Issue #83
Monday · September 12, 2022
π₯ AWS security blogs
- Using AWS Shield Advanced protection groups to improve DDoS detection and mitigation β Amazon Web Services (AWS) customers can use AWS Shield Advanced to detect and mitigate distributed denial of service (DDoS) attacks that target their applications running on Amazon Elastic Compute Cloud (Amazon EC2), Elastic Local Balancing (ELB), Amazon CloudFront, AWS Global Accelerator, and Amazon Route 53. By using protection groups for β¦
- Implement step-up authentication with Amazon Cognito, Part 2: Deploy and test the solution β This solution consists of two parts. In the previous blog post Implement step-up authentication with Amazon Cognito, Part 1: Solution overview, you learned about the architecture and design of a step-up authentication solution that uses AWS services such as Amazon API Gateway, Amazon Cognito, Amazon DynamoDB, and AWS Lambda to β¦
- Implement step-up authentication with Amazon Cognito, Part 1: Solution overview β In this blog post, youβll learn how to protect privileged business transactions that are exposed as APIs by using multi-factor authentication (MFA) or security challenges. These challenges have two components: what you know (such as passwords), and what you have (such as a one-time password token). By using these multi-factor β¦
π Reddit threads on r/aws
- DynamoDB Transaction limit increased from 25 to 100 items
- Serverless Messaging: Latency Compared
- aws-sso-util β what a fantastic project β I just wanted to give a shout out to the maintainers of https://github.com/benkehoe/aws-sso-util . It fills in so many little gaps with AWS SSO (which itself may be a bit clunky, but is a service I wish more people made use of). If you're using CloudFormation to manage SSO access β¦
- Authenticating to AWS the right way
π Newsletters
π Top Links from Security Folks
- Incident Response in AWS - Chris Farris β At BSides Atlanta I gave a talk on how to handle an incident in AWS. The talk and this post is intended to help those β¦
- GitHub - NetSPI/AWSSigner: Burp Extension for AWS Signing β Burp Extension for AWS Signing . Contribute to NetSPI/AWSSigner development by creating an account on GitHub.
- General availability of SLSA3 Generic Generator for GitHub Actions β A few months ago Google and GitHub announced the release of a Go builder that would help software developers and consumers more easily verify the β¦
- AWS IAM Interview Questions - k9 Security β Use these AWS IAM interview questions to help understand how much an engineer knows about AWS IAM, and how to apply it.
π "AWS Security" on Google News
π§ IAM permission changes
- connect: 1 updated action β 1 updated action: UntagResource (conditions)
- transfer: 6 new actions, 1 new resource | 3 updated actions β 6 new actions: DeleteHostKey (Grants permission to delete a host key associated with a server), DescribeHostKey (Grants permission to describe a host key associated with a server), ImportHostKey (Grants permission to add a host key to a server), ListHostKeys (Grants permission to list host keys associated with a server), StartFileTransfer β¦
- sns: 2 new actions β 2 new actions: GetDataProtectionPolicy (Grants permission to return the data protection policy of the topic), PutDataProtectionPolicy (Grants permission to allow a topic owner to set the data protection policy)
πͺ API changes
- Amazon Elastic Compute Cloud - 2 updated methods β This release adds support to send VPC Flow Logs to kinesis-data-firehose as new destination type
- Amazon EMR Containers - 3 updated methods β EMR on EKS now allows running Spark SQL using the newly introduced Spark SQL Job Driver in the Start Job Run API
- Amazon Lookout for Metrics - 3 updated methods β Release dimension value filtering feature to allow customers to define dimension filters for including only a subset of their dataset to be used by LookoutMetrics.
- AWS Elemental MediaLive - 7 updated methods β This change exposes API settings which allow Dolby Atmos and Dolby Vision to be used when running a channel using Elemental Media Live
