βΉοΈ News, Updates & Announcements

aws.amazon.com
Amazon Detective has expanded its capabilities by including Amazon Inspector network reachability and software vulnerability findings alongside Amazon GuardDuty findings, providing combined threats and vulnerabilities to help security analysts prioritize their focus. By automatically collecting findings from various AWS security services, Detective helps increase situational awareness, and its machine learning capabilities assist in faster investigations and identifying the root cause of security issues.

aws.amazon.com
Amazon QuickSight has launched new API capabilities that allow you to automate and accelerate your BI asset deployment and management. With these new APIs, you can get programmatic access to export and import QuickSight assets such as dashboards, analysis, datasets including ingestion schedules, datasources, themes, and VPC configurations across accounts and environments. You can interact with a collection of assets in a lift-and-shift manner for your CI/CD workflows, enable backup and restore, and replicate assets powering automation of workflows and achievement of the desired infrastructure setup with full support for AWS CloudFormation.

aws.amazon.com
AWS has released Amazon Verified Permissions, a service that offers fine-grained authorization and permissions management for application development. The service utilizes Cedar, an open-source language for access control, allowing users to define permissions through easily comprehensible policies. Verified Permissions aids in decoupling permissions from application logic, facilitating the development of more secure applications with centralized policy stores, reusable policy templates, and policy testing.

aws.amazon.com
AWS WAF Fraud Control introduces Account Creation Fraud Prevention, a managed protection that prevents the creation of fake or fraudulent accounts, protecting against activities like phishing attacks and promotional abuse.

aws.amazon.com
AWS Lambda console code editor now includes a read file listing all the environment variables associated with the function, making it easier for developers to discover the variables and reference them in their code. Environment variables are key-value pairs that developers use to extend a function's configuration outside of their code. When referencing the environment variables in their code, developers need the keys.

aws.amazon.com
Amazon EMR now supports the price-capacity-optimized allocation strategy for Amazon EC2 Spot Instances, allowing users to run Spot Instances at a lower price and with a lower interruption rate. Additionally, users can choose from four allocation strategies, including price-capacity-optimized, capacity-optimized, lowest price, and diversified, for the Amazon EC2 Spot instances in their cluster.

aws.amazon.com
Amazon Inspector now offers the ability to export a consolidated Software Bill of Materials (SBOMs) for all monitored resources, providing key information about software supply chain, including software packages and associated vulnerabilities. Users can download the SBOM artifacts and analyze software supply chain trends using Amazon Athena or Amazon QuickSight. This capability is available with a few clicks in the Amazon Inspector console or using Amazon Inspector APIs, and it is offered at no additional cost.
π Stories, Tutorials & Articles

aws.amazon.com
Fine-tuning large language models (LLMs) using Amazon SageMaker notebooks provides improved performance on domain-specific tasks. The use of Hugging Face's parameter-efficient fine-tuning (PEFT) library and quantization techniques through
bitsandbytes allows for interactive fine-tuning of extremely large models using a single notebook instance, such as Falcon-40B on a ml.g5.12xlarge instance.

aws.amazon.com
The header remapping feature in Amazon API Gateway was removed as of June 14, 2023, due to an issue reported by Omegapoint. This feature allowed customers to overwrite header values, potentially leading to unintended access. Additionally, the caching behavior for authorization policies was adjusted to prevent misbehaving clients from bypassing expected authorization.

aws.amazon.com
AWS customers can now use Amazon Cognito and Amazon Verified Permissions together to add fine-grained authorization to their applications. Verified Permissions allows you to write policies for fine-grained access control and evaluate them based on the context of an access request, using attributes from Amazon Cognito tokens to represent the principal and their entitlements.

www.infoq.com
Azure, AWS, and Google Cloud offer various resources and services for building event-driven architectures. Each platform has its own messaging services, such as Azure Service Bus, AWS Simple Queue Service (SQS), and Google Cloud Pub/Sub, which allow for reliable message delivery and support different message patterns. Additionally, AWS provides AWS EventBridge, a serverless event bus, while Google Cloud offers EventArc for managing event ingestion and delivery. These platforms also have services like AWS Kinesis, Azure Event Hub, and Amazon MSK, which enable streaming and processing of real-time data.

securityblog.omegapoint.se
Omegapoint identified two potential security issues in AWS API Gateway authorizers. They reported these issues to AWS in November 2022 and January 2023, and AWS implemented mitigations for all customer accounts in May 2023.