7/26/2022, 12:00:00 AM ~ 7/27/2022, 12:00:00 AM (UTC)
Recent Announcements
AWS Config conformance packs now provide scores to help you track resource compliance
AWS Config now supports compliance scores as an enhancement to conformance packs. A compliance score is a percentage-based score that helps you quickly discern the level to which your resources are compliant for a set of requirements that are captured within the scope of a conformance pack. A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an AWS account or AWS Region, or across an organization in AWS Organizations.
Introducing the re-Launched AWS Security Competency
We are excited to announce AWS Security Competency has been re-Launched with new consolidated categories to help customers more easily discover AWS Partner solutions validated by AWS. Partners with Security Competency provide solutions to help customers elevate their security in the cloud at any stage in their cloud journey. Of the eight new consolidated categories, six contain a complimentary collection of AWS-validated partner software and services offerings to help customers with their cloud security software tool choices and follow-on implementation and training services: application security, compliance and privacy, data protection, identity and access management, infrastructure protection, threat detection and response.
Introducing specialization categories for the AWS Level 1 MSSP Competency
We are excited to announce specialization categories for the AWS Level 1 MSSP Competency. These six new specialized managed security services for the Level 1 MSSP Competency help customers discover partner solutions validated by AWS security experts to provide 24x7 monitoring and response services that include and extend beyond AWS’s Level 1 Managed Security Services (Level 1 MSS) baseline. AWS introduced the Level 1 MSS baseline detailing ten foundational capabilities for MSSP partners to align their managed services to in August 2021, along with the Level 1 MSSP Competency, establishing an industry-first quality standard for customers to measure their security operations to.
Amazon ECR Public now supports tag listing API for public repositories
Today, Amazon Elastic Container Registry Public (ECR Public) launched API support for listing tags for any repository in ECR Public. Now you can use Docker registry HTTP API v2 to list available tags in any public repository in addition to ECR Public gallery.
AWS Security Hub adds Fortinet and JFrog as integration partners
AWS Security Hub has added two new integration partners to help customers with their cloud security posture monitoring.
Amazon RDS Proxy now supports Amazon RDS for MariaDB running on version 10.3, 10.4 or 10.5
Amazon RDS Proxy, a fully managed, highly available database proxy for Amazon Relational Database Service (RDS), now support for Amazon RDS for MariaDB databases running on major versions 10.3, 10.4, or 10.5. With Amazon RDS Proxy, customers can make applications more scalable, more resilient to database failures, and more secure.
AWS Single Sign-On (AWS SSO) is now AWS IAM Identity Center
AWS Single Sign-On (AWS SSO) is now AWS IAM Identity Center. It is where you create, or connect, your workforce users once and centrally manage their access to multiple AWS accounts and applications. You can create user identities directly in IAM Identity Center, or you can connect your existing identity source, including Microsoft Active Directory and standards-based identity providers, such as Okta Universal Directory or Azure AD. You can choose to manage access just to AWS accounts, just to cloud applications, or to both. Your users can utilize their existing credentials for one-click access to their assigned AWS accounts, AWS applications, like Amazon SageMaker Studio, and other standards-based cloud applications, like Salesforce, Box, and Microsoft 365.
Malware protection now a feature of Amazon GuardDuty
Amazon GuardDuty Malware Protection is now available, in Amazon GuardDuty, to help detect malicious files residing on an instance or container workload running on Amazon Elastic Compute Cloud (Amazon EC2) without deploying security software or agents. Amazon GuardDuty Malware Protection adds file scanning for workloads utilizing Amazon Elastic Block Store (EBS) volumes to detect malware that can be used to compromise resources, modify access permissions, and exfiltrate data. Malicious files that contain trojans, worms, crypto miners, rootkits, bots, and the like can be used to compromise workloads, repurpose resources for malicious use, and gain unauthorized access to data. Existing customers can enable the GuardDuty Malware Protection feature with a single click in the GuardDuty console or through the GuardDuty API. When threats are detected, GuardDuty Malware Protection automatically sends security findings to AWS Security Hub, Amazon EventBridge, and Amazon Detective. These integrations help centralize monitoring for AWS and partner services, automate responses to malware findings, and perform security investigations from the GuardDuty console. With the launch of Amazon GuardDuty Malware Protection there are eight new threat detections:\n
Execution:EC2/MaliciousFile
Execution:ECS/MaliciousFile
Execution:Kubernetes/MaliciousFile
Execution:Container/MaliciousFile
Execution:EC2/SuspiciousFile
Execution:ECS/SuspiciousFile
Execution:Kubernetes/SuspiciousFile
Execution:Container/SuspiciousFile
Announcing AWS Transfer Family support for Applicability Statement 2 (AS2)
AWS Transfer Family now supports the Applicability Statement 2 (AS2) protocol, complementing existing protocol support for SFTP, FTPS, and FTP. Customers across verticals such as healthcare and life sciences, retail, financial services, and insurance that rely on AS2 for exchanging business-critical data can now use AWS Transfer Family’s highly available, scalable, and globally available AS2 endpoints to more cost effectively and securely exchange transactional data with their trading partners. Exchanged data is natively accessible in AWS for processing, analysis, and machine learning, as well as for integrations with business applications running on AWS.
Announcing AWS Marketplace Vendor Insights to help streamline vendor risk assessments (Preview)
AWS Marketplace Vendor Insights helps streamline the complex third-party software risk assessment process by enabling sellers to make security and compliance information available through AWS Marketplace. A unified web-based dashboard gives governance, risk, and compliance (GRC) teams access to security and compliance information, such as data privacy and residency, application security, and access control. The dashboard also provides evidence backed by AWS Config and AWS Audit Manager assessments, external audit reports (such as ISO 27001 and SOC2 Type 2), and software vendor self-assessments. Vendor Insights serves buyers who need help to efficiently validate that third-party software meets their business compliance needs. Vendor Insights also serves sellers who want to showcase their strong security posture, while reducing the operational burden from responding to buyer requests for risk assessment information.
AWS announces AWS Wickr (Preview)
AWS Wickr is an end-to-end encrypted enterprise communication service that allows secure collaboration across messaging, voice and video calling, file sharing, and screen sharing. The service is now in preview. AWS Wickr helps organizations address evolving threats and regulations by combining security and administrative features designed to safeguard sensitive communications, enforce information governance policies, and retain information as required. Encryption takes place locally, on the endpoint. Every call, message, and file is encrypted with a new random key, and no one but intended recipients—not even AWS—can decrypt them.
AWS WAF adds sensitivity levels for SQL injection rule statements
AWS WAF now supports setting sensitivity levels for SQL injection (SQLi) rule statements, giving you greater control over how AWS WAF evaluates requests to your applications for SQLi attacks.
We are pleased to announce a new capability in Amazon Macie that allows for one-click, temporary retrieval of up to 10 examples of sensitive data found in Amazon Simple Storage Service (Amazon S3) by Amazon Macie. This new capability enables you to more easily view and understand which contents of an S3 objects were identified to be sensitive, so you can review, validate, and quickly take action as needed. All sensitive data examples captured with this new capability are encrypted using customer-managed AWS Key Management Service (AWS KMS) keys and are temporarily viewable within the Amazon Macie console after being retrieved.
AWS Security Hub now receives Amazon GuardDuty Malware Protection findings
AWS Security Hub now automatically receives Amazon GuardDuty Malware Protection findings. Amazon GuardDuty Malware Protection delivers agentless detection of malware on your Amazon Elastic Cloud Compute (EC2) instance and container workloads. This integration between Security Hub and GuardDuty expands the centralization and single pane of glass experience in Security Hub by consolidating your malware findings alongside your other security findings, allowing you to more easily search, triage, investigate, and take action on your security findings. GuardDuty Malware Protection findings within Security Hub also contain an investigation link that allows you to quickly dive deeper to investigate the finding in Amazon Detective.
YouTube
AWS Developer Live Show (Japanese)
- Domain-Driven Design Recommendation ~ Linking Models and Codes ~ #AWSDevLiveShow
- Mob Programming Super Introductory Live! ~FizzBuzz Edition~ #AWSDevLiveShow
AWS Black Belt Online Seminar (Japanese)
AWS Blogs
AWS Japan Blog (Japanese)
- [Event Report] DX Seminar for Manufacturing Industries Accelerating Smarter Products with AWS IoT (2022 6/16)
- Enabling Operations and Monitoring for Hybrid Environments - Configuring AWS Systems Manager and Amazon CloudWatch in a Closed Network
AWS News Blog
- New for Amazon GuardDuty – Malware Detection for Amazon EBS Volumes
- Amazon Detective Supports Kubernetes Workloads on Amazon EKS for Security Investigations
AWS Startups Blog
AWS Big Data Blog
Containers
- Using CDK to perform continuous deployments in multi-region Kubernetes environments
- Using Amazon ECS with NVIDIA GPUs to accelerate drug discovery
Front-End Web & Mobile
AWS for Industries
AWS Machine Learning Blog
- Tiny cars and big talent show Canadian policymakers the power of machine learning
- Predict shipment ETA with no-code machine learning using Amazon SageMaker Canvas
AWS Media Blog
Networking & Content Delivery
- Well-Architecting online applications with CloudFront and AWS Global Accelerator
- AWS Cloud WAN and Amazon VPC IPAM with AWS Control Tower
AWS Security Blog
- Welcoming the AWS Customer Incident Response Team
- Scale your workforce access management with AWS IAM Identity Center (previously known as AWS SSO)