Issue 36 of AWS Cloud Security Weekly

(Summary of Issue 36 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-36)

What happened in AWS CloudSecurity & CyberSecurity last week March 11-17, 2024?

• AWS Application Load Balancer (ALB) duration of HTTP client keepalive for communication between clients and the load balancer now supports a duration ranging from 60 seconds to 7 days, through a load balancer attribute, with the default value set to 3600 seconds. The HTTP client keepalive duration dictates the maximum period ALB maintains an HTTP connection with a client before terminating it. This feature empowers users to gracefully end their connections, particularly useful for deployment strategies like Blue/Green or rollbacks, migrating legacy applications, and during the evacuation of Availability Zones using zonal shift with Amazon Route 53 Application Recovery Controller.
• AWS Signer container image signing and verification is now supported in Gov US regions. AWS Signer, a managed signing service, to sign images within registries like Amazon Elastic Container Registry (ECR) ensures the validation of only authorized images being deployed to Amazon Elastic Kubernetes Service (EKS) clusters or being utilized within Amazon Elastic Container Service (ECS) clusters.
• AWS Backup has introduced support for conducting restore testing on Amazon EBS Snapshots Archive. This feature enables automated and regular restore tests on backed-up AWS resources, facilitating enhanced data protection. With this enhancement, AWS Backup users can assess recovery readiness, ensuring preparedness for potential data loss scenarios, and measure restoration job durations for Amazon EBS Snapshots Archive to meet compliance and regulatory standards.
• Amazon Verified Permissions has raised the standard quotas for the IsAuthorized and IsAuthorizedWithToken APIs from 30 to 200 transactions per second (TPS). These APIs allow applications to solicit an authorization verdict. Enhancing the default TPS empowers you to consistently authenticate user activities, aligning with the principles of zero trust.
• AWS Marketplace introduced a service-linked role for AWS Marketplace Resale Authorization, enabling AWS Marketplace sellers such as Independent Software Vendors (ISVs), Consulting Partners, and Channel Partners to exchange and approve resale authorizations.(AWS Note: When you create a service-linked role in the AWS Marketplace Management Portal, AWS Marketplace creates the service-linked role for you.)