Issue #91
Monday · November 07, 2022
🥗 AWS security blogs
- How to use trust policies with IAM roles — November 3, 2022: We updated this post to fix some syntax errors in the policy statements and to add additional use cases. August 30, 2021: This post is currently being updated. We will post another note when it’s complete. AWS Identity and Access Management (IAM) roles are a significant component …
- Use Amazon Inspector to manage your build and deploy pipelines for containerized applications — Amazon Inspector is an automated vulnerability management service that continually scans Amazon Web Services (AWS) workloads for software vulnerabilities and unintended network exposure. Amazon Inspector currently supports vulnerability reporting for Amazon Elastic Compute Cloud (Amazon EC2) instances and container images stored in Amazon Elastic Container Registry (Amazon ECR). With the …
- See yourself in cyber: Highlights from Cybersecurity Awareness Month — As Cybersecurity Awareness Month comes to a close, we want to share some of the work we’ve done and made available to you throughout October. Over the last four weeks, we have shared insights and resources aligned with this year’s theme—”See Yourself in Cyber”—to help advance awareness training, and inspire …
- How to control non-HTTP and non-HTTPS traffic to a DNS domain with AWS Network Firewall and AWS Lambda — Security and network administrators can control outbound access from a virtual private cloud (VPC) to specific destinations by using a service like AWS Network Firewall. You can use stateful rule groups to control outbound access to domains for HTTP and HTTPS by default in Network Firewall. In this post, we’ll …
🍛 Reddit threads on r/aws
- Amazon AWS Certifications Courses Worth Thousands of Dollars are available FREE on Amazon Store.
- Minor rant: NoSQL is not a drop-in replacement for SQL — Could be obvious, could be not but I think this needs to be said. Once in a while I see people recommend DynamoDb when someone is asking how to optimize costs in RDS (because Ddb has nice free tier, etc.) like it's a drop-in replacement -- it is not. It's …
- Who's Going to Re:Invent — Really looking forward to it
- Amazon EC2 enables you to opt out of directly shared Amazon Machine Images
📌 Newsletters
📌 Top Links from Security Folks
- The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation | Datadog Security Labs — Learn how the OpenSSL punycode vulnerability (CVE-2022-3602) works, how to detect it, and how it can be exploited.
- r2c - CVE Analyst — About the role As a CVE Analyst at r2c, you’ll help us build a new category of developer focused security tools to prevent security vulnerabilities. …
📌 "AWS Security" on Google News
🧁 IAM permission changes
- redshift: 1 new action — 1 new action: GetClusterCredentialsWithIAM (Grants permission to get enhanced temporary credentials to access an Amazon Redshift database by the specified AWS account)
- route53-recovery-readiness: 1 updated condition — 1 updated condition: aws:TagKeys (type)
- qldb: 1 new action — 1 new action: PartiQLRedact (Grants permission to redact historic revisions)
🍪 API changes
- Amazon MemoryDB - 10 updated methods — Adding support for r6gd instances for MemoryDB Redis with data tiering. In a cluster with data tiering enabled, when available memory capacity is exhausted, the least recently used data is automatically tiered to solid state drives for cost-effective capacity scaling with minimal performance impact.
- Amazon SageMaker Service - 7 updated methods — Amazon SageMaker now supports running training jobs on ml.trn1 instance types.
- AWS IoT SiteWise - 2 new 4 updated methods — This release adds the ListAssetModelProperties and ListAssetProperties APIs. You can list all properties that belong to a single asset model or asset using these two new APIs.
- AWS S3 Control - 2 updated methods — S3 on Outposts launches support for Lifecycle configuration for Outposts buckets. With S3 Lifecycle configuration, you can mange objects so they are stored cost effectively. You can manage objects using size-based rules and specify how many noncurrent versions bucket will retain.
📺 AWS security bulletins
- OpenSSL Security Advisories - November 2022 — Initial Publication Date: 2022/11/01 09:00 PDT AWS is aware of the recently reported issues regarding OpenSSL 3.0 (CVE-2022-3602 and CVE-2022-3786). AWS services are not affected, and no customer action is required. Additionally, Amazon Linux 1 and Amazon Linux 2 do not ship with OpenSSL 3.0 and are not affected by …
