Security Newsletter - Exchange servers under massive attack. Also other things happened.
Dieter Van der StockMar 08
8
Monday March, 2021
SRE Weekly Issue #260
Lex NevaMar 08
📖 [The CloudSecList] Issue 77
Marco from CloudSecListMar 07
[tl;dr sec] #73 - JSON Woes, Career Advice
Clint at tl;dr secMar 04
AWS Shield Advanced now supports resource tagging
aws.amazon.comMar 5
AWS Shield Advanced now supports tagging of protected resources and protection groups. You can use tagging to restrict the ability to create or modify protections to sensitive resources via IAM policies, or to organize and track your AWS Shield Advanced costs at the tag level. Resource tagging allows you to …
AWS Secrets Manager now provides support to replicate secrets in AWS Secrets Manager to multiple AWS Regions
aws.amazon.comMar 4
AWS Secrets Manager now enables you to replicate secrets across multiple AWS Regions. You can now give your multi-Region applications access to replicated secrets in the corresponding Regions and rely on AWS Secrets Manager to keep the replicas in sync with the primary secret. In scenarios such as disaster recovery, …
How to replicate secrets in AWS Secrets Manager to multiple Regions
Fatima AhmedMar 4
On March 3, 2021, we launched a new feature for AWS Secrets Manager that makes it possible for you to replicate secrets across multiple AWS Regions. You can give your multi-Region applications access to replicated secrets in the required Regions and rely on Secrets Manager to keep the replicas in …
How to delegate management of identity in AWS Single Sign-On
Louay ShaatMar 3
In this blog post, I show how you can use AWS Single Sign-On (AWS SSO) to delegate administration of user identities. Delegation is the process of providing your teams permissions to manage accounts and identities associated with their teams. You can achieve this by using the existing integration that AWS …
Ian Mckay @iann0036
Just got mind blown by @QuinnyPig on Twitch with the mention of a technique of spinning up a separate account to buy RIs / Savings Plans as they apply to all accounts but the support cost % is per account 🤯
143
14Mar 05 · 12:03 AM Ian Mckay @iann0036
📢 Major update to iamlive today with the addition of a new (experimental) proxy mode which will generate AWS IAM policies that include the "Resource" property.
This includes a full mapping of every resource in the SAR. Looking for initial feedback!
github.com/iann0036/iamli…
8222Mar 02 · 1:24 PM
Aidan W Steele @__steele
Looks like AWS secrets manager is getting cross-region replication
829Mar 04 · 1:19 AM
Kinnaird McQuade💥☁️ @kmcquade3
Terraform security scanning IN YOUR CODE EDITOR FOLKS
I am so excited about this. Great work.
bridgecrew @bridgecrewio
Announcing our #opensource Visual Studio @code extension in Checkov! ✅ Secure as you code with real-time IaC security and compliance scanning and inline fixes. 🤯🔒
bridge.dev/3bVkOnm
5610Mar 04 · 2:46 PM Aidan W Steele @__steele
I made a thing. stepfn.dev is a site for rapidly iterating on AWS Step Function designs. Change a few characters, hit Cmd+Enter, see result ~300ms later. Much faster feedback loop.
The other use is sharing SFNs on Twitter for when you need help.
1/4
5411Mar 08 · 6:45 AM
Brigid Johnson @bjohnso5y
Line around #Amazon meeting center for folks to get vaccinated. Folks were helping by bringing chairs to those who could not stand. Nice to see this today. #Seattle
632Mar 07 · 1:01 AM
Scott Piper @0xdabbad00
You do not need enterprise support to make use of CSM (Client Side Monitoring) on AWS. I get confusing DMs regularly as a result of this incorrect assumption. With a free tier AWS account and no support, you can record all AWS API calls your code makes to a host of your choice.
483Mar 07 · 9:39 PM Scott Piper @0xdabbad00
With the announcement of the Osaka region, it is frustrating that AWS lied to customers that new regions would be opt-in & that it has no GuardDuty. A trick supposedly used by the Capital One hacker was to always work in the newest region for this reason.
aws.amazon.com/blogs/security…
456Mar 04 · 4:55 PM
Clint Gibler @clintgibler
@theBumbleSec @_csal @leifdreizler @OWASPBayArea @philvenables @alexeyguzey @NahamSec @QuinnyPig 📢 Sponsor: @PortSwiggerRes Are you excited by DevSecOps, shifting left, security automation, & all things cloud? Do you want to focus on original research, helping the most ambitious orgs on the planet to turbo-charge their AppSec programs? Find out more
portswigger.net/careers/opport…
2311Mar 04 · 5:00 PM Kinnaird McQuade💥☁️ @kmcquade3
DevSecOps and Security automation are legit superpowers
302Mar 05 · 2:23 PM
An over-engineered todo app to demonstrate AWS Serverless products
Hello community!
I have created an over-engineered todo app to demonstrate AWS Serverless products. I hope you like it!
- AWS API Gateway to proxy requests to SQS message queue
- SQS message queue as event trigger for Lambda function
- Lambda makes async 3rd party API call; writes results to DynamoDB
- AWS …
AWS Lambda logging best practices
Logging in AWS Lambda is super simple - you just print to the output and it lands in the CloudWatch. But even that can be made better or worse. Here are my tips and best practices from real-life production serverless applications. https://betterdev.blog/aws-lambda-logging-best-practices/
PSA: New public VPC showed up in ap-northeast-3
Looks like AWS released a new region (Osaka aka `ap-northeast-3`) on Monday (March 1).
I run a query daily to monitor available IP space across our vpcs and look what popped up... new VPC (well new to me, looks like it is still using the old shorter vpc ids) with …
Need Help?
Hello Folks,
If anyone is looking for help in CCSP, CISSP, even PMI or any other related certifications, being a certified trainer, I’ll be happy to help you out with them.
You can leave me a message and I'll get back to you as soon I can.
- 🖊️ This newsletter was fwd to you? Subscribe here
- 💌 Want to suggest new content: contact me or reply to this email
- ⚡️ Powered by Mailbrew