Blake Jaraczeski
Help Desk Technician
- Report this post
Amazon Web Services (AWS) aims to enhance the security and reliability of its services.The commitment is clear: AWS pledges a Monthly Uptime Percentage of at least 99.99%, known as the "Service Commitment," for AWS Secrets Manager across all AWS Regions.Users can now efficiently retrieve and manage critical secrets, like database credentials and API keys, throughout their lifecycle using this service.Should AWS fall short of the SLA in a billing period, users become eligible for a credit.The assurance of improved security, along with the mysterious Service Credit, deems this announcement a must-read.https://lnkd.in/gCa85ckK#awssecurity #awscloud
To view or add a comment, sign in
More Relevant Posts
-
Cjin Pheow Lee
Practicing Technologist cum Coach
- Report this post
Your secrets are safe and secure with AWS. Now, they are also highly available! Today, AWS announces an updated Service Level Agreement (SLA) for AWS Secrets Manager, which promises a stronger availability commitment. AWS will use commercially reasonable efforts to make AWS Secrets Manager available with a Monthly Uptime Percentage for each AWS Region, during any monthly billing cycle, of at least 99.99%. For the uninitiated, four 9s of availability means about 1 minute of potential downtime per week! Read the blog for full details!https://lnkd.in/gZA3yEtu#secretsmanager #highavailability #aws
23
Like CommentTo view or add a comment, sign in
-
Ravi Sekhar Cherukuri
Head of AWS Monitoring and Console Services
- Report this post
Today, my team introduced a new feature that enables Block Public Access for snapshots without any manual actions. With AWS CloudFormation support, customers can now easily set up BPA whenever they create new accounts or replicate their infrastructure in a new region. Security simplified! https://lnkd.in/gsq4gC3b#AWSSecurity #EBSSnapshots #ebs
31
Like CommentTo view or add a comment, sign in
-
Kawsar K
Senior Solutions Architect at Amazon Web Services (AWS) - ISV
- Report this post
Secrets management is a foundational capability, if my app can't get the database password, it can't possibly do much. AWS Secrets Manager now provides 4 x 9s Service Level Agreement for availability!
13
Like CommentTo view or add a comment, sign in
-
AppSecEngineer
3,983 followers
- Report this post
Dive into the world of AWS IAM Policy Evaluation with our Cloud Security Lead, Rajesh Kanumuru.🔒 Explore how to secure Amazon Web Services (AWS) resources, ensure compliance, and more!Catch the recap video now and boost your AWS security game!https://lnkd.in/dzqhbeEv#AWS #awssecurity #CloudSecurity #IAM
Live Code: AWS IAM Policy Evaluation https://www.youtube.com/
9
Like CommentTo view or add a comment, sign in
-
Naha Shareef P
Cloud Engineer | AWS | Linux | Terraform | Git | Medium Blogger
- Report this post
Dive into AWS IAM Roles in my new blog! Discover how IAM roles streamline access management in Amazon Web Services. Learn about their benefits, step-by-step creation process, and best practices for enhancing AWS security.🔐 #AWS #IAM #CloudSecurity #AccessManagement #IAMroles
Like CommentTo view or add a comment, sign in
-
Chandrapal Badshah
Security Researcher @ Cloud Security Club | DevSecOps, Cloud Security
- Report this post
An AWS resource trusts an IAM role. Then, the IAM role is deleted.Can you privilege escalate by recreating the role? 😈Let me explain a bit more.Let’s say you created a role - probably “SecurityAutomationTempRole”.The ARN looks like: arn:aws:iam::123456789012:role/SecurityAutomationTempRoleYou create an S3 bucket “security-reports-bucket”. Grant the IAM Role access to read and write to the S3 bucket through resource policy. Let’s say you deleted the Role for some reason (maybe your automation didn’t work out).Intuitively, anyone recreating the IAM Role “SecurityAutomationTempRole” will have access to the bucket.Right?Not in AWS.AWS has a security measure.The minute you delete the role, AWS goes ahead and replaces the ARN in the policy to a unique role ID (something like AROAXXXXXXXXXXXXXXXX).AWS does this for roles mentioned in:- IAM trust relationships (trust policies)- Resource-based policies (e.g., S3 bucket policies, KMS key policies)- Any other policies or configurations that granted permissions to the deleted roleAnyone recreating the IAM Role with the same name will not get that unique identifier.Hence, they CANNOT access the bucket!#CloudSecurity #CIEM #awscommunityPS: This happens irrespective of how you created the S3 Bucket - Cloudformation, Terraform, ClickOps, etc. AWS changes the IAM policy. This security measure could cause a drift in your IaC state!PSS: If you want more such Cloud Security nuggets, please repost.
291
14 Comments
Like CommentTo view or add a comment, sign in
-
Tejas - The Cloud Simplifier
- Report this post
Are you worried for an unauthorised request to one or more of your AWS services? If so, read on.A few weeks ago, a user, Maciej reported a significant increase in his private S3 bucket bill. It turned out that his AWS bucket was inadvertently being bombarded with millions of requests. This occurred because a popular open-source tool had a default setting to store backups in S3, and by coincidence, it used the same bucket name as Maciej's.Despite not originating from his account, nor being requested by him, Amazon charged him for these requests, for up to $1300!!According to Maciej, while attempting to access any private S3 bucket, outside of your account, using the CLI, users would receive an AccessDenied error, yet the bucket owner would still incur charges. This was confirmed by AWS support, who stated that S3 indeed charges for unauthorized requests.Maciej delved deeper into the issue and utilized social media platforms such as Twitter and Medium to voice his concerns. His efforts attracted significant attention, prompting AWS to address the matter and commit to finding a resolution.To learn more about Maciej's experience and whether his bill was cancelled or if he was required to pay, as well as any responses from AWS or the open-source tool, please refer to his article https://lnkd.in/gNzJeeZS.Fast-forward to May 13, 2024, AWS announced on their website that users would no longer be charged for requests they did not initiate. For further details, you can read the announcement https://lnkd.in/dMUgYhJ6.---If you find this information helpful, please consider sharing it to benefit other users. Follow me for more insights on AWS.
Like CommentTo view or add a comment, sign in
-
James Morgan
Senior Solutions Architect @ Amazon Web Services (AWS)
- Report this post
Well the AWS blog and whats new messaging will be busy this week. Always a challenge to keep up with during re:Invent. Recently I'd written Terraform modules to help in configuring SecurityHub, as it needed to be configured in each AWS account of an Organization. Somewhat a pain, but the modules helped streamline it all. Well they are now obsolete. https://lnkd.in/g4TD9ukdYou can now deploy and manage SecurityHub configurations from a central delegated account. I love updates like this. So much easier for Security, Platform (or both) teams to operate and govern an AWS Organization. #aws #awscloud
6
1 Comment
Like CommentTo view or add a comment, sign in
-
3,545 followers
- Report this post
AWS Secrets Manager vs. AWS Parameter Store. Which one should you choose for securing passwords, API keys, or database credentials?In this article, Jonathan Davis sheds light on the differences and similarities between Secrets Manager and Parameter Store to help you decide.https://lnkd.in/g8KsmGCA
7
Like CommentTo view or add a comment, sign in
-
Stephen Kuenzli
Simplifying AWS IAM, Founder k9security.io, Author: Effective IAM for AWS, Docker in Action, AWS Community Builder
- Report this post
Need a quick refresher on AWS IAM policy format?This video explains each of the elements found in the AWS IAM security policy format 👇https://lnkd.in/gTRKvAh3 #aws #DevSecOps #cloudsecurity
AWS IAM Policy Format EXPLAINED! https://www.youtube.com/
6
Like CommentTo view or add a comment, sign in
663 followers
- 25 Posts
- 1 Article
View Profile
FollowMore from this author
- An intriguing discovery unfolds as Arctic Wolf Labs reveals "CherryLoader" Blake Jaraczeski 7mo
Explore topics
- Sales
- Marketing
- IT Services
- Business Administration
- HR Management
- Engineering
- Soft Skills
- See All