This issue is sponsored by Invary. Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE.

This week TLDR i.e. 1 minute version (For executives):

1. AWS Amplify Hosting announces support for custom SSL certificates/TLS.

2. AWS Systems Manager Parameter Store now supports cross-account sharing.

3. AWS Resilience Hub is now PCI compliant.

4. AWS Incident Detection and Response now offers five minute response time for critical incidents.

Trending in Cloud & Cyber Security (Security Blogs, articles, news, advisories etc):

1. AWS Security Blogs & Bulletins:

   • Modern web application authentication and authorization with Amazon VPC Lattice. Link.

2. General security blogs, articles & reports:

   • (Almost) Every infrastructure decision I endorse or regret after 4 years running infrastructure at a startup by Jack L. Link.

   • Pivoting from Microsoft Cloud to On-Premise Machines by Chirag Savla & Raunak Parmar. Link.

   • TruffleHog Now Detects AWS Canaries without setting them off by Truffle security. Link.

   • How to find the AWS Account ID of any S3 Bucket by Sam Cox. Link.

   • The Misleading Encryption State of Amazon Quantum Ledger Database (QLDB) by Jason Kao. Link.

3. Trending on the news & advisories:

   • 1Password acquires Kolide. Link.

   • iMessage with PQ3: The new state of the art in quantum-secure messaging at scale. Link.

   • $15 million Reward Offers for Information on LockBit Leaders and Designating Affiliates. Link.

   • CISA, EPA, and FBI Release Top Cyber Actions for Securing Water Systems. Link.

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. AWS Amplify Hosting now enables support for personalized SSL certificates for custom domains to upload and integrate SSL/TLS certificates into web applications, enhancing adaptability and security. You can leverage certificates from external Certificate Authorities (CAs) or opt for certificates issued by AWS Certificate Manager (ACM), providing enhanced control over domain management and meeting IT compliance requirements. Link. This blog explains it well Link. Here’s the setting from my Amplify app:

   

2. AWS Systems Manager Parameter Store Parameter Store has introduced the capability to share advanced-tier parameters across different AWS accounts, facilitating centralized configuration data management. Parameters, represented as key-value pairs, are accessible in code and various AWS integrations like AWS CloudFormation and Amazon EC2. As organizations often operate workloads in multiple AWS accounts relying on shared configuration data, this update allows for maintaining a unified source of truth. Instead of the manual duplication and synchronization of data across accounts, users can now efficiently share parameters with other accounts requiring access. Link. (Note: You’d have to enable RAM from AWS Organizations and must use AWS Systems Manager advanced tier). For example, I successfully shared my test parameter store using CLI & called it from the other AWS account under the same AWS Organizations:

   

   

3. The AWS Resilience Hub has two service improvements: Payment Card Industry (PCI) certification and the availability of AWS Migration Acceleration Program 2.0 (MAP 2.0). For organizations with PCI requirements, AWS Resilience Hub now offers the capability to evaluate and enhance the resilience of their applications. Utilizing AWS Artifact, you can download reports detailing AWS compliance programs and share them with relevant third parties. Additionally, Resilience Hub is now integrated into MAP 2.0. This AWS program equips customers operating on-premise applications with tools and resources to assess their readiness for migration to the AWS cloud, mobilize necessary resources, and modernize their applications post-migration. With MAP 2.0, customers are now eligible for credits that can be applied towards the usage fees of Resilience Hub. Link.

4. AWS Support introduced a five-minute response time for critical incidents occurring on workloads integrated into AWS Incident Detection and Response. (Note: This service is available to AWS Enterprise Support customers only). Through AWS Incident Detection and Response, AWS team of AWS Incident Management Engineers (IMEs) diligently monitor workloads round the clock. Link. For example, here’s the option in AWS support console: