This week TLDR i.e. 1 minute version (For executives):

1. Amazon Security Lake now supports Internet Protocol Version 6 (IPv6).

2. AWS CDK L2 Construct for Amazon Cognito Identity Pools now generally available.

3. IAM Identity Center extends sessions and TIP management capabilities for customers with Microsoft AD.

4. Amazon Security Lake achieves FedRamp High and Moderate authorization.

Trending in Cloud & Cyber Security:

1. AWS Security Blogs & Bulletins:

   • ML-KEM post-quantum TLS now supported in AWS KMS, ACM, and Secrets Manager. Link.

   • Planning for your IAM Roles Anywhere deployment. Link.

2. General security blogs, articles, reports & trending news/advisories:

   • Path Traversal Vulnerability in AWS SSM Agent's Plugin ID Validation by Elad Beber. Link.

   • Tool: The STS OIDC Driver: request temporary AWS security credentials for an IAM role, using ID tokens, from your OpenID Connect(OIDC) provider. GitHub Link.

   • OH-MY-DC: OIDC Misconfigurations in CI/CD by Aviad Hahami. Link.

   • The Complexity of Detecting Amazon S3 and KMS Ransomware by Jason Kao. Link.

   • Google Threat Intelligence: DPRK IT Workers Expanding in Scope and Scale. Link.

   • Verizon: Hacking call records of million of Americans by Evan Connelly. Link.

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. Amazon Security Lake now supports Internet Protocol version 6 (IPv6) through new dual-stack endpoints. Link. For example, here’s my option:

   

2. AWS has announced the general availability of the AWS Cloud Development Kit (AWS CDK) Level 2 (L2) construct for Amazon Cognito Identity Pools. This new library allows developers to define and deploy Identity Pool resources programmatically using familiar programming languages, simplifying the process of providing users with secure access to AWS services within applications. Link. You can find the details HERE.

3. AWS IAM Identity Center (aka AWS SSO) has enhanced session management and trusted identity propagation (TIP) features for Microsoft Active Directory (AD) as identity source. With this release, if you are integrating Microsoft AD with IAM Identity Center, you can now: (a) set session durations for AWS applications and the AWS access portal, ranging from 15 minutes up to 90 days; (b) view and terminate active user sessions; (c) configure an extended 90-day session specifically for Amazon Q Developer Pro while maintaining shorter durations for other AWS applications; and (d) enable trusted identity propagation (TIP) from business intelligence tools that authenticate users through third-party identity providers to AWS services like Amazon Redshift and Amazon Q Business. Link. (Note: I did not have an active AD to demo this feature)

4. Amazon Security Lake has achieved FedRAMP High authorization in AWS GovCloud (US) Region and FedRAMP Moderate in the US East and US West Regions. Link.

   Subscribe

   Share