Lex NevaOct 10
10
Monday October, 2022
Sponsor - Introducing: ProwlerPro SaaS the most comprehensive, free tool for AWS security.
When time is of the essence, ProwlerPro delivers results in minutes. Everything you love about Prowler Open Source plus:
- Parallelized processing for faster results
- Dashboards with actionable, direct insights for every level of detail of your security posture
- Holistic view of your infrastructure no matter the AWS region you use
- Set up and get results in minutes
In a nutshell
This week introduces a long-awaited update on SecurityAudit Managed Policy (wasn't updated since 2021-04-14), an excellent study from Datadog folks, on the state of AWS Security on real-world data from more than 600 organizations and thousands of AWS accounts.
And a few helpers on creating least privilege IAM Policies with the work of the Access Analyzer product team led by Brigid Johnson.
📢 MAMIP (Monitor AWS Managed IAM Policies)
Policies changed since last week:
SRE Weekly Issue #342
AWS Notification Message
GuardDutyAnnouncementsOct 06
[tl;dr sec] #153 - Postgres’ Insecure Defaults, SBOM
Clint at tl;dr secOct 06
AWS IoT Greengrass V2 - 2 updated methods
Oct 7
This release adds error status details for deployments and components that failed on a device and adds features to improve visibility into component installation.
Amazon QuickSight - 4 updated methods
Oct 7
Amazon QuickSight now supports SecretsManager Secret ARN in place of CredentialPair for DataSource creation and update. This release also has some minor documentation updates and removes CountryCode as a required parameter in GeoSpatialColumnGroup
AWS Glue - 2 new 5 updated methods
Oct 5
This SDK release adds support to sync glue jobs with source control provider. Additionally, a new parameter called SourceControlDetails will be added to Job model.
AWS Network Firewall - 3 updated methods
Oct 5
StreamExceptionPolicy configures how AWS Network Firewall processes traffic when a network connection breaks midstream
Use IAM Access Analyzer policy generation to grant fine-grained permissions for your AWS CloudFormation service roles
Joel KnightOct 7
AWS Identity and Access Management (IAM) Access Analyzer provides tools to simplify permissions management by making it simpler for you to set, verify, and refine permissions. One such tool is IAM Access Analyzer policy generation, which creates fine-grained policies based on your AWS CloudTrail access activity—for example, the actions you …
Spring 2022 SOC reports now available in Spanish
Rodrigo FiuzaOct 6
English We continue to listen to our customers, regulators, and stakeholders to understand their needs regarding audit, assurance, certification, and attestation programs at Amazon Web Services (AWS). We are pleased to announce that Spring 2022 SOC 1, SOC 2, and SOC 3 reports are now available in Spanish. These translated …
IAM Access Analyzer makes it simpler to author and validate role trust policies
Mathangi RameshOct 3
AWS Identity and Access Management (IAM) Access Analyzer provides many tools to help you set, verify, and refine permissions. One part of IAM Access Analyzer—policy validation—helps you author secure and functional policies that grant the intended permissions. Now, I’m excited to announce that AWS has updated the IAM console experience …
ec2: 8 new actions, 3 new resources | 7 updated actions | 1 removed condition
Oct 8
8 new actions: CreateCoipCidr (Grants permission to create a range of customer-owned IP (CoIP) addresses), CreateCoipPool (Grants permission to create a pool of customer-owned IP (CoIP) addresses), CreateLocalGatewayRouteTable (Grants permission to create a local gateway route table), CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation (Grants permission to create a local gateway route table virtual interface group …
backup-gateway: 1 new action
Oct 8
1 new action: GetVirtualMachine (Grants permission to GetVirtualMachine)
ecs: 1 updated condition, 3 updated actions
Oct 6
1 updated condition: aws:TagKeys (type); 3 updated actions: CreateTaskSet (conditions), TagResource (resources), UntagResource (resources)
Latest breaking news articles on bank information security
Articles covering top risk management issues, from compliance to latest technology, including authentication, mobile and cloud on bank information security
Announcing ProwlerPro SaaS
Announcing ProwlerPro SaaS, the most comprehensive, free tool for AWS security.
Victor Grenu 🏴☠️ Toni and his team are once again disrupting the market with a great SaaS version of the well-known prowler. Give it a try. It's free for a daily sca…
Toni de la Fuente Here we go again with ProwlerPro, this time we announce our SaaS starting with a free tier where you can scan your AWS account for free, daily! yout…
The State of AWS Security
We analyzed trends in the implementation of security best practices and took a closer look at various types of misconfigurations that contribute to the most …
O3 Cyber
Providing high-end cyber security advisory and expert knowledge for securing public cloud
Abby Fuller @abbyfuller
if you're at @AWSreInvent this year, i'll be doing a session on how @awscloud handled log4shell 👀
(BOA204 in the session catalog)
497
56Oct 05 · 11:01 PM
Colm MacCárthaigh @colmmacc
It's promo day at Amazon and congrats to everyone whose hard work and positive influence have been recognized and promoted! But especially Senior Principal Security Engineer @abbyfuller.
4724Oct 03 · 6:43 PM Abby Fuller @abbyfuller
this was a pleasant surprise this round. thanks to everyone who helped make it happen 🎉🎉
Colm MacCárthaigh @colmmacc
It's promo day at Amazon and congrats to everyone whose hard work and positive influence have been recognized and promoted! But especially Senior Principal Security Engineer @abbyfuller.
2161Oct 03 · 9:04 PM Colm MacCárthaigh @colmmacc
At Amazon, a disproportionate number of the most senior engineers work on very low-level things, and are quite hands-on involved in maintenance and fixes. This comes from a primarily operational culture.
Jan Harasym @dijit
@bcantrill Real talk: how on earth can we incentivise maintenance? Fixes, life improvements., the invisible little things which make everything better.
16513Oct 03 · 7:16 PM
Clint Gibler @clintgibler
🐷 Truffleproc
Hunt secrets in process memory (TruffleHog & gdb mashup)
By @controlplaneio
#pentesting #redteam
github.com/controlplaneio…
11347Oct 04 · 7:00 PM
Brigid Johnson @bjohnso5y
Don’t you love it when you delegate a task⁉️Well...having IAM Access Analyzer generate your policies just got better with action-level permissions for over 1⃣4⃣0⃣ services. Waa BAM! 🥳 (1/8) 🧵go.aws/3T6VNJI
10123Oct 07 · 10:21 PM
Christophe @christophetd
In the past few months I've been working on a new piece of research.
We analyzed the security posture of 600+ organizations and thousands of AWS accounts, to understand how companies are implementing key cloud security mechanisms. Check it out!
dtdg.co/state-of-aws-c…
8835Oct 05 · 8:13 PM Christophe @christophetd
AWS just released a new feature that allows to enable IMDSv2 by default for specific AMIs. This is a great first step to fuel adoption of IMDSv2.
aws.amazon.com/about-aws/what…
docs.aws.amazon.com/AWSEC2/latest/…
5323Oct 04 · 9:42 AM Clint Gibler @clintgibler
🛠️ Awesome Container Tinkering
Great list of tools and resources by @iximiuz:
- Container runtimes
- Image builders, viewers, editors
- Development environments
- Container networking tools
and more!
github.com/iximiuz/awesom…
5418Oct 06 · 1:00 AM Brigid Johnson @bjohnso5y
Trick or Treat?🎃🍭 I say treat! You now have more tools to help you author the policies that control access to who can assume your roles, known as role trust policies. Here’s what is new. (1/10) 🧵
go.aws/3EhoSOt
5913Oct 04 · 11:35 PM
Example charges for DynamoDB with Global Tables
In an effort to help others, I wanted to take a bit of our bill and share it with the class. We are helping a company modernize a product. They are going from ECS with Windows ($$$) and MSSQL RDS ($$$$$$) to Lambda and DynamoDB. Rough costs right now are …
Reducing AWS costs?
Hey everyone,
My company tasked me to reduce the AWS bill by as much as possible, ideally in the next month or so. I joined the team last week and their account is a disaster.
The main cost contributors are RDS and EC2 if that helps.
I know there are …
- 🖊️ This digest was forwarded to you? Subscribe here
- 📢 Promote your content with sponsorship
- 💌 Want to suggest new content: contact me or reply to this email
