Issue 37 of AWS Cloud Security Weekly

(Summary of Issue 37 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-37)

What happened in AWS CloudSecurity & CyberSecurity last week March 18-25, 2024?

• Amazon WorkMail now offers Audit Logging functionality, enabling users to gain insights into their mailbox access behaviors- including logs for authentication, access control, and mailbox access via Amazon CloudWatch Logs, Amazon S3, and Amazon Data Firehose. Additionally, CloudWatch will furnish new mailbox metrics for WorkMail organizations. This feature empowers administrators to investigate instances where users encountered issues accessing their mailbox, pinpoint the IP addresses associated with specific mailbox accesses, and identify actions such as moving or deleting mailbox data. Administrators can establish alarms to notify them when authentication or access failures surpass predetermined thresholds, as well as tailor processing for the logs, which are delivered as JSON records
• AWS Secrets Manager now allows you to to generate and rotate credentials for Amazon Redshift Serverless- making it easier to establish and automate credential rotation for their Amazon Redshift Serverless data warehouse.
• In the AWS GovCloud (US) regions, Amazon Kinesis Data Streams now supports resource-based policies. This enables you to, for example, process data ingested into a stream in one account using an AWS Lambda function in another account.
• Amazon EMR Serverless has expanded its coverage to include FedRAMP Moderate compliance in the US East (Ohio), US East (N. Virginia), US West (N. California), and US West (Oregon) Regions. This means that you can utilize EMR Serverless to execute Apache Spark and Hive workloads while adhering to FedRAMP Moderate standards.
• Amazon DynamoDB has introduced support for resource-based policies, aiming to streamline access control for your DynamoDB resources. Through resource-based policies, you gain the ability to specify Identity and Access Management (IAM) principals and define their permitted actions on a resource. These policies can be attached to either a DynamoDB table or a stream. When attaching a resource-based policy to a table, you can encompass access permissions for its indexes. Similarly, attaching such a policy to a stream allows for access permissions specific to the stream. Furthermore, resource-based policies facilitate the simplification of cross-account access control, enabling the sharing of resources with IAM principals across different AWS accounts.

Trending on the news & advisories:

• Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect by Mandiant.
• CISA, FBI, and MS-ISAC Release Update to Joint Guidance on Distributed Denial-of-Service Techniques.
• CISA: PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders.
• Google security- Vulnerability Reward Program: 2023 Year in Review. Link.