If you’re not sure what it is………AWS re:Invent is a learning conference hosted by Amazon Web Services for the global cloud computing community. The event will feature keynote announcements, training and certification opportunities, access to more than 2,500 technical sessions, a partner expo, after-hours events, and so much more.
Here’s a list of the “Top Ten” AWS Security, Identity and Compliance updates from AWS re:Invent 2019:
1) Amazon Detective – Makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.
2) AWS KMS Asymmetric Keys – Create, manage, and use public/private key pairs to protect your application data using the new APIs via the AWS SDK, for example for digital signing.
3) AWS Managed Rules for WAF – Multiple new features including rules managed by the AWS Threat Research Team, with new rules being added as additional threats are identified.
4) Simplify Access with IAM Attributes and Tags – Use your employees’ existing identity attributes (such as cost center and department) from your directory to implement attribute-based access control to AWS resources to simplify permissions management at scale.
5) IAM Access Analyser – Generate comprehensive findings that identify resources that can be accessed from outside an AWS account, by evaluating resource policies using mathematical logic and inference to determine the possible access paths allowed by the policies.
6) AWS SSO with Azure AD – Enables enterprises that use Azure AD to leverage their existing identity store with AWS Single Sign-On, including automatic synchronization of user identities and groups.
7) Amazon S3 Access Points – Unique hostnames with dedicated access policies that describe how data can be accessed using that endpoint, which allows buckets to have multiple access points and each access point to have its own AWS IAM policy.
8) VPC Ingress Routing – Associate route tables with an internet gateway or virtual private gateway, and redirect Amazon VPC traffic through virtual appliances in your VPC.
9) AWS Nitro Enclaves – Create isolated compute environments to further protect and securely process highly sensitive data within Amazon EC2 instances, including cryptographic attestation for your software as well as integration with AWS KMS.
10) AWS EC2 Graviton2 Instance Memory Encryption – Run cloud native applications securely, and at scale, including always-on 256-bit DRAM encryption and 50% faster per core encryption performance.
Enjoy!
The Cyber Security Specialists team.