Issue 47 and 48 of AWS Cloud Security Weekly

(This is just the highlight of Issue 47 and 48 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-47-and-48 << Subscribe to receive the full version in your inbox weekly for free!!).

What happened in AWS CloudSecurity & CyberSecurity last week May 28-June 10, 2024?

• Amazon Verified Permissions has enhanced support for securing Amazon API Gateway APIs by enabling fine-grained access controls using an OpenID Connect (OIDC) compliant identity provider. Developers can now manage access based on user attributes and group memberships without writing any code.
• AWS WAF now lets you choose specific versions of Bot Control and Fraud Control managed rule groups within your web ACLs, providing ability to manage traffic when AWS releases updates to these rule groups. With versioning, you can test new and updated bot and fraud rules before deploying them to production. For example, you can apply a new version of a managed rule group to a staging environment to assess its effectiveness. Then, you can gradually roll out the version in production to monitor its impact closely before fully enabling it. If a new version causes issues, you can quickly revert to the previous version to restore the original behavior. By default, you will be configured to use version 1.0 of the Bot Control and Fraud Control managed rule groups and will continue to receive periodic AWS updates. If you prefer not to receive automatic updates, you can select a specific version and remain on that version until you manually update or it reaches end of life.
• Previously, Amazon Cognito user pools introduced the ability to enrich identity and access tokens with custom attributes through OAuth 2.0 scopes and claims. Now, this functionality has been expanded to include complex custom attributes such as arrays, maps, and JSON objects in both identity and access tokens. This enhancement allows for fine-grained authorization decisions based on these complex custom attributes. The feature supports enhanced personalization and increased access control while simplifying the migration and modernization of your applications to use Amazon Cognito with minimal or no changes.
• You can now enable Route 53 Profiles in the AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions, allowing you to define a standard DNS configuration as a Profile, which may include Route 53 private hosted zone (PHZ) associations, Route 53 Resolver rules, and Route 53 Resolver DNS Firewall rule groups. You can apply this configuration to multiple VPCs in your account. Profiles also help enforce DNS settings for your VPCs, including DNSSEC validations, Resolver reverse DNS lookups, and DNS Firewall failure mode. Additionally, you can share Profiles with AWS accounts in your organization using AWS Resource Access Manager (RAM). Route 53 Profiles streamline the process of associating Route 53 resources and VPC-level DNS settings across VPCs and AWS accounts within a Region, reducing the complexity of managing each resource and setting individually for each VPC.
• AWS Audit Manager has introduced a common control library to streamline automating risk and compliance assessments against enterprise controls. This library allows Governance, Risk, and Compliance (GRC) teams to efficiently map their controls into Audit Manager for evidence collection. The common control library includes predefined and pre-mapped AWS data sources, removing the need to identify specific AWS resources for various controls. It features AWS-managed common controls, determined by extensive mapping and reviews by AWS-certified auditors, to ensure the correct data sources are used for evidence collection. With this launch, Audit Manager also provides additional evidence mappings for controls, including support for 140 new API calls. You can customize and update all evidence mappings to fit your specific objectives.
• Amazon Inspector now provides native integration with Amazon CodeCatalyst and GitHub Actions for container image scanning. This enables customers to assess their container images for software vulnerabilities within their Continuous Integration and Continuous Delivery (CI/CD) tools, enhancing security earlier in the software development lifecycle. With this expansion, Inspector now integrates natively with four developer tools: Jenkins, TeamCity, GitHub Actions, and Amazon CodeCatalyst for container image scanning. This feature is compatible with CI/CD tools hosted on AWS, on-premises, or in hybrid cloud environments, offering developers a consistent solution across all their development pipelines.

Trending on the news & advisories (Subscribe to the newsletter for details):

• AWS new cohort of AWS Heroes.
• HuggingFace- Space secrets leak disclosure.
• Apple to Debut Passwords App in Challenge to 1Password, LastPass.
• FBI announced 7,000 LockBit decryption keys.
• Kali Linux 2024.2 Released.
• BBC- data security incident announcement.
• Cloudflare acquires BastionZero.
• Fortinet to Acquire Lacework.
• Mandiant- UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion.
• Report of New York Times source code leak: