Brewing the Best in AWS Security: Top Reads of the Year

As we welcome 2024, I’m excited to share a special post for the AWS Security Digest Newsletter. It’s been a remarkable year, and your engagement has made it even more so. 🔗 I’ve compiled the top 5 most-clicked links from our 2023 editions. These links represent the most intriguing, informative, and impactful topics in AWS Security landscape. 1️⃣ Enabling Just-In-Time (JIT) Access for AWS S3 Buckets 2️⃣ Actionable AWS Security Best Practices [Cheat Sheet] 3️⃣ AWS Security Foundations For Dummies 4️⃣ Bare minimum AWS Security Alerting and Configuration 5️⃣ AWS ImdsPacketAnalyzer 👨‍🍳 Why a Chef?...

December 17, 2023 · 1 min · 199 words · zoph

Elevate your AWS Security with basic alerting

As businesses continue to adopt cloud computing and move their operations to the cloud, it’s crucial to ensure the security of their cloud environment. Amazon Web Services (AWS) is the leading cloud platform, but with the ease of use comes the responsibility of securing the data, applications, and services deployed on the cloud. AWS provides a vast array of security services, but it can be challenging to keep track of all the activities and changes happening in your AWS account....

February 12, 2023 · 2 min · 330 words · zoph

The day when the AWS Support got access to your S3 data

Update from: 2021-12-23 Official Security bulletin from AWS AWSSupportServiceRolePolicy Informational Update https://aws.amazon.com/security/security-bulletins/AWS-2021-007/ You will find below details about the security incident that leads to this unattended access for millions of AWS customers. On 22nd December 2021, AWS deployed a new version (v20) of AWSSupportServiceRolePolicy used by a mandatory role: AWSServiceRoleForSupport for AWS Support access to all AWS Accounts. In this policy, they added the action: s3:getObject which gives access to all customer Amazon S3 data by AWS Support teams....

December 22, 2021 · 3 min · 541 words · zoph

Do AWS drinks their own champagne? 🍾

TL;DR: AWS Managed Policies are safe. Currently. :arrows_counterclockwise: Previously in Policy Validation Before AWS Access Analyzer (AA) - Policy Validation release, few open source initiatives were available to lint AWS IAM Policies, like Parliament from Duolabs, CloudSplaining (Salesforce). The tricky part of these tools is that they are community-driven, from volunteer contributors, and most of the master data comes from AWS IAM docs web scrapping. It is difficult to maintain over time, especially if the documentation format is changing, or if the documentation is not in sync with the IAM reality....

April 6, 2021 · 4 min · 802 words · zoph

Keep you posted on AWS Security

Since my last post, on how to deal with information Overload and reading pipeline, I’ve created a free digest newsletter about AWS Security. The goal of this curated AWS Security Digest is to condensate what was happening from last week on the most relevant sources: 🔦 A Highlight of the week 👮 Change since last week on AWS Managed IAM Policies 💌 Curated Cloud Security Newsletters 👀 AWS API changes 🔒 IAM Permissions changes 🆙 Most upvoted posts on r/AWS 🔗 Top shared links on Twitter (by cloudsec folks) 🐦 Most engaged Tweets from the community This is an ongoing side project, so more content will be added over time....

January 22, 2021 · 1 min · 208 words · zoph