6/13/2023, 12:00:00 AM ~ 6/14/2023, 12:00:00 AM (UTC)

Recent Announcements

Amazon Verified Permissions is now generally available

Today, AWS is announcing the general availability of Amazon Verified Permissions, service for fine-grained authorization and permissions management for applications that you build. Verified Permissions uses Cedar, an open-source language for access control, allowing you to define permissions as easy-to-understand policies. Use Verified Permissions to support role - and attribute-based access control in your applications.

EMR on EKS now supports container log rotation for Apache Spark

We’re excited to announce the ability to control container log rotation when running Apache Spark jobs in EMR on EKS. Amazon EMR on EKS enables customers to run open-source big data frameworks such as Apache Spark on Amazon EKS. Customers can now enable container log rotation to avoid excessive log files impacting pod execution.

Amazon Connect now publishes new contact lifecycle events for callbacks

Amazon Connect now provides new contact lifecycle events for callbacks, including when a callback was queued, answered, or disconnected. Contact events can be used to create analytics dashboards to monitor and track contact activity, integrate into workforce management (WFM) solutions to better understand contact center performance, or take follow up actions such as updating your customer databases with a record of the callback attempt. Amazon Connect contact events are published in near real-time via Amazon EventBridge, and can be set up in a couple of clicks by going to the Amazon EventBridge AWS console and creating a new rule.

Amazon Personalize now supports VPC endpoints

Amazon Personalize now supports Amazon Virtual Private Cloud (VPC) endpoints, allowing Amazon Personalize to communicate with your resources on your VPC without going through the open internet. Amazon VPC is a service that you use to launch AWS resources in a private virtual network that you define and manage. To connect your VPC to Amazon Personalize, you define a VPC endpoint for Amazon Personalize. An endpoint is an elastic network interface with a private IP address that serves as an entry point for traffic destined to a supported AWS service. The endpoint provides reliable, scalable connectivity to Amazon Personalize, and doesn’t require an internet gateway or VPN connection. For more information, see What is Amazon VPC in the Amazon VPC User Guide.

Amazon Inspector announces the general availability of Code Scans for AWS Lambda function

Amazon Inspector now supports code scanning of Lambda functions, expanding the existing capability to scan Lambda functions and associated layers for software vulnerabilities in application package dependencies. With this expanded capability, Amazon Inspector now also scans your custom proprietary application code within a Lambda function for code security vulnerabilities such as injection flaws, data leaks, weak cryptography, or missing encryption based on AWS security best practices. Upon detecting code vulnerabilities within the Lambda function or layer, Amazon Inspector generates actionable security findings that provide several details, such as security detector name, impacted code snippets, and remediation suggestions to address vulnerabilities. All findings are aggregated in the Amazon Inspector console and seamlessly routed to AWS Security Hub, and pushed to Amazon EventBridge to automate workflows.

ECR basic scanning now uses version 3 of the Common Vulnerability Scoring System (CVSS) framework

Starting today, Amazon Elastic Container Registry (ECR) basic scanning feature will use Common Vulnerability Scoring System (CVSS) version 3 information when determining the severity for new Common Vulnerabilities and Exposures (CVEs). This enables customers to get the most recent severity information for vulnerabilities in their ECR container images. We use CVSS information to determine the severity of a vulnerability when the upstream distribution source does not have this information.

Amazon CodeGuru Security is now available in preview

Today, AWS announces the preview release of Amazon CodeGuru Security, a static application security testing (SAST) tool that uses Machine Learning to help you identify code vulnerabilities and provide guidance you can use as part of remediation. CodeGuru Security also provides in-context code patches for certain classes of vulnerabilities, helping you reduce the effort required to fix code vulnerabilities.

Well-Architected introduces Profiles

AWS Well-Architected introduces Profiles, which allows customers to tailor their Well-Architected reviews based on their business goals. This feature creates a mechanism for continuous improvement by encouraging customers to review their workloads with certain goals in mind first, and then complete the remaining Well-Architected review questions.

AWS IAM Identity Center now supports automated user provisioning from Google Workspace

Customers can now connect their Google Workspace to AWS IAM Identity Center (successor to AWS Single Sign-On) once and manage access to AWS accounts and applications centrally, in IAM Identity Center. This integration enables end users to sign in using their Google Workspace identity to access all their assigned AWS accounts and applications. The integration helps administrators simplify AWS access management across multiple accounts while maintaining familiar Google Workspace experiences for end users as they sign in. IAM Identity Center and Google Workspace use Google auto-provisioning to securely provision users into IAM Identity Center, saving administrative time.

Amazon Detective extends finding groups to Amazon Inspector

Amazon Detective has expanded finding groups to include Amazon Inspector network reachability and software vulnerability findings alongside Amazon GuardDuty findings. The combined threats and vulnerabilities help security analysts prioritize where they should focus their time by answering questions like “was this EC2 instance compromised because of a software vulnerability?” or “did this GuardDuty finding occur because of unintended network exposure?”

Announcing third-party risk assessments and CSV exports in AWS Audit Manager

Today, AWS Audit Manager announces expanded support for third-party risk assessments with the launch of two new features: a third-party questionnaire and the ability to export evidence as a comma-separated values (CSV) file. Customers can already share custom frameworks with vendors on AWS, so that vendors can create assessments on these frameworks and automatically collect evidence from their environments. Together, these features make it easier for enterprises to customize their third-party vendor risk assessments on AWS.

AWS announces Software Bill of Materials export capability in Amazon Inspector

Amazon Inspector now offers the ability to export a consolidated Software Bill of Materials (SBOMs) for all Amazon Inspector monitored resources across your organization in industry standard formats, including CycloneDx and SPDX. With this new capability, you can use automated and centrally managed SBOMs to gain visibility into key information about your software supply chain. This includes details about software packages used in the resource, along with associated vulnerabilities. After Amazon Inspector exports the SBOMs to an Amazon S3 bucket, you have the option to download the SBOM artifacts and use Amazon Athena or Amazon QuickSight to analyze and visualize software supply chain trends. This capability in Amazon Inspector is available with a few clicks in the Amazon Inspector console or using Amazon Inspector APIs. SBOM exports are offered at no additional cost.

Amazon Rekognition improves face search accuracy with user vectors

Today, AWS launched a new capability that significantly improves face search accuracy by leveraging multiple face images of a user. Currently, Amazon Rekognition allows customers to search users represented by individual face vectors. Face vectors are mathematical representations of faces from images. Now, customers can create user vectors, which aggregate multiple face vectors of the same user. User vectors offer higher face search accuracy with more robust depictions, as they contain varying degrees of lighting, sharpness, pose, appearance, etc.

Announcing the AWS Global Partner Security Initiative

Today, AWS announces the AWS Global Security Initiative which provides Global System Integrators (GSI) partners the opportunity to jointly develop innovative and transformational security and compliance services with AWS, delivering on the promise of actionable security data leveraging the power of Generative AI. This initiative focuses on security services and managed services for multi-cloud enterprises seeking cyber-resilient environments to reduce risk and meet regulatory obligations.

Amazon S3 announces dual-layer server-side encryption for compliance workloads

Customers can now apply two independent layers of server-side encryption to objects in Amazon S3. Dual-layer server-side encryption with keys stored in AWS Key Management Service (DSSE-KMS) is designed to meet National Security Agency CNSSP 15 for FIPS compliance and Data-at-Rest Capability Package (DAR CP) Version 5.0 guidance for two layers of CNSA encryption. Amazon S3 is the only cloud object storage service where customers can apply two layers of encryption at the object level and control the data keys used for both layers. S3 features such as DSSE-KMS are vetted and accepted for use on top-secret workloads, which benefits all customers globally.

AWS Elastic Disaster Recovery now supports VPC configurations recover

AWS Elastic Disaster Recovery (AWS DRS) now allows you to replicate and recover your AWS network components and configurations to maintain the readiness and security of your AWS recovery site. These components includes subnet CIDR, security groups, route tables, Internet gateways, and network ACLs.

Amazon GuardDuty enhances console experience with findings summary view

Today, AWS announces a new summary page in the Amazon GuardDuty console to help you more quickly identify and take action on the highest-priority findings across your AWS environment. The summary page presents trends of findings over time, a breakdown of findings by severity and finding type, and top finding volume resources such as Amazon Elastic Compute Cloud (Amazon EC2) instances, Amazon Simple Storage Service (Amazon S3) buckets, Amazon Relational Database Service (Amazon RDS) databases, AWS Lambda functions, or Amazon Elastic Kubernetes Service (Amazon EKS) clusters. If you are operating in a multi-account environment, the new summary page consolidates findings from across the organization, and helps you to more quickly identify top-impacted accounts.

New AWS built-in partner software automates installation for customers

We are excited to highlight AWS Partner software solutions with AWS built-in, including new infrastructure as code (IaC) that integrates automatically with AWS foundational services to help customers achieve their long-term goals in the cloud. AWS built-in software uses a well-architected Modular Code Repository (MCR) designed to add value to partner software solutions. AWS built-in partner solutions leverage key building blocks called Cloud Foundational Services across multiple domains such as identity, security, and operations.

Skip unavailable clusters during cross-cluster search in Amazon OpenSearch Service

Amazon OpenSearch Service now supports a new ‘skip unavailable’ setting for cross cluster search connections. If skip unavailable is enabled on connections, cross-cluster search ignores any remote cluster that might not available during the search.

Amazon EC2 Instance Connect supports SSH and RDP connectivity without public IP address

With EC2 Instance Connect Endpoint (EIC Endpoint), customers now have SSH and RDP connectivity to their EC2 instances without using public IP addresses. In past, customers assigned public IPs to their EC2 instances for remote connectivity. With EIC Endpoints, customers can have remote connectivity to their instances in private subnets, eliminating the need to use public IPv4 addresses for connectivity.

AWS CloudTrail Lake launches curated dashboards for visualizing top CloudTrail trends

AWS CloudTrail Lake, a managed data lake that lets organizations aggregate, immutably store, and query their audit and security logs for auditing, security investigations and operational troubleshooting, announces the general availability of CloudTrail Lake dashboards. CloudTrail Lake dashboards provide out-of-the-box visibility for top trends from your CloudTrail data directly within the CloudTrail Lake console. It also offers the flexibility to drill down into additional details such as specific user activity for further investigation needs using CloudTrail Lake SQL queries. Auditing and compliance engineers can use the CloudTrail Lake dashboards to track progress of compliance mandates such as migration to TLS 1.2 and beyond. CloudTrail Lake dashboards will help security engineers closely track sensitive user activities such as deletion of trails or repeated access denied errors. Cloud operation engineers can get visibility to issues such as top service throttling errors from the curated dashboard.

Announcing AWS Security Hub automation rules

AWS Security Hub, a cloud security posture management service that performs security best practice checks, aggregates alerts, and facilitates automated remediation, now features a capability to automatically update or suppress findings in near-real time. You can now use automation rules to automatically update various fields in findings, suppress findings, update finding severity and workflow status, add notes, and more.

AWS WAF Fraud Control launches account creation fraud prevention and reduced pricing

AWS WAF Fraud Control announces Account Creation Fraud Prevention, a managed protection for AWS WAF that is designed to prevent creation of fake or fraudulent accounts. Fraudsters use fake accounts to initiate activities, such as abusing promotional and sign-up bonuses, impersonating legitimate users, and carrying out phishing attacks. These activities can lead to several direct or indirect costs such as damaged customer relationships, reputational loss, and exposure to financial fraud. Account Creation Fraud Prevention protects your account sign-up or registration pages by allowing you to continuously monitor requests for anomalous digital activity and automatically block suspicious requests based on request identifiers and behavioral analysis.

AWS Blogs

AWS Japan Blog (Japanese)

AWS News Blog

AWS Open Source Blog

AWS Cloud Operations & Migrations Blog

AWS Big Data Blog

Containers

AWS Database Blog

AWS HPC Blog

AWS Machine Learning Blog

AWS for M&E Blog

AWS Messaging & Targeting Blog

AWS Security Blog

Open Source Project

AWS CLI

Amplify for iOS