This article will give you the latest news on AWS security updates, solutions, and other cool stuff published in December 2022. The newest edition of the "AWS Cloud Security Roundup" blog series is now available.
Enjoy this article? Subscribe to receive the latest news about cloud security here 📫
🌏 Regional updates
- AWS Resource Access Manager is now available in the Europe Zurich (eu-central-2), Asia Pacific Hyderabad (ap-south-2), and Europe Spain (eu-south-2) region
- Amazon Cognito is now available in the Europe Milan (eu-south-1) region
- Amazon GuardDuty is now available in the Europe Zurich (eu-central-2) region
- AWS IAM Identity Center is now available in the Africa Cape Town (af-south-1), Asia Pacific Jakarta (ap-southeast-3), and US West N. California (us-west-1) region
- AWS Network Firewall is now available in the Asia Pacific Jakarta (ap-southeast-3) region
🆕 Additional changes
- AWS Firewall Manager enables central deployment and monitoring of FortiGate Cloud-Native Firewall (CNF)
- AWS Network Firewall added additional status messages with detailed information about why a firewall endpoint failed
- AWS IAM Identity Center is FedRAMP High authorized in the AWS GovCloud (US-East & US-West) region
- AWS Secrets Manager now supports managing the Amazon RDS master password and its complete lifecycle including password rotation
- Centrally Manage region opt-in settings in the AWS Organizations console for each of your organization's AWS accounts
📢 Announcement
- Starting in April 2023, Amazon S3 will automatically enable S3 Block Public Access and disable Access Control Lists for all new buckets created via AWS CLI, APIs, SDKs, and AWS CloudFormation
📊 Security Hub
- Widget for the AWS Console Home with a summary of the account's security posture
- Integration with AWS Control Tower to pair detective controls and proactive/preventive controls
- 9 new security controls for AWS Foundational Security Best Practices v1.0.0
- Account.1: Security contact information should be provided for an AWS account
- APIGateway.8: Websocket and HTTP API Gateway routes should specify an authorization type
- APIGateway.9: Access Logging should be enabled for API Gateway V2 Stages
- CloudFront.12: CloudFront distributions should not point to non-existent S3 origins
- CodeBuild.3: CodeBuild S3 logs should be encrypted
- SageMaker.2: SageMaker notebook instances should be launched in a custom VPC
- SageMaker.3: Users should not have root access to SageMaker notebook instances
- EC2.25: EC2 launch templates should not assign public IPs to network interfaces
- WAF.10: AWS WAFv2 web ACL should have at least one rule or rule group
Member discussion