This issue is sponsored by Wiz- The #1 Cloud Security Platform. Co-sponsor: Invary.

This week TLDR i.e. 1 minutes version (For executives):

1. AWS AppConfig now supports AWS PrivateLink.

2. AWS CloudShell has migrated to Amazon Linux 2023 (AL2023).

3. Amazon Athena now supports user identities for data access and audit

4. Amazon RDS for MariaDB supports minors 10.11.6, 10.6.16, 10.5.23, 10.4.32.

5. Amazon EBS launches AWS CloudFormation support for Block Public Access for EBS Snapshots.

6. Amazon DevOps Guru achieves FedRAMP Moderate compliance.

7. AWS Lambda adds support for Python 3.12.

8. AWS Systems Manager Fleet Manager now facilitates EBS volume management.

Trending in Cloud & Cyber Security (News, Blogs, Tweets etc):

1. AWS Security Blogs, Science & Bulletins:

   • Governance at scale: Enforce permissions and compliance by using policy as code. Link.

   • Four use cases for GuardDuty Malware Protection On-demand malware scan. Link.

2. Blog by Luke Jennings on - ‘Okta jacking- Making Okta do keylogging for you’. Link.

3. Microsoft Hires New CISO. Link.

4. Super interesting blog - ‘Inside the AI chip race: How a pivotal happy hour changed Amazon’s strategy in the cloud’- By Todd Bishop. Link.

5. AWS Serverless Hero Aidan W Steele via X on express S3 buckets. You can find Aidan’s blogs HERE.

   

6. Cloud Security Historian & researcher Scott Piper updated on one of the tweets (we shared on one of our prior issues) regarding S3 access logs. You can find Scott’s blogs HERE.

   

7. Disgruntled Cloud Engineer sentenced to prison for intentionally damaging former employer’s computer network. Link.

8. Apple announces iMessage contact Key Verification. Link.

9. The Australian Signals Directorate (ASD) Strategies to Mitigate Cyber Security Incidents (Essential Eight). Link. (I liked this one).

10. MongoDB is investigating a security incident. Link.

11. HackerOne reported & fixed Server Side Request Forgery (SSRF) vulnerability report. Link. (This is from last month but I am posting this for awareness on importance of enforcing iMDSV2). (Credits to Rami McCarthy for notyfing on this news. You can find Rami’s blogs HERE for rich contents).

12. Do checkout- TowardsAWS- a global community of Cloud people who are learning and building things together in the cloud (→ X or Twitter) page. (I am a follower & subscriber).

This week Long i.e. 5-10 minutes version (For architects & engineers):

1. AWS AppConfig now supports AWS PrivateLink, which allows leveraging feature flags and dynamic configuration from Amazon VPC without traversing the public internet. Link.

   

2. AWS CloudShell, previously based on Amazon Linux 2 (AL2), has migrated to Amazon Linux 2023 (AL2023). You can continue to use your existing CloudShell environment with all its pre-installed tools. In AL2023, Python 2 is no longer shipped with CloudShell environment. Link. The key differences between AL2 and AL2023 are HERE. Here’s my CloudShell release details sample:

   

3. Amazon Athena has incorporated support for trusted identity propagation through AWS IAM Identity Center, enabling the effective management and auditing of data and resource access according to user identity. This enhanced feature facilitates the seamless transfer of identity information between linked business intelligence and data analytics applications. Link. (Note: You cannot change the authentication after the workgroup is created.) Here’s my sample workgroup:

   

4. Amazon RDS for MariaDB supports minors 10.11.6, 10.6.16, 10.5.23, 10.4.32. Link. (It’s best practice to upgrade to the latest minor versions for fixing known security vulnerabilities and benefiting from the bug fixes, performance improvements, and new functionality).

   

5. Block Public Access for EBS Snapshots has already been providing an additional layer of security for Amazon EBS Snapshots to help prevent unauthorized access and potential misuse of snapshot data. You can now manage Block Public Access for EBS Snapshots settings for AWS account using AWS CloudFormation templates. Link. Find the CloudFormation reference guide HERE.

6. Amazon DevOps Guru has achieved Federal Risk and Authorization Management Program (FedRAMP) Moderate authorization, approved by the FedRAMP Joint Authorization Board (JAB), for the AWS US East / West Regions. Link.

7. AWS Lambda has expanded its capabilities to enable the development of serverless applications using Python 3.12. Developers can leverage Python 3.12 as both a managed runtime and a container base image, with automatic application of updates by AWS as they are released. Python 3.12 is now compatible with Lambda@Edge, empowering customization of low-latency content delivered via Amazon CloudFront. Additionally, Powertools for AWS Lambda (Python), a developer toolkit designed to implement serverless best practices and enhance developer velocity, fully supports Python 3.12. Link. (Note: The Lambda Python 3.12 runtime is built on the new Amazon Linux 2023 runtime, which provides a significantly smaller deployment footprint than earlier Amazon Linux 2-based runtimes, updated versions of common libraries such as glibc, and a new package manager). For example:

   

8. AWS Systems Manager Fleet Manager introduces a new set of tools designed to simplify on-instance volume management, offering an intuitive GUI-based approach for handling EBS volumes on Windows Instances. With this enhanced Fleet Manager capability, you can easily navigate the volumes attached to an instance, identify volume mount points in the instance file system, access metadata for attached disks, and perform tasks such as mounting and formatting unused EBS volumes. By incorporating EBS volume management commands into Fleet Manager, storage administration becomes more convenient, reducing the necessity to directly connect to instances through SSH or RDP. Furthermore, Fleet Manager provides publicly accessible SSM Documents that automate platform-specific operations like mounting, formatting, and creating partitions. This not only saves time and effort but also offers a more efficient means of managing volumes across the entire server fleet. Link. Check THIS accompanying blog post. (I tried and this is a pretty handy feature).

Main Sponsor 📣

The Critical State of AI in the Cloud & what 200,000+ cloud accounts revealed about the AI surge. In this new Wiz Research report, discover how many organizations are adopting managed AI services and what this could mean for your security teams. Grab your free copy now» HERE.

Co-sponsor 📣

Best,

AJ (Find me in LinkedIn & X & Mastodon). Email: contact@aws-cloudsec.com Want to buy me a coffee? You can do it »HERE«