Issue #99
Monday · January 02, 2023
🍛 Reddit threads on r/aws
- AWS CIRT announces the release of five publicly available workshops
- Whats the point of IPv6 native subsets if they don't support auto-scaling target groups? — Anyone else know how to get around target groups not supporting IPv6 ec2 instance targets? They only support hardcoded IPv6 addresses, which doesn't really work with EC2 auto scaling and load balancing. https://github.com/aws/containers-roadmap/issues/1653 https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#target-group-ip-address-type " IPv6 target groups only support IP type targets." Kind of posting this for visibility too. …
- Is fargate the right choice for my apps? — With my company we are developing several web applications. We are using fargate clusters to run our applications backends (usually laravel apps). We are using a load balancer to route the traffic to the different containers and the frontends are served by cloudfront. My question is: are fargate clusters the …
- Redirecting to either S3 or API Gateway depending on the endpoint (more details in comment)
📌 Newsletters
📌 Top Links from Security Folks
- Blog | Cloud Cred Harvesting Campaign - Grinch Edition — The Grinch targets Jupyter this Christmas with a cloud cred harvesting campaign.
📌 "AWS Security" on Google News
📌 AWS IP Ranges Updates
- AWS IP Ranges update for 2022-12-16 08:13:06 — Changed by +768 Added 52.219.220.0/23 Added 52.95.191.0/24
- AWS IP Ranges update for 2022-12-16 14:03:09 — No changes to IPs
🧁 IAM permission changes
- iotroborunner: 1 removed resource, 1 removed condition — 1 removed resource: TaggingResource; 1 removed condition: iotroborunner:TaggingResourceTagKey (Filters access by the metadata tag name)
- autoscaling: 1 removed condition — 1 removed condition: autoscaling:TrafficSourceIdentifiers (Filters access based on the identifiers of the traffic sources)
- connect: 1 new action — 1 new action: UpdateParticipantRoleConfig (Grants permission to update participant role configurations associated with a contact)
🍪 API changes
- Amazon EMR - 1 new methods — Added GetClusterSessionCredentials API to allow Amazon SageMaker Studio to connect to EMR on EC2 clusters with runtime roles and AWS Lake Formation-based access control for Apache Spark, Apache Hive, and Presto queries.
- AWS Secrets Manager - 2 updated methods — Added owning service filter, include planned deletion flag, and next rotation date response parameter in ListSecrets.
- Amazon ElastiCache - 15 updated methods — This release allows you to modify the encryption in transit setting, for existing Redis clusters. You can now change the TLS configuration of your Redis clusters without the need to re-build or re-provision the clusters or impact application availability.
- AWS Network Firewall - 3 updated methods — AWS Network Firewall now provides status messages for firewalls to help you troubleshoot when your endpoint fails.
