Issue #93
Monday · November 21, 2022
🥗 AWS security blogs
- Considerations for security operations in the cloud — Cybersecurity teams are often made up of different functions. Typically, these can include Governance, Risk & Compliance (GRC), Security Architecture, Assurance, and Security Operations, to name a few. Each function has its own specific tasks, but works towards a common goal—to partner with the rest of the business and help …
- AWS Security Profile: Jonathan “Koz” Kozolchyk, GM of Certificate Services — In the AWS Security Profile series, we interview AWS thought leaders who help keep our customers safe and secure. This interview features Jonathan “Koz” Kozolchyk, GM of Certificate Services, PKI Systems. Koz shares his insights on the current certificate landscape, his career at Amazon and within the security space, what …
- AWS Security Profile: Reef D’Souza, Principal Solutions Architect — In the weeks leading up to AWS re:invent 2022, I’ll share conversations I’ve had with some of the humans who work in AWS Security who will be presenting at the conference, and get a sneak peek at their work and sessions. In this profile, I interviewed Reef D’Souza, Principal Solutions …
- Fall 2022 SOC reports now available with 154 services in scope — At Amazon Web Services (AWS), we’re committed to providing customers with continued assurance over the security, availability, and confidentiality of the AWS control environment. We’re proud to deliver the Fall 2022 System and Organizational Controls (SOC) 1, 2, and 3 reports, which cover April 1–September 30, 2022, to support our …
🍛 Reddit threads on r/aws
- Node.js 18.x runtime now available in AWS Lambda
- Multiple MFA devices in IAM! | Amazon Web Services
- Without saying "it's scalable", please convince me that a serverless architecture is worth it — Hi there – I have many years of experience developing traditional, serverful web apps. About six months ago, I made the leap to serverless development (in Python, using AWS Lambda and related services). I see the advantages in terms of scalability. And scalability is obviously a valid concern. But everything …
- The Distributed Computing Manifesto (from Dr. Werner Vogels) - "...a canonical document from the early days of Amazon that transformed the architecture of Amazon’s ecommerce platform. It highlights the challenges we were facing at the end of the 20th century, and hints at where we were headed."
📌 Newsletters
📌 Top Links from Security Folks
- Finding malicious PyPI packages through static code analysis: Meet GuardDog | Datadog Security Labs — GuardDog is an open-source tool to identify malicious PyPI packages through source code and metadata analysis
- Stealing passwords from infosec Mastodon - without bypassing CSP — The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP. Everybody on our Twitter …
- The Security Design of the AWS Nitro System — Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale …
- GitHub - DataDog/guarddog: GuardDog is a CLI tool to Identify malicious PyPI packages — :snake: :mag: GuardDog is a CLI tool to Identify malicious PyPI packages - GitHub - DataDog/guarddog: GuardDog is a CLI tool to Identify malicious PyPI …
📌 "AWS Security" on Google News
🧁 IAM permission changes
- elasticache: 1 new action, 1 new condition | 2 updated actions, 1 updated resource — 1 new action: Connect (Allows an IAM user or role to connect as a specified EliastCache user to a node in a replication group); 1 new condition: elasticache:UserAuthenticationMode (Filters access by the UserAuthenticationMode parameter in the request); 2 updated actions: CreateUser (conditions), ModifyUser (conditions); 1 updated resource: user (conditions)
- iotroborunner: 1 updated resource — 1 updated resource: DestinationResource (arn)
- iottwinmaker: 3 new actions | 1 updated condition — 3 new actions: ExecuteQuery (Grants permission to execute query), GetPricingPlan (Grants permission to get pricing plan), UpdatePricingPlan (Grants permission to update pricing plan); 1 updated condition: aws:TagKeys (type)
🍪 API changes
- AWS Amplify - 5 updated methods — Adds a new value (WEB_COMPUTE) to the Platform enum that allows customers to create Amplify Apps with Server-Side Rendering support.
- Amazon Appflow - 4 updated methods — AppFlow simplifies the preparation and cataloging of SaaS data into the AWS Glue Data Catalog where your data can be discovered and accessed by AWS analytics and ML services. AppFlow now also supports data field partitioning and file size optimization to improve query performance and reduce cost.
- AWS AppSync - 1 new 10 updated methods — This release introduces the APPSYNC_JS runtime, and adds support for JavaScript in AppSync functions and AppSync pipeline resolvers.
- AWS Database Migration Service - 9 updated methods — Adds support for Internet Protocol Version 6 (IPv6) on DMS Replication Instances
