Issue #78
Monday · July 11, 2022
π₯ AWS security blogs
- OSPAR 2022 report now available with 142 services in scope β Weβre excited to announce the completion of our annual Outsourced Service Providerβs Audit Report (OSPAR) audit cycle on July 1, 2022. The 2022 OSPAR certification cycle includes the addition of 15 new services in scope, bringing the total number of services in scope to 142 in the AWS Asia Pacific β¦
- Extend AWS IAM roles to workloads outside of AWS with IAM Roles Anywhere β AWS Identity and Access Management (IAM) has now made it easier for you to use IAM roles for your workloads that are running outside of AWS, with the release of IAM Roles Anywhere. This feature extends the capabilities of IAM roles to workloads outside of AWS. You can use IAM β¦
- Top 2021 AWS service launches security professionals should review β Part 2 β In Part 1 of this two-part series, we shared an overview of some of the most important 2021 Amazon Web Services (AWS) Security service and feature launches. In this follow-up, weβll dive deep into additional launches that are important for security professionals to be aware of and understand across all β¦
- 2022 H1 IRAP report is now available on AWS Artifact β Weβre excited to announce that a new Information Security Registered Assessors Program (IRAP) report is now available on AWS Artifact. Amazon Web Services (AWS) successfully completed an IRAP assessment in May 2022 by an independent ASD (Australian Signals Directorate) certified IRAP assessor. The new IRAP report includes an additional nine β¦
π Reddit threads on r/aws
- My depiction of ALB SSL offloading.
- AWS Identity and Access Management introduces IAM Roles Anywhere for workloads outside of AWS
- Time to Upgrade to TLS 1.2 β 95% of all AWS customers are already using TLS 1.2 to connect to AWS API endpoints. If you are still on TLS 1.0 or 1.1, it is time to upgrade your clients. You can read this new blog post to learn more and to plan your upgrade.
- AWS running out of IPs? β I submitted a quota request to ask for 10 Elastic IPs in my account rather than the default 5. Seems like AWS is a bit strapped on IP addresses. Anyone else see this kind of response? Edit: Not looking for a fix/solution, just seeing if other people have seen this β¦
- Amazon GuardDuty introduces new machine learning capabilities to more accurately detect potentially malicious access to data stored in S3 buckets
π Newsletters
π Top Links from Security Folks
- fwd:cloudsec β Schedule, talks and talk submissions for fwd:cloudsec
- Learnings from 5 years of tech startup code audits - Ken Kantzer's Blog β While I was leading PKCβs security practice, we did probably 20-30 code security audits, almost of all of them for startups that were just around β¦
π r/netsec
π "AWS Security" on Google News
π§ IAM permission changes
- redshift-serverless: 37 new actions, 5 new resources, 8 new conditions β 37 new actions: ConvertRecoveryPointToSnapshot (Grants permission to convert a recovery point to a snapshot), CreateEndpointAccess (Grants permission to create an Amazon Redshift Serverless managed VPC endpoint), CreateNamespace (Grants permission to create an Amazon Redshift Serverless namespace), CreateSnapshot (Grants permission to create a snapshot of all databases in a namespace), CreateUsageLimit β¦
- rolesanywhere: 26 new actions, 4 new resources, 3 new conditions β 26 new actions: CreateProfile (Grants permission to create a profile), CreateTrustAnchor (Grants permission to create a trust anchor), DeleteCrl (Grants permission to delete a certificate revocation list (crl)), DeleteProfile (Grants permission to delete a profile), DeleteTrustAnchor (Grants permission to delete a trust anchor), DisableCrl (Grants permission to disable a certificate β¦
- quicksight: 2 new actions, 1 new resource, 1 new condition | 7 updated actions β 2 new actions: CreateAccountSubscription (Grants permission to subscribe to QuickSight), DescribeAccountSubscription (Grants permission to describe a QuickSight account); 1 new resource: account; 1 new condition: quicksight:AllowedEmbeddingDomains (Filters access by the allowed embedding domains); 7 updated actions: TagResource (resources), UntagResource (resources), CreateAdmin (conditions), CreateGroup (conditions), CreateNamespace (conditions), CreateReader (conditions), CreateUser (conditions)
πͺ API changes
- Amazon Chime SDK Meetings - 3 updated methods β Adds support for AppKeys and TenantIds in Amazon Chime SDK WebRTC sessions
- AWS Database Migration Service - 1 new methods β New api to migrate event subscriptions to event bridge rules
- AWS IoT - 2 updated methods β This release adds support to register a CA certificate without having to provide a verification certificate. This also allows multiple AWS accounts to register the same CA in the same region.
- AWS IoT Wireless - 5 new 3 updated methods β Adds 5 APIs: PutPositionConfiguration, GetPositionConfiguration, ListPositionConfigurations, UpdatePosition, GetPosition for the new Positioning Service feature which enables customers to configure solvers to calculate position of LoRaWAN devices, or specify position of LoRaWAN devices & gateways.
