Release Date: August 14, 2023
This week TLDR i.e. 2 minutes executive version:
AWS Artifact launches email notifications.
AWS Global Accelerator extends IPv6 support to EC2 endpoints.
Mountpoint for Amazon S3 – Generally Available and Ready for Production Workloads.
AWS Backup announces the preview of logically air-gapped vault.
Amazon Detective enhances visualizations to improve security investigations.
Amazon RDS for MySQL supports new minor versions 5.7.43 and 8.0.34.
Network Load Balancer now supports security groups.
AWS Firewall Manager announces enhancements to optimize AWS WAF web ACL creation in AWS accounts.
PostgreSQL 16 Beta 3 is now available in Amazon RDS Database Preview Environment.
Amazon Relational Database Service (Amazon RDS) for Oracle now supports the July 2023 Release Update (RU) for Oracle Database versions 19c and 21c.
Trending news in Cyber Security:
Android: The first mobile OS system introduced advanced cellular security mitigations which allows users to disable 2G and null-ciphered cellular connectivity support. Link.
AWS released a security bulletin for CVE-2023-20569 - RAS Poisoning - Inception and CVE-2022-40982 - Gather Data Sampling - Downfall. AWS mentioned that the customers’ data & instances are not affected and no customer action is required. Link and Link.
Google Chrome: Starting Chrome 116 a weekly Stable channel updates will be shipped (instead of bi-weekly early) to especially solve patch gap problem for n-day and zero-day flaws. Link.
AWS & project Moq: AWS has withdrawn its association with open source project Moq after the project drew sharp criticism for its quiet addition of data collection features, as first reported by BleepingComputer. Link.
Corey Quinn from Last Week in AWS interviewed CloudFlare’s Founder/CEO Matthew Prince. It was an interesting one where they had a candid conversation around AI, egress, cloud features, competition etc. Highly recommended. Link.
This week Long i.e. 5-10 minutes architect & engineer version:
AWS Artifact: You can now subscribe to notifications and create configurations to get notified when a new report or agreement, or a new version of an existing report or agreement becomes available on AWS Artifact. There is a new “Notification settings” tab in the Artifact console. You’d have to verify your email for signing up.
Mountpoint for Amazon S3 (Git Link) was an alpha release earlier this year and now is generally available. It’s a new open-source file client that makes it easy for Linux-based applications to connect directly to Amazon S3 buckets and access objects using file APIs which is especially designed for large-scale analytics apps that require reading and generating large amounts of S3 data (eg data lake applications) but don’t require the ability to write to the middle of existing objects. Setting was pretty straight forward. I downloaded & installed the package in my Amazon Linux 2. The performance was fast. There was no lag. In the future it will only support sequential writes to new objects. Note that Mountpoint doesn’t offer a full-featured file system interface or POSIX compatibility so for such applications you should still use file systems services like EFS & Amazon FSx. Blog Link.
AWS Backup announced the preview of logically air-gapped vault, a new type of AWS Backup Vault that allows secure sharing of backups across accounts and organizations, supporting direct restore to help reduce recovery time from a data loss event. AWS Backup is a fully managed service that centralizes and automates data protection across AWS services and hybrid workloads. Logically air-gapped vault stores immutable backup copies that are locked by default, and isolated with encryption using AWS owned keys. To enroll in this preview, send a request via email to email@example.com. Blog Link.
Amazon detective released several enhancements to finding groups visualization that help reduce noise and make your security investigations more effective. These enhancements help cut down on the amount of time it takes to identify root cause and affected resources in potential security issues. Link.
Network Load Balancer now supports security groups. Link. You can now see the security group option. If you are using Kubernetes, you can enable security groups on your NLB by using AWS Load Balancer controller version 2.6.0 or later.
AWS Firewall Manager announces enhancements to optimize AWS WAF web ACL creation in AWS accounts. Link.
PostgreSQL 16 Beta 3 is now available in Amazon RDS Database Preview Environment. Link
Thank You for reading! If you enjoyed this newsletter, I’d be grateful if you could forward it to your professional circle.
Thanks for reading AWS Cloud Security Weekly! Subscribe for free to receive new posts and support my work.