Issue #84
Monday · September 19, 2022
🥗 AWS security blogs
- 10 reasons to import a certificate into AWS Certificate Manager (ACM) — AWS Certificate Manager (ACM) is a service that lets you efficiently provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and your internal connected resources. The certificates issued by ACM can then be used to secure network communications and establish the identity of websites on …
- 154 AWS services achieve HITRUST certification — The AWS HITRUST Compliance Team is excited to announce that 154 Amazon Web Services (AWS) services are certified for the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) v9.6 for the 2022 cycle. These 154 AWS services were audited by a third-party assessor and certified under the HITRUST CSF. …
- Amazon introduces dynamic intermediate certificate authorities — AWS Certificate Manager (ACM) is a managed service that lets you provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with Amazon Web Services (AWS) and your internal connected resources. Starting October 11, 2022, at 9:00 AM Pacific Time, public certificates obtained through …
- Use AWS Network Firewall to filter outbound HTTPS traffic from applications hosted on Amazon EKS and collect hostnames provided by SNI — This blog post shows how to set up an Amazon Elastic Kubernetes Service (Amazon EKS) cluster such that the applications hosted on the cluster can have their outbound internet access restricted to a set of hostnames provided by the Server Name Indication (SNI) in the allow list in the AWS …
🍛 Reddit threads on r/aws
- Visualizing how S3 deletes 1 billion objects with Athena and Rust
- GA! AWS Enterprise Support launches AWS Incident Detection and Response
- Unlimited free data storage by (ab)using ECS — Probably not the first person, but I recently discovered an interesting consequence of the way ECS task definitions are implemented that allows indefinitely storing an unlimited amount of arbitrary data for free with no data transfer cost: You can store arbitrary data in an ECS task definition within the environment …
- Control Tower upgrade Landing Zone from 2.9 to 3.0 -- failures and now disabled — UPDATE: Resolved, see final update at end. To start with, I already have two open cases with support for this :) I have been planning to upgrade our Control Tower Landing Zone from 2.9 to 3.0 for a while. Opened a case with support to see if there's anything we …
📌 Newsletters
📌 Top Links from Security Folks
- GitHub - awslabs/aws-security-assessment-solution: An AWS tool to help you create a point in time assessment of your AWS account using Prowler and Scout as well as optional AWS developed ransomware checks. — An AWS tool to help you create a point in time assessment of your AWS account using Prowler and Scout as well as optional AWS …
- GitHub - matanolabs/matano: The open-source security lake platform for AWS — The open-source security lake platform for AWS. Contribute to matanolabs/matano development by creating an account on GitHub.
- Kubernetes API Server Bypass Risks — Security architecture information relating to the API server and other components
- GitHub - google/magic-github-proxy: An access-limiting stateless GitHub API Proxy — An access-limiting stateless GitHub API Proxy. Contribute to google/magic-github-proxy development by creating an account on GitHub.
📌 "AWS Security" on Google News
🧁 IAM permission changes
- evidently: 6 new actions, 1 new resource | 4 updated resources, 4 updated actions — 6 new actions: CreateSegment (Grants permission to create a segment), DeleteSegment (Grants permission to delete a segment), GetSegment (Grants permission to get segment details), ListSegmentReferences (Grants permission to list resources referencing a segment), ListSegments (Grants permission to list segments), TestSegmentPattern (Grants permission to test a segment pattern); 1 new resource: …
- lookoutequipment: 9 new actions, 1 new resource | 1 updated resource, 3 updated actions — 9 new actions: CreateLabel (Grants permission to create a label), CreateLabelGroup (Grants permission to create a label group), DeleteLabel (Grants permission to delete a label), DeleteLabelGroup (Grants permission to delete a label group), DescribeLabelGroup (Grants permission to describe a label group), Describelabel (Grants permission to describe a label), ListLabelGroups (Grants …
- cloudtrail: 5 new actions, 1 new resource | 3 updated actions, 1 updated resource — 5 new actions: CreateServiceLinkedChannel (Grants permission to create a service-linked channel that specifies the settings for delivery of log data to an AWS service), DeleteServiceLinkedChannel (Grants permission to delete a service-linked channel), GetServiceLinkedChannel (Grants permission to list settings for the service-linked channel), ListServiceLinkedChannels (Grants permission to list service-linked channels associated …
🍪 API changes
- Amazon Elastic Compute Cloud - 11 updated methods — This feature allows customers to create tags for vpc-endpoint-connections and vpc-endpoint-service-permissions.
- Amazon SageMaker Service - 4 updated methods — Amazon SageMaker Automatic Model Tuning now supports specifying Hyperband strategy for tuning jobs, which uses a multi-fidelity based tuning strategy to stop underperforming hyperparameter configurations early.
- AWS Amplify UI Builder - 8 new 4 updated methods — Amplify Studio UIBuilder is introducing forms functionality. Forms can be configured from Data Store models, JSON, or from scratch. These forms can then be generated in your project and used like any other React components.
- Amazon Elastic Compute Cloud - 8 new 10 updated methods — This update introduces API operations to manage and create local gateway route tables, CoIP pools, and VIF group associations.
