Lex NevaSep 12
12
Monday September, 2022
Sponsor
There's an IAM change in this Terraform pull request, what do I do?!
You know it, we know it – change is scary, but change is inevitable.
IAM Pulse is bringing much-needed clarity to Terraform change reviews by delivering actionable insights about what could happen downstream if an IAM change is applied.
Join our private beta and get a free AWS IAM Assessment!
In a nutshell
This week, Colm MacCárthaigh (VP / Distinguished Engineer at Amazon Web Services) shared with me his youtube channel.
Folks, it's a pure gold mine. You should definitely check out: Shuffle Sharding
ASD has a new landing-page, if you find this newsletter relevant, please share it with friends :)
📢 MAMIP (Monitor AWS Managed IAM Policies)
Policies changed since last week:
- AWSConfigServiceRolePolicy
- AWSStorageGatewayFullAccess
- AWSStorageGatewayReadOnlyAccess
- AWS_ConfigRole
- AmazonRedshiftServiceLinkedRolePolicy
- AmazonSageMakerCanvasFullAccess
- AmazonWorkSpacesWebServiceRolePolicy
SRE Weekly Issue #338
📖 [The CloudSecList] Issue 154
Marco from CloudSecListSep 11
[tl;dr sec] #149 - Incident Response in AWS, CISA’s Supply Chain Security Guidance
Clint at tl;dr secSep 08
Amazon Elastic Compute Cloud - 2 updated methods
Sep 8
This release adds support to send VPC Flow Logs to kinesis-data-firehose as new destination type
Amazon EMR Containers - 3 updated methods
Sep 8
EMR on EKS now allows running Spark SQL using the newly introduced Spark SQL Job Driver in the Start Job Run API
Amazon Lookout for Metrics - 3 updated methods
Sep 8
Release dimension value filtering feature to allow customers to define dimension filters for including only a subset of their dataset to be used by LookoutMetrics.
AWS Elemental MediaLive - 7 updated methods
Sep 8
This change exposes API settings which allow Dolby Atmos and Dolby Vision to be used when running a channel using Elemental Media Live
Using AWS Shield Advanced protection groups to improve DDoS detection and mitigation
Joe ViggianoSep 9
Amazon Web Services (AWS) customers can use AWS Shield Advanced to detect and mitigate distributed denial of service (DDoS) attacks that target their applications running on Amazon Elastic Compute Cloud (Amazon EC2), Elastic Local Balancing (ELB), Amazon CloudFront, AWS Global Accelerator, and Amazon Route 53. By using protection groups for …
Implement step-up authentication with Amazon Cognito, Part 2: Deploy and test the solution
Salman MoghalSep 7
This solution consists of two parts. In the previous blog post Implement step-up authentication with Amazon Cognito, Part 1: Solution overview, you learned about the architecture and design of a step-up authentication solution that uses AWS services such as Amazon API Gateway, Amazon Cognito, Amazon DynamoDB, and AWS Lambda to …
Implement step-up authentication with Amazon Cognito, Part 1: Solution overview
Salman MoghalSep 7
In this blog post, you’ll learn how to protect privileged business transactions that are exposed as APIs by using multi-factor authentication (MFA) or security challenges. These challenges have two components: what you know (such as passwords), and what you have (such as a one-time password token). By using these multi-factor …
transfer: 6 new actions, 1 new resource | 3 updated actions
Sep 10
6 new actions: DeleteHostKey (Grants permission to delete a host key associated with a server), DescribeHostKey (Grants permission to describe a host key associated with a server), ImportHostKey (Grants permission to add a host key to a server), ListHostKeys (Grants permission to list host keys associated with a server), StartFileTransfer …
sns: 2 new actions
Sep 10
2 new actions: GetDataProtectionPolicy (Grants permission to return the data protection policy of the topic), PutDataProtectionPolicy (Grants permission to allow a topic owner to set the data protection policy)
Incident Response in AWS - Chris Farris
At BSides Atlanta I gave a talk on how to handle an incident in AWS. The talk and this post is intended to help those …
rowan Another crazy good/detailed post about AWS security by @jcfarris This time it's about incident response chrisfarris.com/post/aws-ir/ The log tsunam…
Marco Lancini 🔖 Incident Response in AWS Post intended to help those already familiar with the principles of Incident Response to understand what to do when the i…
Clint Gibler ☁️ Incident Response in AWS @jcfarris on prep to do before an incident so you can respond well, building detections, investigations, containment, an…
GitHub - NetSPI/AWSSigner: Burp Extension for AWS Signing
Burp Extension for AWS Signing . Contribute to NetSPI/AWSSigner development by creating an account on GitHub.
General availability of SLSA3 Generic Generator for GitHub Actions
A few months ago Google and GitHub announced the release of a Go builder that would help software developers and consumers more easily verify the …
Marco Lancini 🔖 General availability of SLSA3 Generic Generator for GitHub Actions A new tool to generate provenance documents for projects developed in any progr…
Clint Gibler ✍️ SLSA3 Generic Generator for GitHub Actions Newly released tool that can generate provenance documents for projects developed in any programming l…
AWS IAM Interview Questions - k9 Security
Use these AWS IAM interview questions to help understand how much an engineer knows about AWS IAM, and how to apply it.
Marco Lancini 🔖 AWS IAM Interview Questions Some AWS IAM interview questions to help understand how much an engineer might know about AWS IAM, and how to apply it…
rowan Nice collection of IAM interview questions by @skuenzli k9security.io/docs/aws-iam-i… Definitely worth reading and knowing if you're in the AWS IAM…
Brigid Johnson @bjohnso5y
And just like that...with a lot of hard work and gusto I leveled up to L8. From intern to director and all in @AWS. Thank you to everyone on Team Brigid. 📈 🎉🍾
4.2k
111Sep 08 · 1:07 AM Clint Gibler @clintgibler
🧑🎓 Elixir Secure Coding Training
An interactive cybersecurity curriculum designed for enterprise use at software companies using @elixirlang
By @HoldenOullette
github.com/Podium/elixir-…
19252Sep 06 · 1:00 AM Clint Gibler @clintgibler
✍️ SAML: An Introduction to SAML and its security
Ruxmon 2022 talk by @snyff covering how SAML works and various attacks, including XXE, XML signature shenanigans, malicious identity providers, etc.
#infosec #cybersecurity
docs.google.com/presentation/d…
16357Sep 07 · 7:00 PM
Scott Piper @0xdabbad00
New AWS terms and conditions:
- §70.5. AWS wants to avoid responsibility for any use of IQ (I'm surprised that wasn't already there).
- §87🚨 GuardDuty's Malware Protection may copy data outside of the regions you are using it (data governance folks FYI)
diffchecker.com/0C2FtHAU
6727Sep 06 · 5:25 PM rowan @elrowan
Another crazy good/detailed post about AWS security by @jcfarris
This time it's about incident response chrisfarris.com/post/aws-ir/
The log tsunami vs your security budget picture is my favourite 😄
5815Sep 06 · 2:04 AM Scott Piper @0xdabbad00
Interesting abuse of some github UI and related issues with code exec in the CI pipeline. marcyoung.us/post/zuckerpun…
5517Sep 11 · 10:07 PM
Aidan W Steele @__steele
If you want to have a real bad time, you should try running a HTTP1/2/3 service on AWS ECS. I've just started day two of this saga and it's not going well. 😰
Has anyone got this working? Issues I've hit in no particular order:
427Sep 07 · 2:17 AM
Kinnaird McQuade 💻☁️💥 @kmcquade3
I’m loving this early period in my startup where we are so focused on building a great product with great people.
I stepped back for a moment last night & realized that this period in my life will always be a special memory.
And we’re just getting started.
Back to the grind 💪🏼
270Sep 07 · 6:09 PM
Chris Farris @jcfarris
Yesterday I said farewell to Turner/WarnerMedia/Discovery. Today I’m on a flight to SouthEast Asia to meet my new team at their first post-pandemic all-hands. Exciting times!
210Sep 08 · 5:10 PM
aws-sso-util — what a fantastic project
I just wanted to give a shout out to the maintainers of https://github.com/benkehoe/aws-sso-util . It fills in so many little gaps with AWS SSO (which itself may be a bit clunky, but is a service I wish more people made use of). If you're using CloudFormation to manage SSO access …
- 🖊️ This digest was forwarded to you? Subscribe here
- 📢 Promote your content with sponsorship
- 💌 Want to suggest new content: contact me or reply to this email
