Hi there! Thanks for subscribing. This is my very first newsletter. I will appreciate feedbacks and criticisms :)

About me: I am a cloud security professional. I love getting myself updated with the latest news/releases/trends in the cloud security world with a “get-your-hands-dirty” approach. I am passionate about sharing knowledge.

This week (TLDR i.e. 2 minutes version):

1. Amazon DevOps Guru now supports encryption using customer managed keys (CMK). Link

2. Amazon AppFabric- quickly connects SaaS applications across your organization. IT and security teams can then easily manage and secure applications using a standard schema. Link

3. Amazon Athena. You can now query data stored in S3 Glacier storage classes. Link

4. Amazon Linux supports UEFI Secure Boot starting with Amazon Linux 2023 release 2023.1. It requires an AMI with UEFI Secure Boot enabled. Link

5. Amazon S3. Mountpoint for Amazon S3 adds support for creating new files. Link

6. AWS Control Tower achieves FedRAMP High in GovCloud (US) Region. Link

7. AWS Systems Manager Parameter Store increases API throughput limit & now supports up to 10K transactions per second (TPS) for GetParameter and GetParameters APIs, increased from the previous 3,000 TPS limit. Link

8. AWS announces the general availability of support for FIDO2 security keys in the AWS GovCloud. Link

Also on the news:

1. Proton (known for it’s secure encrypted email service) announced Proton Pass- a password manager, available now as a browser extension on most major browsers and iPhone/iPad and Android. I have been using Protonmail for few years now. I have a MacBook (it requires Mac M1 chips or later, didn’t work for intel) for the client. I was able to import passwords from Chrome/Bitwarden but “cards” were not imported. Proton Pass plans to release support for cards in near future.

2. AWS Security Blog: Three ways to accelerate incident response in the cloud: insights from re:Inforce 2023. Link

This week (Long i.e. 5-10 minutes version).

1. DevOps guru & AWS CMK. Setting up was pretty easy. It just required selecting or creating existing customer managed AWS KMS key. To discover the applications and resources in the AWS account, it took me around ~10 minutes but there is an option to scan organizations wide.

   

2. AppFabric. I set up AWS AppFabric to connect with my Okta & Slack. I was able to send logs to Amazon S3 bucket. Pretty straight forward. I used documentation to find client/tenant ID/secrets. Overall, I see a value of this for IT/Security team. This also makes AWS more “sticky” to an organization.

3. Amazon Athena querying S3 Glacier. I set a lifecycle policy in my Organizations trail S3 bucket to send to Glacier class and queried in Athena. Worked fine. This could be useful for retaining logs for compliance reasons while still being able to query when required. Good feature release from AWS.

   

4. Amazon Linux UEFI Secure Boot. UEFI Secure Boot is a feature designed to enhance the security of a computer's boot process. It is a technology implemented in modern computers, particularly those with the Unified Extensible Firmware Interface (UEFI) firmware. When Secure Boot is enabled, the computer's firmware verifies the digital signatures of the bootloader and operating system during the boot process. This verification ensures that only trusted and authorized software components are loaded into memory and executed. In simple terms, it acts as a lock on the boot process, making sure that only verified and trusted software can run on the computer. Secure Boot helps protect against certain types of malware, such as rootkits and bootkits, which can tamper with the boot process and compromise the system's security. By verifying the digital signatures, Secure Boot ensures that the system boots with trusted software and prevents unauthorized or malicious code from running at startup. In summary, UEFI Secure Boot is a security feature that ensures only trusted and authorized software components are loaded during the computer's boot process, helping protect against malware and maintaining the system's integrity.

5. FIDO2 security keys for AWS GovCloud. I was able to use my YubiKey 5C NFC FIPS. This is a good release that many users will welcome, especially in the FedRAMP space.

   

   

6. Mountpoint for Amazon S3 for creating new files. Github Link. Mountpoint for Amazon S3 is optimized for workloads that need high-throughput read and write access to data stored in S3 through a file system interface, but otherwise do not rely on file system features. I followed installation steps on my Amazon Linux 2 and mounted a Amazon S3 bucket and successfully created a file in the filesystem which auto-synced into the Amazon S3 bucket.

   

   

   Thank You for reading! If you enjoyed this newsletter, I’d be grateful if you could forward it to your professional circle.

Best,

AJ