SRE Weekly Issue #344 • [tl;dr sec] #155 - Understanding IAM, Autogenerate Art from Blog Post • Amazon DevOps Guru - 4 updated methods • AWS Global Accelerator - 2 new methods • AWS Resilience Hub - 2 updated methods • CloudWatch RUM - 7 new methods • A sneak peek at the security, identity, and compliance sessions for re:Invent 2022 • AWS successfully renews GSMA security certification for US East (Ohio) and Europe (Paris) Regions • New AWS whitepaper: Using AWS in the Context of Canada’s Controlled Goods Program (CGP) • Analyze Amazon Cognito advanced security intelligence to improve visibility and protection

ASD Logo

24
Monday October, 2022

Sponsor

ProwlerPro is the most comprehensive, free tool for AWS security.

ProwlerPro is trusted by orgs of all sizes, and used everyday so teams can be confident in their AWS security framework. Everything you love about Prowler Open Source plus:

  • Parallelized processing for faster results
  • Dashboards with actionable, direct insights for every level of detail of your security posture
  • Holistic view of your infrastructure for any AWS region
  • Answers in minutes

Use ProwlerPro free today, and see what your first scan can do.

In a nutshell

We are all trying to enhance our AWS Security posture, reduce our attack surface, prevent AWS hijacking, or comply with our preferred CISO and certification authorities.

A starting point is to identify AWS assets, and it could be a difficult task for unknown AWS accounts, and large environments using multiple AWS Regions.

Fortunately, this blog post will show you different techniques to list your AWS assets.

I really like the one that is using AWS Cloud Control API.

I'll add another one by using a new prowler command (beta): prowler -i

🔦 Highlight of the week

  1. AWS IAM Policy language is getting old
  2. Enrich Splunk events with Steampipe
  3. Announcing dark mode support in the AWS Management Console

📢 MAMIP (Monitor AWS Managed IAM Policies)

Policies changed since last week:

[...]

Weekly diff

🪖 Army of AWS Bots: MAMIP / MASE / MGDA / MIRA

Newsletters
SRE Weekly Issue #344
Lex NevaOct 24
[tl;dr sec] #155 - Understanding IAM, Autogenerate Art from Blog Post
Clint at tl;dr secOct 20
AWS API Changes
Amazon DevOps Guru - 4 updated methods
Oct 20
This release adds information about the resources DevOps Guru is analyzing.
AWS Global Accelerator - 2 new methods
Oct 20
Global Accelerator now supports AddEndpoints and RemoveEndpoints operations for standard endpoint groups.
AWS Resilience Hub - 2 updated methods
Oct 20
In this release, we are introducing support for regional optimization for AWS Resilience Hub applications. It also includes a few documentation updates to improve clarity.
CloudWatch RUM - 7 new methods
Oct 20
CloudWatch RUM now supports Extended CloudWatch Metrics with Additional Dimensions

Sponsor

By using AWS cloud, your team is experimenting, launching instances, databases, and data modeling tools, and the typical behavior is to forget to turn off things. It's natural.

To get rid of this, to be aware of what I've let running. I've built a saas product called unusd.cloud – for me, for students, cloud practitioners, and for your DevOps teams.

It's free for a single AWS account (forever)

AWS Security Blog
A sneak peek at the security, identity, and compliance sessions for re:Invent 2022
Katie CollinsOct 20
AWS re:Invent 2022 is fast approaching, and this post can help you plan your agenda with a look at the sessions in the security track. AWS re:Invent, your opportunity to catch up on the latest technologies in cloud computing, will take place in person in Las Vegas, NV, from November …
AWS successfully renews GSMA security certification for US East (Ohio) and Europe (Paris) Regions
Janice LeungOct 19
Amazon Web Services is pleased to announce that our US East (Ohio) and Europe (Paris) Regions have been re-certified through October 2023 by the GSM Association (GSMA) under its Security Accreditation Scheme Subscription Management (SAS-SM) with scope Data Centre Operations and Management (DCOM). The US East (Ohio) and Europe (Paris) …
New AWS whitepaper: Using AWS in the Context of Canada’s Controlled Goods Program (CGP)
Michael DavieOct 17
Amazon Web Services (AWS) has released a new whitepaper to help Canadian defense and security customers accelerate their use of the AWS Cloud. The new guide, Using AWS in the Context of Canada’s Controlled Goods Program (CGP), continues our efforts to help AWS customers navigate the regulatory expectations of the …
Analyze Amazon Cognito advanced security intelligence to improve visibility and protection
Diana AlvaradoOct 17
As your organization looks to improve your security posture and practices, early detection and prevention of unauthorized activity quickly becomes one of your main priorities. The behaviors associated with unauthorized activity commonly follow patterns that you can analyze in order to create specific mitigations or feed data into your security …
IAM Permission Changes
glue: 2 new actions | 3 updated actions, 1 updated resource
Oct 21
2 new actions: ListCrawls (Grants permission to retrieve crawl run history for a crawler), UseGlueStudio (Grants permission to use Glue Studio and access its internal APIs); 3 updated actions: CreateDatabase (resources), TagResource (resources), UntagResource (resources); 1 updated resource: connection (conditions)
monitron: 2 updated actions
Oct 21
2 updated actions: AssociateProjectAdminUser (dependents), GetProjectAdminUser (dependents)
sesv2: 1 new action
Oct 21
1 new action: GetDedicatedIpPool (Grants permission to get information about a dedicated IP pool)
Top Links from Security Folks
Why Cloud Finance Is Broken and Ineffective
www.duckbillgroup.com
Cloud finance is more “cloud” than “finance.” This fundamental misunderstanding leads to very ineffective cloud finance efforts. Here’s how to fix them.
AWS Security Folks
0xdabbad00
Scott Piper @0xdabbad00

Happy birthday AWS IAM policy language! 10 years old for the current version, with the original being from 2008-10-17.

49Oct 17 · 6:10 PM
__steele
Aidan W Steele @__steele

The recent launch from AWS of a new way to access secrets from Lambda got me thinking.

Specifically thinking "I should stop complaining every six months on Twitter and demonstrate how I think it is should work". So here's a blog and Github repo.

awsteele.com/blog/2022/10/1…

19Oct 20 · 10:46 AM
colmmacc
Colm MacCárthaigh @colmmacc

Seattle voters, please vote for ranked choice voting (RCV), that's prop 1B, and please retweet for reach! I've voted in Ireland using it and seen its benefits in action, and the @LWV agree that it's the best option on the ballot! Here's five reasons and more info ...

55Oct 23 · 10:54 PM
clintgibler
Clint Gibler @clintgibler

🐦 Cloned Website Token

Detect targeted phishing attempts by placing a canary token in the JavaScript on your websites

Notifies you if someone clones your site and hosts it on another domain

By @ThinkstCanary

docs.canarytokens.org/guide/cloned-w…

23Oct 18 · 5:00 PM
clintgibler
Clint Gibler @clintgibler

🛡️ @MetloHQ

An open-source API security platform

Endpoint Discovery - Scans network traffic and creates an inventory of every API

Scans endpoints for PII & gives a risk score

Alert on unauth endpoints returning sensitive data, Open API spec diffs

github.com/metlo-labs/met…

28Oct 19 · 11:55 PM
colmmacc
Colm MacCárthaigh @colmmacc

How can Apple have updated their TV remote but still not added "Find Me"? This has got to be the most obvious missing feature! Being able to chirp the remote from a paired phone or watch would be a living room game changer. Do the design team not own couches? twitter.com/i/web/status/1…

4Oct 18 · 9:51 PM
kmcquade3
Kinnaird McQuade 💻☁️💥 @kmcquade3

GitHub released fine-grained Personal Access Tokens (PATs)!🎉

Before this, classic PATs would have the same set of privileges as the user

Thank god. No more creating machine users with sorta god-mode PATs or SSH keys just to clone private Git submodules

github.blog/2022-10-18-int…

13Oct 22 · 1:56 AM
abbyfuller
Abby Fuller @abbyfuller

Absolutely no way this could go wrong 🙃

kstewart
Kevin Stewart @kstewart

Software to Fix Biased Performance Reviews That Hinder Women and People of Color bloomberg.com/news/articles/…

2Oct 18 · 1:38 AM
steven_bryen
Steven Bryen @steven_bryen

Found a pic of me presenting on AWS 8yrs ago today. They’ve since added:

+17 Regions
+61 Availability Zones
+361 Edge locations

What a ride it was being on the inside as AWS grew so fast 🚀

Now I get to see it from the customer side. Still just as excited for what’s next!

0Oct 22 · 10:04 PM
__steele
Aidan W Steele @__steele

Are there alternatives to AWS Kinesis that work basically the same as Kinesis, but support more than 1MB/sec per shard?

3Oct 23 · 12:30 AM
r/aws
Dark Mode Console has finally arrived
31931

Announcement: https://aws.amazon.com/about-aws/whats-new/2022/10/dark-mode-support-aws-management-console/

Looks pretty good too, just tried it out

Happy 10 year birthday to the current IAM policy language version ("Version": "2012-10-17")
25716docs.aws.amazon.com
Do some developers actually, REALLY, have no local environment and run everything in AWS? Is the individual cloud dev environment a real alternative to having things running locally?
113100

tl;dr; Is using separate developer AWS accounts with "cloud" development environments to replace local environments a viable solution, or is that just a thing people do in tech demos / only a good theoretical idea?

I'm at a point on a project where I'm starting to loose the battle of …

Are there people who really understand everything about IAM service?
9241

I've used AWS for nearly four years -- I have several certs and I think I grasp most IAM concepts. But I would be lying if I told you I grasp all the concepts especially around assumption/passing of roles, STS service, boundaries etc IAM is like this black box that …

"AWS Security" on Google News
Datadog Details Most Common AWS Security Mistakes - Security Boulevard
Security BoulevardOctober 20
Corelight Cloud Sensor SaaS for AWS accelerates incident response for security teams - Help Net Security
Help Net SecurityOctober 20