Last week was the inaugural AWS re:Inforce conference, a two-day conference focused on AWS security architecture best practices. Over 7,000 attendees gathered to hear Stephen Schmidt, VP and CISO at AWS announce the general availability of Security Hub and Control Tower, as well as Amazon’s take on the state of cloud security. Overall, AWS reports that the state of cloud security is strong, and that, “customers regularly tell us that they are better off operating in the cloud than they are in their own data centers on premises, and that is not only from an availability perspective but often from a security perspective as well.”
To stay up-to-date on DevOps automation, CI/CD and IT Modernization, subscribe to our blog here:
It’s important to note that the shared security model still exists, and AWS has announced a host of solutions to help enterprises ensure AWS security best practices across their infrastructure. Announced at re:Inforce, these solutions include:
- GA of AWS Ground Station, which allows users to control satellites and ingest data with a fully managed service.
- The AWS Marketplace Procurement System Integration which allows you to deploy thousands of different software listings directly through your procurement system.
- Updates to AWS Config allowing for remediation with Config Rules. Now users can associate a particular rule and remediation, with an action automatically occurring when the rule is triggered.
- AWS Config has also added support for Amazon API Gateway so you can track changes to an API Gateway or to configurations of the API itself.
- Amazon EBS encryption by default, using your key or a default key -- for free.
- AWS Organizations that can now be used to centrally manage multiple accounts to scale AWS workloads.
In Other AWS News...
- AWS launched VPC Traffic Mirroring, a new feature that operators can use with their existing VPCs to capture and inspect network traffic at scale. The new service allows you to detect network and security anomalies; gain operational insights via network visibility and control; implement compliance and security controls and; better troubleshoot. Amazon describes VPC Traffic Mirroring as a “virtual fiber tap” that gives you direct access to the network packets flowing through your VPC.
- Amazon has announced OpsCenter, a new feature in AWS Systems Manager to help streamline IT Operations. The new feature allows operators to aggregate issues, events and alerts, across services.Thus giving operators a single place to view, investigate, and remediate issues reducing the need to navigate across multiple different AWS services.
- The Flux7 AWS Consulting team was excited to see that Elastic Load Balancing now supports the UDP protocol on Network Load Balancers. Now operators can deploy services that rely on the UDP protocol, (e.g. Authentication and Authorization, Logging, DNS, and IoT,) behind a Network Load Balancer.
- AWS introduced Amazon EC2 Instance Connect. The company reports that it is a new way to control SSH access to EC2 instances using AWS IAM, and improve security with centralized access control; short-lived keys; auditability and; ubiquitous access.
- Last week AWS unveiled that AWS Security Token Service supports AWS PrivateLink in US East (Virginia), US East (Ohio), EU (Ireland), and Asia Pacific (Tokyo) regions. The news means that operators can now route data between their Amazon VPC and Security Token Service entirely within the AWS network. In an announcement, Amazon noted that by using Security Token Service with Amazon VPC endpoints, enterprises can keep credential-related, encrypted communication within the AWS network, helping meet compliance and regulatory requirements.
- Our AWS consultants liked this AWS blog, Configuring user creation workflows with AWS Step Functions and AWS Managed Microsoft AD logs in which author Taka Matsumoto shares how to create and trigger a new user creation workflow in Step S
- We are proud to be named a 2019 Gartner Cool Vendor in Business and IT Services. Read here why Flux7 was chosen.
- Check out our latest customer story. In this article, we share how TN Marketing grew its AWS security best practices with AWS WAF Managed Rules, while also decreasing security management.
To stay updated on the latest Flux7 and industry news, subscribe to our DevOps blog, and follow us on LinkedIn.