Issue #68
Monday · May 02, 2022
π₯ AWS security blogs
- New IDC whitepaper released β Trusted Cloud: Overcoming the Tension Between Data Sovereignty and Accelerated Digital Transformation β A new International Data Corporation (IDC) whitepaper sponsored by AWS, Trusted Cloud: Overcoming the Tension Between Data Sovereignty and Accelerated Digital Transformation, examines the importance of the cloud in building the future of digital EU organizations. IDC predicts that 70% of CEOs of large European organizations will be incentivized to β¦
- How to control access to AWS resources based on AWS account, OU, or organization β AWS Identity and Access Management (IAM) recently launched new condition keys to make it simpler to control access to your resources along your Amazon Web Services (AWS) organizational boundaries. AWS recommends that you set up multiple accounts as your workloads grow, and you can use multiple AWS accounts to isolate β¦
- Extend your pre-commit hooks with AWS CloudFormation Guard β Git hooks are scripts that extend Git functionality when certain events and actions occur during code development. Developer teams often use Git hooks to perform quality checks before they commit their code changes. For example, see the blog post Use Git pre-commit hooks to avoid AWS CloudFormation errors for a β¦
- LGPD workbook for AWS customers managing personally identifiable information in Brazil β Portuguese version AWS is pleased to announce the publication of the Brazil General Data Protection Law Workbook. The General Data Protection Law (LGPD) in Brazil was first published on 14 August 2018, and started its applicability on 18 August 2020. Companies that manage personally identifiable information (PII) in Brazil as β¦
π Reddit threads on r/aws
- AWS's Open Source Problem - by Corey Quinn
- Amazon RDS now supports Internet Protocol Version 6 (IPv6)
- AWS Step Functions expands support for over 20 new AWS SDK integrations
- You have a magic wand, which when waved, let's you change anything about one AWS service. What do you change and why? β Yes, of course you could make the service cheaper, I'm really wondering what people see as big gaps in the AWS services that they use. If I had just one option here, I'd probably go for a deeper integration between Aurora Postgres and IAM. You can use IAM roles to β¦
- Amazon Rekognition introduces Streaming Video Events to provide real-time alerts on live video streams
π Newsletters
π Top Links from Security Folks
- The OPA AWS CloudFormation Hook β Learn more about AWS CloudFormation Hook and how Open Policy Agent may be used for CloudFormation policy enforcement.
- Wiz Research discovers "ExtraReplica"β a cross-account database vulnerability in Azure PostgreSQL β Tenant isolation is a fundamental premise of the cloud. Organizations trust that the cloud services they use, especially high value assets such as databases, are β¦
π r/netsec
π r/cloudsecurity
π "AWS Security" on Google News
π§ IAM permission changes
- cloudformation: 1 updated condition β 1 updated condition: aws:TagKeys (type)
- servicecatalog: 1 updated condition β 1 updated condition: aws:TagKeys (type)
- iotwireless: 6 new actions, 1 new resource | 8 updated actions β 6 new actions: CreateNetworkAnalyzerConfiguration (Grants permission to create a NetworkAnalyzerConfiguration resource), DeleteNetworkAnalyzerConfiguration (Grants permission to delete the NetworkAnalyzerConfiguration), GetEventConfigurationsByResourceTypes (Grants permission to get event configurations by resource types), ListEventConfigurations (Grants permission to list information of available event configurations based on the AWS account), ListNetworkAnalyzerConfigurations (Grants permission to list information of β¦
πͺ API changes
- Amazon CodeGuru Reviewer - 3 updated methods β Amazon CodeGuru Reviewer now supports suppressing recommendations from being generated on specific files and directories.
- AWS Elemental MediaConvert - 11 updated methods β AWS Elemental MediaConvert SDK nows supports creation of Dolby Vision profile 8.1, the ability to generate black frames of video, and introduces audio-only DASH and CMAF support.
- Amazon Relational Database Service - 16 updated methods β Feature - Adds support for Internet Protocol Version 6 (IPv6) on RDS database instances.
- Amazon Simple Systems Manager (SSM) - 3 updated methods β Update the StartChangeRequestExecution, adding TargetMaps to the Runbook parameter
