Issue #87
Monday · October 10, 2022
🥗 AWS security blogs
- Use IAM Access Analyzer policy generation to grant fine-grained permissions for your AWS CloudFormation service roles — AWS Identity and Access Management (IAM) Access Analyzer provides tools to simplify permissions management by making it simpler for you to set, verify, and refine permissions. One such tool is IAM Access Analyzer policy generation, which creates fine-grained policies based on your AWS CloudTrail access activity—for example, the actions you …
- Spring 2022 SOC reports now available in Spanish — English We continue to listen to our customers, regulators, and stakeholders to understand their needs regarding audit, assurance, certification, and attestation programs at Amazon Web Services (AWS). We are pleased to announce that Spring 2022 SOC 1, SOC 2, and SOC 3 reports are now available in Spanish. These translated …
- IAM Access Analyzer makes it simpler to author and validate role trust policies — AWS Identity and Access Management (IAM) Access Analyzer provides many tools to help you set, verify, and refine permissions. One part of IAM Access Analyzer—policy validation—helps you author secure and functional policies that grant the intended permissions. Now, I’m excited to announce that AWS has updated the IAM console experience …
🍛 Reddit threads on r/aws
- Example charges for DynamoDB with Global Tables — In an effort to help others, I wanted to take a bit of our bill and share it with the class. We are helping a company modernize a product. They are going from ECS with Windows ($$$) and MSSQL RDS ($$$$$$) to Lambda and DynamoDB. Rough costs right now are …
- Reducing AWS costs? — Hey everyone, My company tasked me to reduce the AWS bill by as much as possible, ideally in the next month or so. I joined the team last week and their account is a disaster. The main cost contributors are RDS and EC2 if that helps. I know there are …
- Apache Iceberg Reduced Our Amazon S3 Cost by 90%
- You should have lots of AWS accounts
📌 Newsletters
📌 Top Links from Security Folks
- Latest breaking news articles on bank information security — Articles covering top risk management issues, from compliance to latest technology, including authentication, mobile and cloud on bank information security
- Announcing ProwlerPro SaaS — Announcing ProwlerPro SaaS, the most comprehensive, free tool for AWS security.
- The State of AWS Security — We analyzed trends in the implementation of security best practices and took a closer look at various types of misconfigurations that contribute to the most …
- O3 Cyber — Providing high-end cyber security advisory and expert knowledge for securing public cloud
📌 "AWS Security" on Google News
🧁 IAM permission changes
- ec2: 8 new actions, 3 new resources | 7 updated actions | 1 removed condition — 8 new actions: CreateCoipCidr (Grants permission to create a range of customer-owned IP (CoIP) addresses), CreateCoipPool (Grants permission to create a pool of customer-owned IP (CoIP) addresses), CreateLocalGatewayRouteTable (Grants permission to create a local gateway route table), CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation (Grants permission to create a local gateway route table virtual interface group …
- backup-gateway: 1 new action — 1 new action: GetVirtualMachine (Grants permission to GetVirtualMachine)
- ecs: 1 updated condition, 3 updated actions — 1 updated condition: aws:TagKeys (type); 3 updated actions: CreateTaskSet (conditions), TagResource (resources), UntagResource (resources)
🍪 API changes
- AWS IoT Greengrass V2 - 2 updated methods — This release adds error status details for deployments and components that failed on a device and adds features to improve visibility into component installation.
- Amazon QuickSight - 4 updated methods — Amazon QuickSight now supports SecretsManager Secret ARN in place of CredentialPair for DataSource creation and update. This release also has some minor documentation updates and removes CountryCode as a required parameter in GeoSpatialColumnGroup
- AWS Glue - 2 new 5 updated methods — This SDK release adds support to sync glue jobs with source control provider. Additionally, a new parameter called SourceControlDetails will be added to Job model.
- AWS Network Firewall - 3 updated methods — StreamExceptionPolicy configures how AWS Network Firewall processes traffic when a network connection breaks midstream
