Issue #77
Monday · July 04, 2022
π₯ AWS security blogs
- AWS achieves the first OSCAL format system security plan submission to FedRAMP β Amazon Web Services (AWS) is the first cloud service provider to produce an Open Security Control Assessment Language (OSCAL)βformatted system security plan (SSP) for the FedRAMP Project Management Office (PMO). OSCAL is the first step in the AWS effort to automate security documentation to simplify our customersβ journey through cloud β¦
- TLS 1.2 to become the minimum TLS protocol level for all AWS API endpoints β At Amazon Web Services (AWS), we continuously innovate to deliver you a cloud computing environment that works to help meet the requirements of the most security-sensitive organizations. To respond to evolving technology and regulatory standards for Transport Layer Security (TLS), we will be updating the TLS configuration for all AWS β¦
π Reddit threads on r/aws
- AWS Perimeter: a new open source tool to check your AWS accounts for public resources, resources shared with untrusted accounts, and insecure network configurations
- Amazon EKS improves control plane scaling and update speed by up to 4x
- The new AWS region in Zaragoza (Spain) is called eu-south-2 β It has just appeared here: https://ip-ranges.amazonaws.com/ip-ranges.json Some IPs for latency tests: 13.248.65.0 13.248.65.128 52.95.138.0 52.95.138.16 52.95.138.18 99.77.55.12 99.77.55.14
- Prescriptive Security Guidance for Startups Building on AWS. If youβre starting out on AWS or just using a personal account to learn, follow this guide to get your security foundations in place quickly and easily.
- AWS Enterprise Support Plan WTF horribad β Okay, so wtf is happening with the AWS support? I've used the service since \~2016 and before we used to be on a much lower support plan (Business); recently the company got acquired by a bigger fish and they moved us to Enterprise support. Just to quickly go through my β¦
π Newsletters
π Top Links from Security Folks
- [tl;dr sec] #139 - 60 RCE in 60 minutes, Free Sigstore Course, Cloud Risk Encyclopedia β A presentation with many real world RCE examples, new free course on using Sigstore for supply chain security, list of 1,200+ cloud security risks.
- Get Started with Sigstore (Free Course!) β Learn how to digitally sign software artifacts to ensure a safer chain of custody that can be traced back to the source.
- General Availability of SLSA 3 Go native builder for GitHub Actions β A couple of months ago, Google and GitHub demonstrated how to generate non-forgeable SLSA 3 provenance for packages/binaries created via GitHub Actions (1, 2). Since β¦
- Cloud Risk Encyclopedia β Cloud Risk Encyclopedia Search 1200+ cloud security risks or filter by cloud vendor, compliance framework, risk category, and criticality. 3 cloud platforms. 47 compliance frameworks. β¦
π r/netsec
π r/cloudsecurity
- SASE/CASB/SSE/ZTNAβ¦wtf alphabet soup? Straighten me out please. β We currently use global protect as our VPN client but is voluntary, as it is only required to access internal servers. And since COVID, employees have been wfh exasperating the visibility problem. To capture and decrypt the traffic of those not on the VPN, what is the solution? Upper mgmt β¦
π "AWS Security" on Google News
π§ IAM permission changes
- wellarchitected: 1 new action β 1 new action: UpdateGlobalSettings (Grants permission to update settings to enable aws-organization support)
- forecast: 6 new actions, 1 new resource | 2 updated actions β 6 new actions: CreateMonitor (Grants permission to create an monitor using a Predictor resource), DeleteMonitor (Grants permission to delete a monitor resource), DescribeMonitor (Grants permission to describe an monitor resource), ListMonitorEvaluations (Grants permission to list all the monitor evaluation result for a monitor), ListMonitors (Grants permission to list all the β¦
- sagemaker-groundtruth-synthetic: 7 new actions β 7 new actions: CreateProject (Grants permission to create a project), DeleteProject (Grants permission to delete a project), GetBatch (Grants permission to get a batch), GetProject (Grants permission to get a project), ListBatchSummaries (Grants permission to list batch summaries), ListProjectSummaries (Grants permission to list project summaries), UpdateBatch (Grants permission to update β¦
πͺ API changes
- Amazon Athena - 1 new 3 updated methods β This feature introduces the API support for Athena's parameterized query and BatchGetPreparedStatement API.
- Amazon Connect Customer Profiles - 5 updated methods β This release adds the optional MinAllowedConfidenceScoreForMerging parameter to the CreateDomain, UpdateDomain, and GetAutoMergingPreview APIs in Customer Profiles. This parameter is used as a threshold to influence the profile auto-merging step of the Identity Resolution process.
- Amazon EMR - 2 updated methods β This release adds support for the ExecutionRoleArn parameter in the AddJobFlowSteps and DescribeStep APIs. Customers can use ExecutionRoleArn to specify the IAM role used for each job they submit using the AddJobFlowSteps API.
- AWS Glue - 1 updated methods β This release adds tag as an input of CreateDatabase
