Issue #96
Monday · December 12, 2022
🥗 AWS security blogs
- AWS achieves GNS Portugal certification for classified information — We continue to expand the scope of our assurance programs at Amazon Web Services (AWS), and we are pleased to announce that our Regions and AWS Edge locations in Europe are now certified by the Portuguese GNS/NSO (National Security Office) at the National Restricted level. This certification demonstrates our ongoing …
- Approaches for authenticating external applications in a machine-to-machine scenario — December 8, 2022: This post has been updated to reflect changes for M2M options with the new service of IAMRA. This blog post was first published November 19, 2013. August 10, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS …
- How to secure your SaaS tenant data in DynamoDB with ABAC and client-side encryption — If you’re a SaaS vendor, you may need to store and process personal and sensitive data for large numbers of customers across different geographies. When processing sensitive data at scale, you have an increased responsibility to secure this data end-to-end. Client-side encryption of data, such as your customers’ contact information, …
- Renewal of AWS CyberGRX assessment to enhance customers’ third-party due diligence process — Amazon Web Services (AWS) is pleased to announce renewal of the AWS CyberGRX cyber risk assessment report. This third-party validated report helps customers perform effective cloud supplier due diligence on AWS and enhances their third-party risk management process. With the increase in adoption of cloud products and services across multiple sectors and industries, AWS has …
🍛 Reddit threads on r/aws
- AWS Account Hacked - But Protected By Yubikey? — My AWS account was hacked the other day, the user logged in, created a quick API key, used that to create a new admin user, then tried to do a bunch of nefarious stuff with that new admin user. The question I have is how the attacker got in under …
- Why are the docs for AWS Cognito useless? — For about a week now I have been trying to configure Spring with Cognito, I have asked a lot of questions just trying to understand what is going on and every guide there is online doesn't work. Everyone's configuration just looks completely different and I genuinely have no idea where …
- Cheapest way to implement a high throughput message queue? — I need to process a data stream of up to 10TB per day (approx. ~1000 messages of 100KB each, per second). SQS charges per API request (so send, receive, and delete separately), so this is approximately 8B requests per month, or 3200 USD. Is there a cheaper way to process …
- What are some interesting things/architectures built using only free tier? — I think this might be an interesting topic to discuss... What are some interesting things/architectures built using only free tier or very minor additional cost?
📌 Newsletters
📌 Top Links from Security Folks
- Stories of reaching Staff-plus engineering roles - StaffEng — Stories of folks reaching Staff Engineer roles.
- StaffEng Security — When I was on my path to Staff, I found tremendous value in the resources available about Staff+ Software Engineering. Despite the relative glut of …
📌 "AWS Security" on Google News
🧁 IAM permission changes
- iottwinmaker: 5 new actions, 1 new resource | 3 updated actions — 5 new actions: CreateSyncJob (Grants permission to create a sync job), DeleteSyncJob (Grants permission to delete a sync job), GetSyncJob (Grants permission to get a sync job), ListSyncJobs (Grants permission to list all sync jobs in a workspace), ListSyncResources (Grants permission to list all sync resources for a sync job); …
- fsx: 1 updated action — 1 updated action: DeleteVolume (dependents)
- amplifyuibuilder: 6 new actions, 1 new resource, 5 new conditions | 2 updated resources, 13 updated actions, 3 updated conditions | 2 removed actions — 6 new actions: CreateForm (Grants permission to create a form), ExportForms (Grants permission to export forms), GetMetadata (Grants permission to get an existing metadata), PutMetadataFlag (Grants permission to put an existing metadata), ResetMetadataFlag (Grants permission to reset an existing metadata), UpdateForm (Grants permission to update a form); 1 new resource: …
🍪 API changes
- Auto Scaling - 3 new 4 updated methods — Adds support for metric math for target tracking scaling policies, saving you the cost and effort of publishing a custom metric to CloudWatch. Also adds support for VPC Lattice by adding the Attach/Detach/DescribeTrafficSources APIs and a new health check type to the CreateAutoScalingGroup API.
- AWS IoT TwinMaker - 5 new 8 updated methods — This release adds the following new features: 1) New APIs for managing a continuous sync of assets and asset models from AWS IoT SiteWise. 2) Support user friendly names for component types (ComponentTypeName) and properties (DisplayName).
- Migration Hub Strategy Recommendations - 1 new 14 updated methods — This release adds known application filtering, server selection for assessments, support for potential recommendations, and indications for configuration and assessment status. For more information, see the AWS Migration Hub documentation at https://docs.aws.amazon.com/migrationhub/index.html
- AWS Cost Explorer Service - 1 updated methods — This release adds the LinkedAccountName field to the GetAnomalies API response under RootCause
