Issue #95
Monday · December 05, 2022
π₯ AWS security blogs
- How to use Amazon Macie to preview sensitive data in S3 buckets β Security teams use Amazon Macie to discover and protect sensitive data, such as names, payment card data, and AWS credentials, in Amazon Simple Storage Service (Amazon S3). When Macie discovers sensitive data, these teams will want to see examples of the actual sensitive data found. Reviewing a sampling of the β¦
- Use Amazon Macie for automatic, continual, and cost-effective discovery of sensitive data in S3 β Customers have an increasing need to collect, store, and process data within their AWS environments for application modernization, reporting, and predictive analytics. AWS Well-Architected security pillar, general data privacy and compliance regulations require that you appropriately identify and secure sensitive information. Knowing where your data is allows you to implement β¦
- Get the best out of Amazon Verified Permissions by using fine-grained authorization methods β With the release of Amazon Verified Permissions, developers of custom applications can implement access control logic based on caller and resource information; group membership, hierarchy, and relationship; and session context, such as device posture, location, time, or method of authentication. With Amazon Verified Permissions, you can focus on building simple β¦
- Deploy AWS Organizations resources by using CloudFormation β AWS recently announced that AWS Organizations now supports AWS CloudFormation. This feature allowsΒ you to create and updateΒ AWS accounts, organizational units (OUs), and policies within your organization by using CloudFormation templates. With this latest integration, you can efficiently codify and automate the deployment of your resources in AWS Organizations. You can β¦
π Reddit threads on r/aws
- Attended AWS reinvent and returned with Covid β How many of you returned home with Covid positive after attending reinvent at Las Vegas? I protected myself with a mask but some how the virus made it to me. Hope rest of you all are feeling ok as I noticed the crowds are equal or bigger than 2019 and β¦
- What are the best tech talks from re:Invent 2022 β Barring the leadership sessions, partner experiences etc; What according to you are the best (technically dense) tech talks from AWS re:Invent 2022? A closer look at AWS Lambda Deep dive into AWS Nitro System Suggestions from other participants A day in the life of a billion requests Peter Desantis keynote β¦
- AWS Lambda SnapStart for Java functions
- New: Amazon VPC Lattice - Simplify Networking for Service-to-Service Communication (Preview)
π Newsletters
π Top Links from Security Folks
- Fine-Grained Authorization β Amazon Verified Permissions β Amazon Web Services β Amazon Verified Permissions provides developers with a centralized fine-grained permissions management and authorization system for custom applications.
- Introducing VPC Lattice β Simplify Networking for Service-to-Service Communication (Preview) | Amazon Web Services β Modern applications are built using modular and distributed components. Each component is a service that implements its own subset of functionalities. To make these services β¦
- Update detected Β· z0ph/MAMIP@fbb2158 β [MAMIP] Monitor AWS Managed IAM Policies Changes . Contribute to z0ph/MAMIP development by creating an account on GitHub.
- A Security Tools Crash Is Coming β An explosion of security startups and the economic climate are colliding and going to result in a train wreck. This post dives deeper in this β¦
π "AWS Security" on Google News
π§ IAM permission changes
- vpc-lattice-svcs: 1 new action, 1 new resource, 8 new conditions β 1 new action: Invoke (Grants permission to invoke a VPC Lattice service); 1 new resource: Service; 8 new conditions: vpc-lattice-svcs:Port (Filters access by the destination port the request is made to), vpc-lattice-svcs:RequestHeader/${HeaderName} (Filters access by a header name-value pair in the request headers), vpc-lattice-svcs:RequestMethod (Filters access by the method of β¦
- drs: 3 new actions | 2 updated actions β 3 new actions: ReverseReplication (Grants permission to reverse replication), StartReplication (Grants permission to start replication), StopReplication (Grants permission to stop replication); 2 updated actions: DescribeRecoveryInstances (dependents), TerminateRecoveryInstances (dependents)
- glue: 22 new actions, 1 new resource | 2 updated actions β 22 new actions: CancelDataQualityRuleRecommendationRun (Grants permission to stop a running Data Quality rule recommendation run), CancelDataQualityRulesetEvaluationRun (Grants permission to stop a running Data Quality ruleset evaluation run), CreateDataQualityRuleset (Grants permission to create a Data Quality ruleset), DeleteDataQualityRuleset (Grants permission to delete a Data Quality ruleset), DeregisterDataPreview (Grants permission to terminate β¦
πͺ API changes
- Firewall Management Service - 4 updated methods β AWS Firewall Manager now supports Fortigate Cloud Native Firewall as a Service as a third-party policy type.
- AWS Elemental MediaConvert - 11 updated methods β The AWS Elemental MediaConvert SDK has added support for configurable ID3 eMSG box attributes and the ability to signal them with InbandEventStream tags in DASH and CMAF outputs.
- Amazon Polly - 7 updated methods β Add language code for Finnish (fi-FI)
- Redshift Serverless - 3 new 9 updated methods β Add Table Level Restore operations for Amazon Redshift Serverless. Add multi-port support for Amazon Redshift Serverless endpoints. Add Tagging support to Snapshots and Recovery Points in Amazon Redshift Serverless.
