Issue #62
Monday · March 21, 2022
🥗 AWS security blogs
- Ransomware mitigation: Using Amazon WorkDocs to protect end-user data — Amazon Web Services (AWS) has published whitepapers, blog articles, and videos with prescriptive guidance to assist you in developing an enterprise strategy to mitigate risks associated with ransomware and other destructive events. We also announced a strategic partnership with CrowdStrike and Presidio where together we developed a Ransomware Risk Mitigation …
🍛 Reddit threads on r/aws
- The AWS Lambda console now supports the option to share test events between developers
- AWS Security Reference Architecture (AWS SRA) code examples v2.0.0 release
- MFA in AWS is just broken, hope they fix it soon — We, as a small company with a small SaaS product allow our users to setup OTP and as many FIDO-Sticks as a user needs At AWS it is either OTP or Stick, and just one Stick. No spare stick, no different Sticks for different devices (USB-A vs USB-C) and although …
- Two new, free AWS initiatives help build foundational cloud skills
- With GCP, you create a project and enable services in it. When you don't want, you delete the entire project effectively deleting all services inside it. What's the AWS equivalent of it? — Correct me if I am wrong with the assumption of gcp behaviour. Is there AWS way of doing the same? That seems much better way to manage services. One click delete project and all services inside. Currently afaik, I go to tag editor and delete all manually. I use third …
📌 Newsletters
📌 r/netsec
📌 r/cloudsecurity
- AZ-104 and AZ-500 Passed! — The exams were a bit harder than I expected. I studied for about 6 months non stop. Main resources used: - Microsoft Learn (very important to write things down and do the labs, don't just click through ) - Whizlabs videos and labs - Whizlabs practice tests - FreeCodeCamp / …
📌 "AWS Security" on Google News
🧁 IAM permission changes
- cloudfront: 1 removed action
- billingconductor: 30 new actions, 4 new resources, 3 new conditions — 30 new actions: AssociateAccounts (associate between one and 30 accounts to a billing group), AssociatePricingRules (associate pricing rules), BatchAssociateResourcesToCustomLineItem (batch associate resources to a percentage custom line item), BatchDisassociateResourcesFromCustomLineItem (batch disassociate resources from a percentage custom line item), CreateBillingGroup (create a billing group), CreateCustomLineItem (create a custom line item), CreatePricingPlan …
- kafka: 1 new resource | 2 updated actions, 1 updated resource — 1 new resource: configuration; 2 updated actions: DescribeConfiguration (resources), DescribeConfigurationRevision (resources); 1 updated resource: cluster (arn)
🍪 API changes
- AWS Certificate Manager Private Certificate Authority - 4 updated methods — AWS Certificate Manager (ACM) Private Certificate Authority (CA) now supports customizable certificate subject names and extensions.
- AmplifyBackend - 3 updated methods — Adding the ability to customize Cognito verification messages for email and SMS in CreateBackendAuth and UpdateBackendAuth. Adding deprecation documentation for ForgotPassword in CreateBackendAuth and UpdateBackendAuth
- AWSBillingConductor - 30 new methods — This is the initial SDK release for AWS Billing Conductor. The AWS Billing Conductor is a customizable billing service, allowing you to customize your billing data to match your desired business structure.
- Amazon S3 on Outposts - 1 new methods — S3 on Outposts is releasing a new API, ListSharedEndpoints, that lists all endpoints associated with S3 on Outpost, that has been shared by Resource Access Manager (RAM).
📺 AWS security bulletins
- CVE-2022-0778 awareness — Initial Publication Date: 2022/03/17 20:42 PST AWS is aware of an issue present in OpenSSL versions 1.0.2, 1.1.1, and 3.0 in which a certificate containing invalid explicit curve parameters can cause denial of service (DoS) by triggering an infinite logic loop. This issue was eliminated in the releases of OpenSSL …
