Lex NevaMay 23
23
Monday May, 2022
📢 MAMIP (Monitor AWS Managed IAM Policies)
Policies changed since last week:
- AWSAuditManagerServiceRolePolicy
- AWSBackupServiceLinkedRolePolicyForBackup
- AWSBackupServiceRolePolicyForBackup
- AWSBackupServiceRolePolicyForRestores
- AWSIoTFullAccess
- AWSLakeFormationCrossAccountManager
- AmazonEC2RolePolicyForLaunchWizard
- AmazonEMRServerlessServiceRolePolicy
- AmazonMacieServiceRolePolicy
SRE Weekly Issue #323
📖 [The CloudSecList] Issue 138
Marco from CloudSecListMay 22
[tl;dr sec] #133 - Hunting Evasive Vulnerabilities, eBPF
Clint at tl;dr secMay 19
GameSparks - 3 updated methods
May 19
This release adds an optional DeploymentResult field in the responses of GetStageDeploymentIntegrationTests and ListStageDeploymentIntegrationTests APIs.
Amazon Lookout for Metrics - 2 updated methods
May 19
In this release we added SnsFormat to SNSConfiguration to support human readable alert.
AWS App Mesh - 8 updated methods
May 18
This release updates the existing Create and Update APIs for meshes and virtual nodes by adding a new IP preference field. This new IP preference field can be used to control the IP versions being used with the mesh and allows for IPv6 support within App Mesh.
AWS IoT Greengrass V2 - 1 new 3 updated methods
May 18
This release adds the new DeleteDeployment API operation that you can use to delete deployment resources. This release also adds support for discontinued AWS-provided components, so AWS can communicate when a component has any issues that you should consider before you deploy it.
Spring 2022 SOC reports now available with 150 services in scope
Emma ZhangMay 20
At Amazon Web Services (AWS), we’re committed to providing our customers with continued assurance over the security, availability and confidentiality of the AWS control environment. We’re proud to deliver the Spring 2022 System and Organizational (SOC) 1, 2 and 3 reports, which cover October 1, 2021 to March 31, 2022, …
AWS Security Profile: Ely Kahn, Principal Product Manager for AWS Security Hub
Maddie BaconMay 18
In the AWS Security Profile series, I interview some of the humans who work in Amazon Web Services Security and help keep our customers safe and secure. This interview is with Ely Kahn, principal product manager for AWS Security Hub. Security Hub is a cloud security posture management service that …
Choosing the right certificate revocation method in ACM Private CA
Arthur MnevMay 16
AWS Certificate Manager Private Certificate Authority (ACM PCA) is a highly available, fully managed private certificate authority (CA) service that allows you to create CA hierarchies and issue X.509 certificates from the CAs you create in ACM PCA. You can then use these certificates for scenarios such as encrypting TLS …
quicksight: 1 new action
May 19
1 new action: UpdatePublicSharingSettings (Grants permission to enable or disable public sharing on an account)
iotevents: 1 new action | 9 updated actions
May 19
1 new action: BatchDeleteDetector (Grants permission to delete a detector instance within the AWS IoT Events system); 9 updated actions: BatchDisableAlarm (resources), BatchAcknowledgeAlarm (resources), BatchSnoozeAlarm (resources), BatchResetAlarm (resources), BatchEnableAlarm (resources), BatchUpdateDetector (resources), ListTagsForResource (resources), TagResource (resources), UntagResource (resources)
Zero Maintenance AWS Canary Tokens That Scale - William Bengtson - Medium
by William Bengtson | @__muscles
Nick Jones This is a really interesting approach to honey tokens, and has the added benefit of looking more realistic in corporate environments that use SSOs to…
Victor Grenu Really nice implementation of Honey pot 🍯 credentials at scale on AWS. It would be interesting to know how many times it was triggered since the im…
Will Bengtson Finally took the time to write about scaling AWS honeytokens for unique attribution in the cloud. Take a look and let me know your thoughts :) Huge t…
Security reference architecture for a serverless application
A walkthrough of security controls in a serverless architecture via a demo application
rowan Running serverless on AWS? You should check this security reference architecture blog anunay-bhatt.medium.com/security-refer… It's got good diagram…
Clint Gibler ☁️ Security reference architecture for a #serverless application Serverless demo app + walkthrough of security controls you can apply * Authenticat…
Aidan W Steele @__steele
I'd love to see Terraform and the AWS CDK emit resource creation / update durations to an @opentelemetry collector, so we can get useful stats like this.
It makes it easy to see at a glance which resources are causing the slow stack creation.
178
10May 22 · 4:43 AM Will Bengtson @__muscles
Finally took the time to write about scaling AWS honeytokens for unique attribution in the cloud. Take a look and let me know your thoughts :) Huge thanks to @travismcpeak and @HelloArbit for collaborating years ago!
medium.com/@williambengts…
8129May 20 · 6:35 PM Clint Gibler @clintgibler
✏️ gitsign
Keyless Git signing using @projectsigstore
Uses keyless Sigstore to sign Git commits with your own GitHub / OIDC identity
github.com/sigstore/gitsi…
7026May 16 · 9:00 PM
Matt Fuller @matthewdfuller
Does anyone else struggle using AWS Cognito? It just feels so… unintuitive - so many checkboxes, confusing terms/concepts jumbled together, have to jump to 3+ pages to get simple tasks done. It’s a shame because it seems really powerful (and cost effective).
750May 21 · 3:06 AM Clint Gibler @clintgibler
🛠️ xpid: like nmap but for pids
Investigate for process details, like:
* Find all container processes on a system
* Find all processes in the same namespace as a given pid
* Find all processes running with eBPF programs
By @krisnova
github.com/kris-nova/xpid
4320May 18 · 9:00 PM
Scott Piper @0xdabbad00
This is a great diagram by @ramimacisabird showing the initial compromise vector in known AWS breaches on the left and what the attacker did with their access. twitter.com/ramimacisabird…
rami @ramimacisabird
In case you missed it, I was just live with @Owasp_DevSlop talking about AWS Customer Security Incidents. You can catch the recording over on their Youtube: youtube.com/watch?v=JBUgAX…. Slides as well: speakerdeck.com/ramimac/learni…
4714May 17 · 6:12 AM Scott Piper @0xdabbad00
The 2009 "Clobbering the Cloud" talk by
@haroonmeer, @marcoslaviero, & Nicholas Arvanitis, is one of the foundational cloud security talks. Still relevant ideas in there today. youtube.com/watch?v=oTymSR…
4411May 17 · 4:15 PM
Kinnaird McQuade ⛅️🧨 @kmcquade3
Y'all, my buddy @spookerlabs is up to some crazy shit in AWS Cloud Security Research. If you're not following him yet, you should. He's gonna drop some 🔥 security research this year
285May 17 · 3:12 AM
fwd:cloudsec @fwdcloudsec
This Sunday evening is your last day to get your talk submissions into the fwd:cloudsec CFP! fwdcloudsec.org/cfp.html
We've made some early acceptances already that we are excited about. 🧵
155May 19 · 4:49 PM
AWS, I love your services and APIs but your API/SDK/CLI docs are killin' me!
I can't be the only one feeling this.
I love AWS APIs. I love the services. But the API/SDK/CLI docs are soooo painful to navigate.
I've written my own doc search helper for CLI/API that helps me get around. I’m going to have to write something else to help with …
Expert Level AWS Learning Materials
I recently started a new job with a company as a Senior DevOps Engineer and want to brush up my AWS knowledge specifically around EKS, RDS, Elasticsearch, SNS, SQS, IAM/access control, and EC2. I have spent the last year or so working on Azure with some experience with AWS before …
5 steps to lose your AWS account
Today I learned how to lose an AWS account. It is really easy:
- Use the same email for AWS & amazon
- Set your phone number as 2nd factor instead MFA
- Do not set secret questions in your amazon account
- Buy nothing at amazon
- Change the location
Have fun.
…
How can I document an AWS project?
I'm intending to do a personal project using AWS tools suchs as S3, EC2, MWAA and etc for my portfolio.
I'm not an AWS expert, but a question striked me: How could I document this project in common portfolio platforms such as GitHub and etc?
What’s your guys certification roadmap?
Currently studying for my AWS SAA. I’m wondering after I complete this, what should I do next? I don’t have any security knowledge currently, so I’m thinking of getting my sec+ first before getting cloud vendor security certifications. Would that make sense?
Let me know what you guys think and …
- 🖊️ This newsletter was forwarded to you? Subscribe here
- 📢 Promote your content with ASD Sponsorship
- 💌 Want to suggest new content: contact me or reply to this email