AWS Security Digest · Issue #67

🥗 AWS security blogs

Canadian Centre for Cyber Security Assessment Summary report now available in AWS Artifact — French version At Amazon Web Services (AWS), we are committed to providing continued assurance to our customers through assessments, certifications, and attestations that support the adoption of AWS services. We are pleased to announce the availability of the Canadian Centre for Cyber Security (CCCS) assessment summary report for AWS, which …
How to protect HMACs inside AWS KMS — April 20, 2022: In the section “Use the HMAC key to encode a signed JWT,” we fixed an error in the code sample. Today AWS Key Management Service (AWS KMS) is introducing new APIs to generate and verify hash-based message authentication codes (HMACs) using the Federal Information Processing Standard (FIPS) …

Why Cloud Security is important and how to enhance your Cloud Security posture — As companies continues to migrate to the cloud, understanding the security requirements for keeping data safe has become critical.Read this blog to know why Cloud Security is important and how to enhance your Cloud Security posture: https://www.umbrellainfocare.com/blogs/its-time-to-beef-up-your-cloud-security-posture

route53: 2 updated actions — 2 updated actions: AssociateVPCWithHostedZone (resources), DisassociateVPCFromHostedZone (resources)
sagemaker: 2 new conditions | 1 updated action — 2 new conditions: sagemaker:ServerlessMaxConcurrency (Filters access by limiting maximum concurrency used for Serverless inference in the request), sagemaker:ServerlessMemorySize (Filters access by limiting memory size used for Serverless inference in the request); 1 updated action: CreateEndpointConfig (conditions)
lookoutmetrics: 1 new action — 1 new action: DetectMetricSetConfig (Grants permission to detect metric set config from data source)

AWS Glue - 5 new methods — This release adds APIs to create, read, delete, list, and batch read of Glue custom entity types
AWS IoT SiteWise - 3 new methods — This release adds 3 new batch data query APIs : BatchGetAssetPropertyValue, BatchGetAssetPropertyValueHistory and BatchGetAssetPropertyAggregates
Amazon Lookout for Metrics - 1 new methods — Added DetectMetricSetConfig API for detecting configuration required for creating metric set from provided S3 data source.
AWS MediaTailor - 5 new 7 updated methods — This release introduces tiered channels and adds support for live sources. Customers using a STANDARD channel can now create programs using live sources.

Reported Apache Log4j Hotpatch Issues — Initial Publication Date: 2022/04/19 14:30 PST CVE IDs: CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, CVE-2022-0071 On December 12, 2021, Amazon publicly released a hotpatch for running Java VMs which disables the loading of the Java Naming and Directory Interface (JNDI) class. This hotpatch provides an immediate mitigation for critical issues within the open-source …