Issue #94
Monday · November 28, 2022
🥗 AWS security blogs
- AWS Digital Sovereignty Pledge: Control without compromise — French | German | Italian | Japanese | Korean We’ve always believed that for the cloud to realize its full potential it would be essential that customers have control over their data. Giving customers this sovereignty has been a priority for AWS since the very beginning when we were the …
- 2022 Canadian Centre for Cyber Security Assessment Summary report available with 12 additional services — We are pleased to announce the availability of the 2022 Canadian Centre for Cyber Security (CCCS) assessment summary report for Amazon Web Services (AWS). This assessment will bring the total to 132 AWS services and features assessed in the Canada (Central) AWS Region, including 12 additional AWS services. A copy of the summary …
- Establishing a data perimeter on AWS: Allow only trusted identities to access company data — As described in an earlier blog post, Establishing a data perimeter on AWS, Amazon Web Services (AWS) offers a set of capabilities you can use to implement a data perimeter to help prevent unintended access. One type of unintended access that companies want to prevent is access to corporate data …
- AWS Security Profile: Sarah Currey, Delivery Practice Manager — In the weeks leading up to AWS re:invent 2022, I’ll share conversations I’ve had with some of the humans who work in AWS Security who will be presenting at the conference, and get a sneak peek at their work and sessions. In this profile, I interviewed Sarah Currey, Delivery Practice …
🍛 Reddit threads on r/aws
- AWS Region now open in Hyderabad
- Introducing Finch: An Open Source Client for Container Development
- AWS pre:Invent 2022 - interesting announcements so far leading up to re:Invent — pre:Invent is the time before AWS re:Invent that always brings a ton of AWS announcements you might miss. We've counted 310 of them so far! The following post provides a rundown on 36 of the most interesting ones. https://steampipe.io/blog/pre-invent-2022
- Introducing payload-based message filtering for Amazon SNS
📌 Newsletters
📌 Top Links from Security Folks
- A Confused Deputy Vulnerability in AWS AppSync | Datadog Security Labs — Public disclosure of a cross-account security vulnerability in AWS AppSync.
📌 "AWS Security" on Google News
🧁 IAM permission changes
- quicksight: 3 new actions, 1 new resource | 1 updated action — 3 new actions: DeleteAccountSubscription (Grants permission to delete a QuickSight account), SearchDataSets (Grants permission to search for a sub-set of QuickSight DatSets), SearchDataSources (Grants permission to search for a sub-set of QuickSight Data Sources); 1 new resource: topic; 1 updated action: GenerateEmbedUrlForAnonymousUser (resources)
- connect: 1 new action, 1 new condition — 1 new action: MonitorContact (Grants permission to monitor an ongoing contact); 1 new condition: connect:MonitorCapabilities (Filters access by restricting the monitor capabilities of the user in the request)
- appflow: 1 new action | 1 updated action — 1 new action: UpdateConnectorRegistration (Grants permission to update a registered connector configured in Amazon AppFlow); 1 updated action: DescribeFlow (resources)
🍪 API changes
- Amazon Managed Grafana - 2 new 6 updated methods — This release includes support for configuring a Grafana workspace to connect to a datasource within a VPC as well as new APIs for configuring Grafana settings.
- Amazon Recycle Bin - 2 new 4 updated methods — This release adds support for Rule Lock for Recycle Bin, which allows you to lock retention rules so that they can no longer be modified or deleted.
- Amazon Appflow - 3 updated methods — Adding support for Amazon AppFlow to transfer the data to Amazon Redshift databases through Amazon Redshift Data API service. This feature will support the Redshift destination connector on both public and private accessible Amazon Redshift Clusters and Amazon Redshift Serverless.
- Amazon Kinesis Analytics - 6 updated methods — Support for Apache Flink 1.15 in Kinesis Data Analytics.
📺 AWS security bulletins
- Reported AWS AppSync Issue — Initial Publication Date: 2022/11/21 10:00AM EST A security researcher recently disclosed a case-sensitivity parsing issue within AWS AppSync, which could potentially be used to bypass the service’s cross-account role usage validations and take action as the service across customer accounts. No customers were affected by this issue, and no customer …
