Lex NevaMar 14
14
Monday March, 2022
Sponsor 📣
Scale AWS IAM security Securing AWS IAM shouldn’t overload experts. 😰
Now you can scale AWS security out to delivery teams with k9 Security’s simple access analysis, (free) Terraform/CDK policy automation, and processes. 🚀
Security built for Cloud teams delivering continuously.
📢 MAMIP (Monitor AWS Managed IAM Policies)
Policies changed since last week:
SRE Weekly Issue #313
📖 [The CloudSecList] Issue 128
Marco from CloudSecListMar 13
AWS Notification Message
GuardDutyAnnouncementsMar 11
[tl;dr sec] #123 - AWS Security Reference Architecture, DevSecOps Playbook
Clint at tl;dr secMar 10
AWS Transfer Family - 1 updated methods
Mar 10
Adding more descriptive error types for managed workflows
Amazon Comprehend - 4 new methods
Mar 9
Amazon Comprehend now supports extracting the sentiment associated with entities such as brands, products and services from text documents.
Amazon Elastic Kubernetes Service - 3 updated methods
Mar 8
Introducing a new enum for NodeGroup error code: Ec2SubnetMissingIpv6Assignment
AWS Elemental MediaConvert - 7 updated methods
Mar 8
AWS Elemental MediaConvert SDK has added support for reading timecode from AVCHD sources and now provides the ability to segment WebVTT at the same interval as the video and audio in HLS packages.
How to set up federated single sign-on to AWS using Google Workspace
Wei ChenMar 10
Organizations who want to federate their external identity provider (IdP) to AWS will typically do it through AWS Single Sign-On (AWS SSO), AWS Identity and Access Management (IAM), or use both. With AWS SSO, you configure federation once and manage access to all of your AWS accounts centrally. With AWS …
Customers can now request the AWS CyberGRX report for their third-party supplier due diligence
Niyaz NoorMar 7
Gaining and maintaining customer trust is an ongoing commitment at Amazon Web Services (AWS). We are continuously expanding our compliance programs to provide customers with more tools and resources to be able to perform effective due diligence on AWS. We are excited to announce the availability of the AWS CyberGRX report …
imagebuilder: 2 new conditions | 2 updated actions
Mar 12
2 new conditions: imagebuilder:Ec2MetadataHttpTokens (filters access by the ec2 instance metadata http token requirement specified in the request), imagebuilder:StatusTopicArn (filters access by the sns topic arn in the request to which terminal state notifications will be published); 2 updated actions: CreateInfrastructureConfiguration (conditions), UpdateInfrastructureConfiguration (conditions)
elasticfilesystem: 4 updated actions
Mar 12
4 updated actions: CreateAccessPoint (conditions), DeleteTags (conditions), TagResource (conditions), UntagResource (conditions)
Clint Gibler @clintgibler
📖 AWS Security Reference Architecture
60 page PDF by AWS Professional services containing a holistic set of guidelines for deploying the full complement of AWS security services in a multi-account environment.
Code repo:
github.com/aws-samples/aw…
d1.awsstatic.com/APG/aws-securi…
Christophe @christophetd
Casually compromising API keys from Azure customers:
- Step 1: Create an Azure automation account
- Step 2: curl localhost on ports 40000+
You now have an API token in the Azure tenant of another customer, with the same permissions as the automation🙈
orca.security/resources/blog…
Christophe @christophetd
Struggling to patch DirtyPipe? Cloud providers are as well.
Azure: "We're on it" github.com/Azure/AKS/issu…
AWS: I verified the latest Amazon Linux 2 AMI is vulnerable, no bulletin alas.aws.amazon.com
GCP: No bulletin yet cloud.google.com/support/bullet…
Aidan W Steele @__steele
Awesome! This is fantastic news aws.amazon.com/about-aws/what…
Aidan W Steele @__steele
When SCP budgets are tight and it's three days til pay day
Clint Gibler @clintgibler
☁️ S3 Game
An interactive game with 15 levels of challenges to teach you about S3 features and common security issues
Similar to @0xdabbad00's flaws.cloud and flaws2.cloud
master.d2av1kz25zeu6f.amplifyapp.com
Ian Mckay @iann0036
Here's a clip from my work-in-progress open-source project, iamfast: youtu.be/AmZN4qib6-s
iamfast generates an AWS IAM policy from your source code. It's available as a CLI tool and a VS Code extension.
I'm initially targeting support for JavaScript, Python, Go and Java. 1/2
Scott Piper @0xdabbad00
I'm happy to report Palo Alto now allows enforcement of IMDSv2 and has been removed from the IMDSv2 Wall of Shame: github.com/SummitRoute/im…
Scott Piper @0xdabbad00
It looks like Palo Alto released support for IMDSv2 last week. Can any Palo Alto users confirm? (Feel free to DM me). docs.paloaltonetworks.com/plugins/vm-ser…
Kinnaird McQuade💥🌩 @kmcquade3
Kinda died when I saw this xkcd comic about clusterfucks of Python environments on a Mac
Matt Fuller @matthewdfuller
There needs to be some kind of top-to-bottom internal review of #Azure services for these near-constant multi tenant #security issues.
Compliance Confusion
Hey, So I recently attended a Cyber related conference and I was bewildered to see how many companies are unaware of SOC 2. I understand that this a new concept especially for start ups with regards to vulnerability in data security. If you have any questions regarding SOC 2 compliance. …
- 🖊️ This newsletter was forwarded to you? Subscribe here
- 📢 Promote your content with Sponsorship
- 💌 Want to suggest new content: contact me or reply to this email
