Issue 63 of AWS Cloud Security Weekly

(This is just the highlight of Issue 63 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-63 << Subscribe to receive the full version in your inbox weekly for free!!)

What happened in AWS CloudSecurity & CyberSecurity last week September 17- September 24, 2024?

• AWS Directory Service for Managed Microsoft Active Directory (AWS Managed Microsoft AD) now allows you to perform Create, Read, Update, and Delete (CRUD) operations on users and groups via the AWS CLI, APIs, or AWS Management Console. These new APIs enable you to automate the synchronization of users and groups from external identity providers or HR systems, using AWS Lambda or AWS SDK-supported programming languages. Additionally, you can respond more quickly to security incidents. For example, automation can be set up to remove compromised user accounts or revoke their access to privileged security groups. IT administrators can also manage Active Directory users and groups directly from the AWS Management Console, eliminating the need to deploy bastion hosts or open network ports to the internet.
• Amazon Simple Email Service (SES) has introduced a new feature in the Virtual Deliverability Manager (VDM) Advisor, aimed at increasing awareness when complaint rates approach or exceed recommended levels. This feature helps you to monitor the impact of high complaint rates on their sending reputation and pinpoint the specific sending identities responsible for these complaints. It is designed to help take proactive measures before high complaint rates disrupt their email delivery. Previously, you’d have to track complaint rates by mailbox provider, sender identity, or configuration set, requiring manual review to assess risk levels. Now, VDM Advisor automatically monitors complaint rates for feedback Amazon SES receives directly through feedback loops, displaying complaint rates at the sending identity level. The system provides clear warnings through Advisor Recommendations when rates become too high. Additionally, you can receive high complaint rate alerts via EventBridge, enabling notifications through channels like SNS or email to operational teams. This streamlines the detection of complaint rate issues and allows faster response to mitigate potential impacts from mailbox provider actions.
• AWS Lambda now supports Amazon Linux 2023 runtimes in the AWS GovCloud (US) Regions. The supported runtimes include Python 3.12, Node.js 20, Java 21, .NET 8, Ruby 3.3, and Amazon Linux 2023 (provided.al2023). Each runtime is offered both as a managed runtime and as a container base image. Updates for both managed runtimes and container base images will be automatically applied as they become available.
• Amazon EC2 Instance Connect now supports Internet Protocol Version 6 (IPv6). If you are transitioning to IPv6, you can connect to the instances with a single click or command using EC2 Instance Connect over IPv6.
• AWS WorkSpaces WorkSpaces Secure Browser portals announced that you can now use Federal Information Processing Standard (FIPS) 140-3 validated cryptography endpoints. To establish a FIPS-validated connection, simply specify a FIPS endpoint when creating a portal via the AWS Command Line Interface (CLI). FIPS endpoints are available for new portals at no extra cost.
• AWS Systems Manager Quick Setup feature would previously create AWS Identity and Access Management (IAM) roles named AWS-QuickSetup-StackSet-Local-ExecutionRole and AWS-QuickSetup-StackSet-Local-AdministrationRole, which enabled the AWS CloudFormation service to deploy Quick Setup configurations on your behalf. Quick Setup is now able to create new IAM roles which achieve the same goal, but require less permissions and leverage recently released IAM managed policies. If you do not opt into this feature, Quick Setup will continue to use the existing roles for CloudFormation resource deployment.
• AWS has launched Vulnerability Disclosure Program (VDP) via HackerOne.