AWS Security Digest · Issue #65

🥗 AWS security blogs

AWS Security Profile: Philip Winstanley, Security Engineering — In the AWS Security Profile series, I interview some of the humans who work in Amazon Web Services (AWS) Security and help keep our customers safe and secure. This interview is with Philip Winstanley, a security engineer and AWS Guardian. The Guardians program identifies and develops security experts within engineering …

Announcing AWS Lambda Function URLs: Built-in HTTPS Endpoints for Single-Function Microservices
AWS Announces Data Transfer Price Reduction for AWS PrivateLink, AWS Transit Gateway, and AWS Client VPN services
Mysterious ABC bucket, a fishnet for the careless? — I created an S3 bucket then went to upload some test/junk python scripts like... $ aws s3 cp --recursive src s3://${BUCKET}/abc/code/ It worked! Then I realized that the ${BUCKET} env var wasn't set, huh? It turns out I uploaded to this mysterious s3://abc/ bucket. Writing and listing the the contents …
Amazon EKS now supports Kubernetes 1.22
Trying to figure out a strange S3 cost jump from Feb 1st — We experienced a significant uptick in charged from something done on January 31st that I am currently unable to explain. TimedStorage-ByteHrs (GB-Month) jumped up between 1/31/22 into 2/1/22 across multiple accounts, every bucket, and every storage class that I have no idea how to explain. The screenshot below is a …

Code examples for IAM using AWS SDKs — Added code examples that show how to use IAM with an AWS software development kit (SDK). The examples are divided into code excerpts that show you how to call individual service functions and examples that show you how to accomplish a specific task by calling multiple functions within the same …

Vulnerability research — If a dev has found a vulnerability on his system. How should a cloud security engineer help research this vulnerability and help implement a fix if there is one.

batch: 1 updated condition — 1 updated condition: aws:TagKeys (type)
ec2: 1 new action | 4 updated actions, 1 updated condition — 1 new action: ModifyInstanceMaintenanceOptions (Grants permission to modify the recovery behaviour for an instance); 4 updated actions: AuthorizeSecurityGroupEgress (conditions, resources), AuthorizeSecurityGroupIngress (conditions, resources), StartNetworkInsightsAccessScopeAnalysis (conditions, resources), StartNetworkInsightsAnalysis (conditions); 1 updated condition: aws:TagKeys (type)
fms: 4 new actions — 4 new actions: AssociateThirdPartyFirewall (Grants permission to set the Firewall Manager administrator as a tenant administrator of a third-party firewall service), DisassociateThirdPartyFirewall (Grants permission to disassociate a Firewall Manager administrator from a third-party firewall tenant), GetThirdPartyFirewallAssociationStatus (Grants permission to retrieve the onboarding status of a Firewall Manager administrator account to …

AWS Elemental MediaConvert - 11 updated methods — AWS Elemental MediaConvert SDK has added support for the pass-through of WebVTT styling to WebVTT outputs, pass-through of KLV metadata to supported formats, and improved filter support for processing 444/RGB content.
AWS Elemental MediaPackage VOD - 3 updated methods — This release adds ScteMarkersSource as an available field for Dash Packaging Configurations. When set to MANIFEST, MediaPackage will source the SCTE-35 markers from the manifest. When set to SEGMENTS, MediaPackage will source the SCTE-35 markers from the segments.
AWS WAFV2 - 2 updated methods — Add a new CurrentDefaultVersion field to ListAvailableManagedRuleGroupVersions API response; add a new VersioningSupported boolean to each ManagedRuleGroup returned from ListAvailableManagedRuleGroups API response.
Amazon DocumentDB with MongoDB compatibility - 2 updated methods — Added support to enable/disable performance insights when creating or modifying db instances