AWS re:Invent 2023 special edition
This issue is sponsored by Invary. Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE. Note: I donate proceeds from the newsletter sponsorship.
This week TLDR i.e. 1 minutes version (For executives):
AWS Secrets Manager announces 99.99% Service Level Agreement.
Amazon EC2 Instance Connect now supports RHEL, CentOS, and macOS.
Data plane API logging for Amazon DynamoDB using AWS CloudTrail is now available in the AWS GovCloud (US) Regions.
AWS Lambda simplifies connectivity to Amazon RDS and RDS Proxy via Lambda console.
Amazon CloudWatch now supports Cross-Account Metrics Insights.
Trending in Cloud & Cyber Security (News, Blogs, Tweets etc):
AWS Security Blogs, Science & Bulletins:
Amazon Re:Invent session. AWS re:Invent 2023 - Amazon S3 security and access control best practices (STG315). YouTube Link.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation for Apple products. CVE-2023-42917 & CVE-2023-42916. Link.
Kali Linux 2023.4 Release (Cloud ARM64, Vagrant Hyper-V & Raspberry Pi 5). Link.
Check out the Cloud Security Lab A Week (SLAW) by Rich Mogull. Link. A new newsletter dedicated to upping your cloud security skills through a weekly series of hands-on labs. Each week Rich releases a short 15-30 minute hands-on lab right into your inbox, with a companion YouTube video and recorded for posterity in a blog post. (I am a subscriber and I recommend it).
Interesting blog- ‘By the same token: How adversaries infiltrate AWS cloud accounts’ by Thomas Gardner and Cody Betsworth. Link.
CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps. Link.
US Senator writes to urge the Department of Justice (DOJ) to permit Apple and Google to inform their customers and the general public about demands for smartphone app notification records. Link.
Research Paper claim- SLAM attack steals sensitive data from AMD, future Intel CPUs. Link.
Meta announced that its rolling out default end-to-end encryption for personal messages and calls on Messenger & Facebook. Link.
Blog- ‘Important trends in Cybersecurity’ by Julien Vehent. Link.
This week Long i.e. 5-10 minutes version (For architects & engineers):
AWS has unveiled a revised SLA for AWS Secrets Manager, ensuring a Monthly Uptime of at least 99.99% in each AWS Region during any monthly billing cycle, using commercially reasonable efforts (referred to as the "Service Commitment"). If AWS Secrets Manager fails to meet this commitment, users may qualify for a Service Credit. Link.
Amazon EC2 Instance Connect (SSH) will now extend its support to Red Hat Enterprise Linux (RHEL), CentOS, and macOS, in addition to its existing compatibility with Amazon Linux and Ubuntu. With EC2 Instance Connect, you can manage SSH access to your instances by utilizing AWS Identity and Access Management (IAM) policies & connection requests can be audited through AWS CloudTrail events. Additionally, you have the flexibility to use your existing SSH keys or enhance security by generating one-time use SSH keys for each authorized user connection. Instance Connect is compatible with any SSH client, and you can effortlessly connect to your instances through a new browser-based SSH interface in the EC2 console. EC2 Instance Connect is pre-installed in Amazon Linux and Ubuntu AMIs, and you have the option to install it on instances launched with supported AMIs.. Link. I tried for RHEL for example:
AWS CloudTrail has introduced support for data plane API logging for DynamoDB tables in the AWS GovCloud (US) Regions. The logging of data-plane API activities, provides the capability to monitor, set alarms, and archive detailed item-level actions within the DynamoDB tables. Link. You can enable the data events from CloudTrail console. For example:
AWS Lambda now has the capability to establish connections between Lambda functions and both Amazon Relational Database Services (Amazon RDS) and Amazon RDS Proxy directly through the Lambda console. Users can utilize a step-by-step workflow to seamlessly link their Lambda function to either a new or existing RDS database instance or RDS proxy. During the setup process, AWS Lambda will also take care of configuring associated network settings automatically, ensuring a secure and scalable connection. Link.
Amazon CloudWatch now supports Metrics Insights in Cross-Account observability to monitor and troubleshoot applications that span multiple accounts within a Region. CloudWatch Metrics Insights is a powerful, high-performance SQL query engine that you can use to query metrics at scale. To get started, you first need to setup CloudWatch cross-account observability. THIS YouTube video explains it well. You can configure it from the CloudWatch settings page. For example:
Thank You for reading! If you enjoyed this newsletter, I’d be grateful if you could forward it to your professional circle.
Thanks for reading AWS Cloud Security Weekly! Subscribe for free to receive new posts and support my work.