Issue #74
Monday · June 13, 2022
🥗 AWS security blogs
- Introducing a new AWS whitepaper: Does data localization cause more problems than it solves? — Amazon Web Services (AWS) recently released a new whitepaper, Does data localization cause more problems than it solves?, as part of the AWS Innovating Securely briefing series. The whitepaper draws on research from Emily Wu’s paper Sovereignty and Data Localization, published by Harvard University’s Belfer Center, and describes how countries …
- Use Amazon Cognito to add claims to an identity token for fine-grained authorization — With Amazon Cognito, you can quickly add user sign-up, sign-in, and access control to your web and mobile applications. After a user signs in successfully, Cognito generates an identity token for user authorization. The service provides a pre token generation trigger, which you can use to customize identity token claims …
- AWS HITRUST Shared Responsibility Matrix version 1.2 now available — The latest version of the AWS HITRUST Shared Responsibility Matrix is now available to download. Version 1.2 is based on HITRUST MyCSF version 9.4[r2] and was released by HITRUST on April 20, 2022. AWS worked with HITRUST to update the Shared Responsibility Matrix and to add new controls based on …
- AWS achieves ISO 22301:2019 certification — We’re excited to announce that Amazon Web Services (AWS) has successfully achieved ISO 22301:2019 certification without audit findings. ISO 22301:2019 is a rigorous third-party independent assessment of the international standard for Business Continuity Management (BCM). Published by the International Organization for Standardization (ISO), ISO 22301:2019 is designed to help organizations …
🍛 Reddit threads on r/aws
- My approach to building ad hoc developer environments using AWS ECS, Terraform and GitHub Actions (article link and diagram description in comments)
- The AWS Health Dashboard can't be trusted
- us-east-1 - outage — Seeing console down, KMS, DynamoDB issues...
- How can I automate my AWS EC2 Minecraft server so that it is only running when people are online? — I want the server to be offline when no one is one and online when someone try’s to connect.
- Announcing AWS Cost Allocation Tag API
📌 Newsletters
📌 AWS IAM Release Notes
- U2F deprecation and WebAuthn/FIDO update — Removed mentions of U2F as an MFA option and added information about WebAuthn, FIDO2, and FIDO security keys.
📌 Top Links from Security Folks
- GitHub - hexops/dockerfile: Dockerfile best-practices for writing production-worthy Docker images. — Dockerfile best-practices for writing production-worthy Docker images. - GitHub - hexops/dockerfile: Dockerfile best-practices for writing production-worthy Docker images.
- IAM policy types: How and when to use them | Amazon Web Services — You manage access in AWS by creating policies and attaching them to AWS Identity and Access Management (IAM) principals (roles, users, or groups of users) …
- A Deep Dive into Temporal's Access Control Strategy in AWS | Temporal Documentation — This blog post gives some insight into Temporal’s strategy for securing our cloud environment. It also calls attention to an unexpected facet of AWS access …
- Update detected · z0ph/MAMIP@cd761d6 — [MAMIP] Monitor AWS Managed IAM Policies Changes . Contribute to z0ph/MAMIP development by creating an account on GitHub.
📌 r/netsec
📌 r/cloudsecurity
📌 "AWS Security" on Google News
🧁 IAM permission changes
- connect-campaigns: 4 new actions | 1 updated condition, 1 updated action — 4 new actions: DeleteConnectInstanceConfig (Grants permission to remove configuration information for an Amazon Connect instance), DeleteInstanceOnboardingJob (Grants permission to remove onboarding job for an Amazon Connect instance), GetConnectInstanceConfig (Grants permission to get configuration information for an Amazon Connect instance), StartInstanceOnboardingJob (Grants permission to start onboarding job for an Amazon Connect …
- m2: 32 new actions, 2 new resources, 3 new conditions — 32 new actions: CancelBatchJobExecution (Grants permission to cancel the execution of a batch job), CreateApplication (Grants permission to create an application), CreateDataSetImportTask (Grants permission to create a data set import task), CreateDeployment (Grants permission to create a deployment), CreateEnvironment (Grants permission to Create an environment), DeleteApplication (Grants permission to delete …
- appsync: 1 updated condition — 1 updated condition: aws:TagKeys (type)
🍪 API changes
- AWS Database Migration Service - 9 new methods — This release adds DMS Fleet Advisor APIs and exposes functionality for DMS Fleet Advisor. It adds functionality to create and modify fleet advisor instances, and to collect and analyze information about the local data infrastructure.
- AWSMainframeModernization - 32 new methods — AWS Mainframe Modernization service is a managed mainframe service and set of tools for planning, migrating, modernizing, and running mainframe workloads on AWS
- Amazon Neptune - 6 new 3 updated methods — This release adds support for Neptune to be configured as a global database, with a primary DB cluster in one region, and up to five secondary DB clusters in other regions.
- Amazon Redshift - 1 new methods — Adds new API GetClusterCredentialsWithIAM to return temporary credentials.
