AWS re:Inforce 2023 - Keynote highlights

Security of the Cloud

Security in the Cloud

What are AWS Verified Access?

https://docs.aws.amazon.com/verified-access/latest/ug/what-is-verified-access.html

Announcement: AWS Verified Permissions

Purpose: Manage permissions and fine-grained authorization in applications that you build

References:

· https://aws.amazon.com/blogs/aws/simplify-how-you-manage-authorization-in-your-applications-with-amazon-verified-permissions-now-generally-available/

· https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-verified-permissions-generally-available

· https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/what-is-avp.html

Announcement: Amazon EC2 Instance Connect Endpoint

Purpose: Allows to connect to an instance via SSH or RDP without requiring the instance to have a public IPv4 address

References:

https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-ec2-instance-connect-ssh-rdp-public-ip-address/

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect-Endpoint.html

Announcement: Amazon Inspector Code Scan for Lambda

Purpose: Scans custom proprietary application code within a Lambda function for code security vulnerabilities such as injection flaws, data leaks, weak cryptography, or missing encryption based on AWS security best practices

References:

https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-inspector-code-scans-aws-lambda-function/

https://docs.aws.amazon.com/inspector/latest/user/scanning-lambda.html

Announcement: Amazon Inspector SBOM Export

Purpose: Offers the ability to export a consolidated Software Bill of Materials (SBOMs) for all Amazon Inspector monitored resources across organization in industry standard formats

References:

https://aws.amazon.com/about-aws/whats-new/2023/06/software-bill-materials-export-capability-amazon-inspector/

https://docs.aws.amazon.com/inspector/latest/user/sbom-export.html

Announcement: Amazon CodeGuru Security

Purpose: A static application security testing (SAST) tool that uses Machine Learning to help identify code vulnerabilities and provide guidance to use as part of remediation

Note: This service is currently in preview

References:

https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-codeguru-security-available-preview/

https://docs.aws.amazon.com/codeguru/latest/security-ug/what-is-codeguru-security.html

Announcement: Findings Groups for Amazon Detective

Purpose: Amazon Detective has expanded finding groups to include Amazon Inspector network reachability and software vulnerability findings alongside Amazon GuardDuty findings

References:

https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-detective-finding-groups-amazon-inspector/

https://docs.aws.amazon.com/detective/latest/userguide/groups-about.html

About the Author

Eyal Estrin is a cloud and information security architect, the owner of the blog Security & Cloud 24/7 and the author of the book Cloud Security Handbook, with more than 20 years in the IT industry.
Eyal is an AWS Community Builder since 2020.
You can connect with him on Twitter and LinkedIn.

More content at PlainEnglish.io.

Sign up for our free weekly newsletter. Follow us on Twitter, LinkedIn, YouTube, and Discord.