This issue is sponsored by Invary. Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE.

This week TLDR i.e. 1 minute version (For executives):

1. Amazon WorkMail now supports Audit Logging.

2. AWS Secrets Manager announces support for Amazon Redshift Serverless data warehouse.

3. Amazon Kinesis Data Streams launches cross-account access with AWS Lambda in AWS GovCloud (US).

4. Amazon EMR Serverless achieves FedRAMP Moderate compliance.

5. Amazon DynamoDB now supports resource-based policies.

Trending in Cloud & Cyber Security (Security Blogs, articles, news, advisories etc):

1. AWS Security Blogs & Bulletins:

   • Migrate your Windows PKI from Microsoft Active Directory Certificate Services to AWS Private CA Connector for Active Directory. Link.

   • Securing generative AI: Applying relevant security controls. Link.

   • Simplify cross-account access control with Amazon DynamoDB using resource-based policies. Link.

2. General security blogs, articles & reports:

   • Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect by Mandiant. Link.

3. Trending on the news & advisories:

   • CISA, FBI, and MS-ISAC Release Update to Joint Guidance on Distributed Denial-of-Service Techniques. Link.

   • PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders. Link.

   • Google security- Vulnerability Reward Program: 2023 Year in Review. Link.

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. Amazon WorkMail now offers Audit Logging functionality, enabling users to gain insights into their mailbox access behaviors- including logs for authentication, access control, and mailbox access via Amazon CloudWatch Logs, Amazon S3, and Amazon Data Firehose. Additionally, CloudWatch will furnish new mailbox metrics for WorkMail organizations. This feature empowers administrators to investigate instances where users encountered issues accessing their mailbox, pinpoint the IP addresses associated with specific mailbox accesses, and identify actions such as moving or deleting mailbox data. Administrators can establish alarms to notify them when authentication or access failures surpass predetermined thresholds, as well as tailor processing for the logs, which are delivered as JSON records. Link. For example, I set up a rule to send the logs to CloudWatch log group:

   

   Below is my sample log from the CloudWatch log group:

   

2. AWS Secrets Manager now allows you to to generate and rotate credentials for Amazon Redshift Serverless- making it easier to establish and automate credential rotation for their Amazon Redshift Serverless data warehouse. Link. For example, this is my secret manager secrets for the RedShift, with rotation enabled using a Lambda function:

   

3. In the AWS GovCloud (US) regions, Amazon Kinesis Data Streams now supports resource-based policies. This enables you to, for example, process data ingested into a stream in one account using an AWS Lambda function in another account. For example, this is my sample resource policy for my lab environment for a cross-account principal:

   

4. Amazon EMR Serverless has expanded its coverage to include FedRAMP Moderate compliance in the US East (Ohio), US East (N. Virginia), US West (N. California), and US West (Oregon) Regions. This means that you can utilize EMR Serverless to execute Apache Spark and Hive workloads while adhering to FedRAMP Moderate standards. Link.

5. Amazon DynamoDB has introduced support for resource-based policies, aiming to streamline access control for your DynamoDB resources. Through resource-based policies, you gain the ability to specify Identity and Access Management (IAM) principals and define their permitted actions on a resource. These policies can be attached to either a DynamoDB table or a stream. When attaching a resource-based policy to a table, you can encompass access permissions for its indexes. Similarly, attaching such a policy to a stream allows for access permissions specific to the stream. Furthermore, resource-based policies facilitate the simplification of cross-account access control, enabling the sharing of resources with IAM principals across different AWS accounts. Link. For example, this is my basic (not hardened) resource policy for the DynamoDB table: