DEV Community

Cover image for Issue 38 of AWS Cloud Security Weekly
AJ for AWS Community Builders

Posted on • Originally published at aws-cloudsec.com

2

Issue 38 of AWS Cloud Security Weekly

(Summary of Issue 38 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-38 << Subscribe to receive the full version in your inbox weekly).

What happened in AWS CloudSecurity & CyberSecurity last week March 19-April 1, 2024?

  • AWS Identity and Access Management (IAM) Roles Anywhere credentials can now remain valid for up to 12 hours, allowing you to authenticate any AWS request. Previously, the temporary credentials were valid for only 1 hour, but now it ranges from 15 minutes to 12 hours. The default duration remains at 1 hour, but you can optimize the number of CreateSession requests to IAM Roles Anywhere by extending the validity period as needed.
  • You now have the option to configure all future launches of Amazon EC2 instances in your account to utilize Instance Metadata Service Version 2 (IMDSv2) as the default setting. IMDSv2 represents an enhancement that introduces session-oriented requests, bolstering security measures against unauthorized access to metadata. Previously, to enforce IMDSv2-only access, you had to either utilize the IMDS Amazon Machine Image (AMI) property, configure Instance Metadata Options during instance launch, or employ the ModifyInstanceMetadataOptions API to update instances post-launch.
  • Now, you have the capability to employ both GitLab and GitLab Self Managed as the source provider for your CodeBuild projects. This means you can trigger builds based on modifications made to source code stored within your GitLab repositories.
  • AWS Control Tower customers operating in the AWS GovCloud (US) Regions can now use APIs to programmatically manage controls, perform landing zone operations, and extend governance to organizational units (OUs).
  • AWS has officially launched Amazon GuardDuty EC2 Runtime Monitoring, enhancing threat detection capabilities for EC2 instances during runtime. This feature complements GuardDuty's existing anomaly detection by continuously monitoring VPC Flow Logs, DNS query logs, and AWS CloudTrail management events. With this update, users gain visibility into on-host, OS-level activities, and container-level context for identified threats

Trending on the news & advisories:

  • CISA & RedHat warn of xz-backdoor-CVE-2024-3094.
  • CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate SQL Injection Vulnerabilities.
  • Defense Industrial Base Cybersecurity strategy 2024

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Top comments (0)

Best Practices for Running  Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK cover image

Best Practices for Running Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK

This post discusses the process of migrating a growing WordPress eShop business to AWS using AWS CDK for an easily scalable, high availability architecture. The detailed structure encompasses several pillars: Compute, Storage, Database, Cache, CDN, DNS, Security, and Backup.

Read full post

👋 Kindness is contagious

Engage with a sea of insights in this enlightening article, highly esteemed within the encouraging DEV Community. Programmers of every skill level are invited to participate and enrich our shared knowledge.

A simple "thank you" can uplift someone's spirits. Express your appreciation in the comments section!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found this useful? A brief thank you to the author can mean a lot.

Okay