Issue #73
Monday · June 06, 2022
🥗 AWS security blogs
- IAM policy types: How and when to use them — You manage access in AWS by creating policies and attaching them to AWS Identity and Access Management (IAM) principals (roles, users, or groups of users) or AWS resources. AWS evaluates these policies when an IAM principal makes a request, such as uploading an object to an Amazon Simple Storage Service …
- Correlate IAM Access Analyzer findings with Amazon Macie — In this blog post, you’ll learn how to detect when unintended access has been granted to sensitive data in Amazon Simple Storage Service (Amazon S3) buckets in your Amazon Web Services (AWS) accounts. It’s critical for your enterprise to understand where sensitive data is stored in your organization and how …
- AWS CSA Consensus Assessment Initiative Questionnaire version 4 now available — Amazon Web Services (AWS) has published an updated version of the AWS Cloud Security Alliance (CSA) Consensus Assessment Initiative Questionnaire (CAIQ). The questionnaire has been completed using the current CSA CAIQ standard, v4.0.2 (06.07.2021 update), and is now available for download. The CSA is a not-for-profit organization dedicated to “defining …
- AWS Security Profile: CJ Moses, CISO of AWS — In the AWS Security Profile series, I interview the people who work in Amazon Web Services (AWS) Security and help keep our customers safe and secure. This interview is with CJ Moses—previously the AWS Deputy Chief Information Security Officer (CISO), he began his role as CISO of AWS in February …
🍛 Reddit threads on r/aws
- Version 1 of the AWS Cloud Development Kit (AWS CDK) is now in maintenance mode
- Using The "X-Amzn-Trace-Id" Header For Request Tracing Through Amazon's Load Balancers
- adhoc remote execution in aws lambda
- Amazon EMR Serverless is now generally available
- Something confuses me: When leveraging EKS or k8s in general, when do you run your databases inside of K8s and when you do use a managed database service like Aurora or DynamoDB? — This has plagued me forever as I've learned more about containerization, serverless, K8s, etc in AWS. What are your criteria for running a persistent volume in K8s for your database vs using serverless or managed offerings? Do you simply always go with k8s? Or are there architectures or situations where …
📌 Newsletters
📌 Top Links from Security Folks
- Breaking Into Cloud Security - Nick Jones — Cloud security is an area of the industry with some of the biggest skill shortages. Combine that with the cloud industry growing at 30-40% a …
- GitHub - StyraInc/rego-style-guide: Style guide for Rego — Style guide for Rego. Contribute to StyraInc/rego-style-guide development by creating an account on GitHub.
- AWS Startup Security Baseline (AWS SSB) — This guide provides a comprehensive set of controls for startups that want to establish a strong security foundation in the AWS Cloud.
📌 r/netsec
📌 r/cloudsecurity
- Cloud Security Community — I made a community focused on cloud security mostly on Twitter to stay updated. Feel free to join and share your knowledge in the community. Thank you ! Link = https://twitter.com/i/communities/1503652337260249089
📌 "AWS Security" on Google News
🧁 IAM permission changes
- ec2: 1 new action | 31 updated actions, 1 updated resource — 1 new action: GetInstanceUefiData (Grants permission to retrieve the binary representation of the UEFI variable store); 31 updated actions: AssociateAddress (conditions), AssociateIamInstanceProfile (conditions), AttachNetworkInterface (conditions), AttachVolume (conditions), CreateImage (conditions), CreateInstanceExportTask (conditions), CreateReplaceRootVolumeTask (conditions), CreateTags (conditions), CreateTrafficMirrorTarget (conditions, resources), DescribeInstanceAttribute (conditions), DetachNetworkInterface (conditions), DetachVolume (conditions), DisassociateIamInstanceProfile (conditions), GetConsoleOutput (conditions), GetConsoleScreenshot (conditions), …
- connect: 6 new actions, 1 new resource — 6 new actions: CreateTaskTemplate (Grants permission to create a task template in an Amazon Connect instance), DeleteTaskTemplate (Grants permission to delete a task template in an Amazon Connect instance), GetTaskTemplate (Grants permission to get details about specified task template in an Amazon Connect instance), ListTaskTemplates (Grants permission to list task …
- backup-gateway: 2 new actions — 2 new actions: GetGateway (Grants permission to GetGateway), UpdateGatewaySoftwareNow (Grants permission to UpdateGatewaySoftwareNow)
🍪 API changes
- AWS Backup Gateway - 2 new 1 updated methods — Adds GetGateway and UpdateGatewaySoftwareNow API and adds hypervisor name to UpdateHypervisor API
- Amazon Chime SDK Meetings - 2 new 5 updated methods — Adds support for centrally controlling each participant's ability to send and receive audio, video and screen share within a WebRTC session. Attendee capabilities can be specified when the attendee is created and updated during the session with the new BatchUpdateAttendeeCapabilitiesExcept API.
- Amazon Forecast Service - 10 updated methods — Added Format field to Import and Export APIs in Amazon Forecast. Added TimeSeriesSelector to Create Forecast API.
- Amazon Route 53 - 6 new 2 updated methods — Add new APIs to support Route 53 IP Based Routing
