AWS Compute Optimizer - 3 new 6 updated methods • Amazon Connect Service - 1 new methods • AWS IoT Core Device Advisor - 1 updated methods • Amazon Relational Database Service - 25 updated methods • 2022 PiTuKri ISAE 3000 Type II attestation report available with 154 services in scope • 2022 FINMA ISAE 3000 Type II attestation report now available with 154 services in scope • AWS CIRT announces the release of five publicly available workshops • Introducing the Security Design of the AWS Nitro System whitepaper • rds: 1 new condition | 6 updated actions • compute-optimizer: 3 new actions • sso: 1 new action • A big thank you to <a href="https://twitter.com/awscloud" target="_blank">@awscloud</a> for their generous sponsorship. Open source software is an amazing multiplier of help in the community and it's great to have this support ❤️ • Some personal news - we’re engaged 💍🥰 • Got a pony for Christmas!!! Pickles has a brother! Meet Milo! • Very quiet today at AWS HQ, everyone is working from home! • From Tokyo Disneyland, Merry Christmas everyone! 🎄🎅 • We made it to Leavenworth, WA. <a href="https://twitter.com/abbyfuller" target="_blank">@abbyfuller</a> did the driving (she's Maine-level snow rated). Quietest we've ever seen the town before Christmas though, I think a lot of people have cancelled their trips. • I would easily pay $100 for my dream AWS Step Functions app. It would be similar to the SFN web console, but also: * Log output from all invoked functions (with ability to search / query my structured logs) * Bubble up info from child executions, without needing lots of tabs • I like what Wiz is sharing with PEACH <a href="https://t.co/SNMUjqdrIU" target="_blank">peach.wiz.io</a> and the intro blog post <a href="https://t.co/qPOOGc13xc" target="_blank">wiz.io/blog/introduci…</a> It looks simple enough to get started, but based on solid experiences • Console only. No SDK support. :( • Created a simple script to create a honeytoken for Azure Key vault with an actual AAD Service Principal. <a href="https://t.co/PWqnLxEoVk" target="_blank">gist.github.com/karimelmel/426…</a> Would it be interesting with a companion blog post on this and some more functionality, such as creating detections and keeping track of tokens++? • Amazon RDS announces integration with AWS Secrets Manager • AWS graviton t4g.small is again free until the end of next year! • Happy Holidays AWS people • What's the point of paying for CodeCommit when BitBucket/GitHub have free, private repos? • Skyhigh Security Achieves AWS Security Competency Status - Business Wire • Top AWS Logging Challenges According to 250+ Security Practitioners - CPO Magazine • AWS IP Ranges update for 2022-12-13 14:03:10 • AWS IP Ranges update for 2022-12-13 14:33:08

ASD Logo

26
Monday December, 2022

In a nutshell

As we end 2022, I want to thank all 1460+ readers for following this weekly newsletter.

Want to recognize my work on this Digest? You can:

  • Forward this newsletter to a friend, colleague, or family
  • Follow and retweet the associated Twitter account

Cheers, and happy holidays!

Dec 25

@vito Check out day 10
https://infosec.exchange/@christophetd/109491506163807997
you are looking for "IAM Roles for Service Accounts"

Dec 24

🗓️ December 24th

Together with @houston and @rami we wrote an analysis of over 50 publicly disclosed cloud breaches of 2022!

https://securitylabs.datadoghq.com/articles/public-cloud-breaches-2022-mccarthy-hopkins/

Merry Christmas to everyone who celebrates it!

AWS Compute Optimizer - 3 new 6 updated methods
Dec 22
This release enables AWS Compute Optimizer to analyze and generate optimization recommendations for ecs services running on Fargate.
Amazon Connect Service - 1 new methods
Dec 22
Amazon Connect Chat introduces the Idle Participant/Autodisconnect feature, which allows users to set timeouts relating to the activity of chat participants, using the new UpdateParticipantRoleConfig API.
AWS IoT Core Device Advisor - 1 updated methods
Dec 22
This release adds the following new features: 1) Documentation updates for IoT Device Advisor APIs. 2) Updated required request parameters for IoT Device Advisor APIs. 3) Added new service feature: ability to provide the test endpoint when customer executing the StartSuiteRun API.
Amazon Relational Database Service - 25 updated methods
Dec 22
Add support for managing master user password in AWS Secrets Manager for the DBInstance and DBCluster.
2022 PiTuKri ISAE 3000 Type II attestation report available with 154 services in scope
Daniel FuertesDec 23
Amazon Web Services (AWS) is pleased to announce the second issuance of the Criteria to Assess the Information Security of Cloud Services (PiTuKri) International Standard on Assurance Engagements (ISAE) 3000 Type II attestation report. The scope of the report covers a total of 154 services and 24 global AWS Regions. …
2022 FINMA ISAE 3000 Type II attestation report now available with 154 services in scope
Daniel FuertesDec 23
Amazon Web Services (AWS) is pleased to announce the third issuance of the Swiss Financial Market Supervisory Authority (FINMA) International Standard on Assurance Engagements (ISAE) 3000 Type II attestation report. The scope of the report covers a total of 154 services and 24 global AWS Regions. The latest FINMA ISAE …
AWS CIRT announces the release of five publicly available workshops
Steve de VeraDec 22
Greetings from the AWS Customer Incident Response Team (CIRT)! AWS CIRT is dedicated to supporting customers during active security events on the customer side of the AWS Shared Responsibility Model. Over the past year, AWS CIRT has responded to hundreds of such security events, including the unauthorized use of AWS …
Introducing the Security Design of the AWS Nitro System whitepaper
J.D. BeanDec 19
AWS recently released a whitepaper on the Security Design of the AWS Nitro System. The Nitro System is a combination of purpose-built server designs, data processors, system management components, and specialized firmware that serves as the underlying virtualization technology that powers all Amazon Elastic Compute Cloud (Amazon EC2) instances launched …
rds: 1 new condition | 6 updated actions
Dec 24
1 new condition: rds:ManageMasterUserPassword (Filters access by the value that specifies whether RDS manages master user password in AWS Secrets Manager for the DB instance or cluster); 6 updated actions: CreateDBCluster (dependents, conditions), CreateDBInstance (dependents, conditions), ModifyDBCluster (dependents, conditions), RestoreDBClusterFromS3 (dependents, conditions), RestoreDBInstanceFromS3 (dependents, conditions), ModifyDBInstance (conditions, dependents)
compute-optimizer: 3 new actions
Dec 24
3 new actions: ExportECSServiceRecommendations (Grants permission to export ECS service recommendations to S3 for the provided accounts), GetECSServiceRecommendationProjectedMetrics (Grants permission to get the recommendation projected metrics of the specified ECS service), GetECSServiceRecommendations (Grants permission to get recommendations for the provided ECS services)
sso: 1 new action
Dec 23
1 new action: PutApplicationAssignmentConfiguration (Grants permission to add assignment configurations to an application)
iann0036
Ian Mckay @iann0036

A big thank you to @awscloud for their generous sponsorship. Open source software is an amazing multiplier of help in the community and it's great to have this support ❤️

7Dec 21 · 7:58 AM
bjohnso5y
Brigid Johnson @bjohnso5y

Got a pony for Christmas!!! Pickles has a brother! Meet Milo!

1Dec 19 · 8:02 PM
colmmacc
Colm MacCárthaigh @colmmacc

Very quiet today at AWS HQ, everyone is working from home!

1Dec 20 · 11:02 PM
iann0036
Ian Mckay @iann0036

From Tokyo Disneyland, Merry Christmas everyone! 🎄🎅

1Dec 24 · 2:08 PM
colmmacc
Colm MacCárthaigh @colmmacc

We made it to Leavenworth, WA. @abbyfuller did the driving (she's Maine-level snow rated). Quietest we've ever seen the town before Christmas though, I think a lot of people have cancelled their trips.

0Dec 22 · 12:13 AM
__steele
Aidan W Steele @__steele

I would easily pay $100 for my dream AWS Step Functions app. It would be similar to the SFN web console, but also:

* Log output from all invoked functions (with ability to search / query my structured logs)

* Bubble up info from child executions, without needing lots of tabs

1Dec 21 · 3:10 AM
elrowan
rowan @elrowan

I like what Wiz is sharing with PEACH peach.wiz.io and the intro blog post wiz.io/blog/introduci…

It looks simple enough to get started, but based on solid experiences

4Dec 22 · 1:08 AM
0xdabbad00
Scott Piper @0xdabbad00

Console only. No SDK support. :(

awswhatsnew
What's New on AWS (Unoffical) @awswhatsnew

AWS Organizations console adds support to centrally manage region opt-in settings on AWS accounts

Today, we are enhancing the AWS Organizations console to enable you to centrally view and update the region opt-in settings for your AWS accounts. Wit... aws.amazon.com/about-aws/what…

3Dec 23 · 5:50 PM
karimscloud
Karim El-Melhaoui @karimscloud

Created a simple script to create a honeytoken for Azure Key vault with an actual AAD Service Principal. gist.github.com/karimelmel/426…
Would it be interesting with a companion blog post on this and some more functionality, such as creating detections and keeping track of tokens++?

5Dec 22 · 3:08 PM
Happy Holidays AWS people

Happy holidays to one and all of you beautiful people on here. May your 2023 be filled with less demanding prs and all the time in the world to innovate.

What's the point of paying for CodeCommit when BitBucket/GitHub have free, private repos?

According to this, CodeCommit is only free if you have 5 or less users. Otherwise it is $1 per user per month.

My understanding is that Github and BitBucket have private repos, for free, with no such limitations.

What is the benefit of paying for CodeCommit when I can …