sns topic arn in the request to which terminal state notifications will be published); 2 updated actions: CreateInfrastructureConfiguration (conditions), UpdateInfrastructureConfiguration (conditions)
- elasticfilesystem: 4 updated actions β 4 updated actions: CreateAccessPoint (conditions), DeleteTags (conditions), TagResource (conditions), UntagResource (conditions)
- rhelkb: 1 new action β 1 new action: GetRhelURL (access the red hat knowledgebase portal)
πͺ API changes
- AWS Transfer Family - 1 updated methods β Adding more descriptive error types for managed workflows
- Amazon Comprehend - 4 new methods β Amazon Comprehend now supports extracting the sentiment associated with entities such as brands, products and services from text documents.
- Amazon Elastic Kubernetes Service - 3 updated methods β Introducing a new enum for NodeGroup error code: Ec2SubnetMissingIpv6Assignment
- AWS Elemental MediaConvert - 7 updated methods β AWS Elemental MediaConvert SDK has added support for reading timecode from AVCHD sources and now provides the ability to segment WebVTT at the same interval as the video and audio in HLS packages.
