Skip to main content

Blog

AWS Iam Access Analyzer Now Evaluates S3 Access Point Policies for Unintended Access

May 12, 2020       Ryan DiCrisi       ,         Comments  0

With the endless flood of new products, features and changes from AWS and its surrounding ecosystem, it can be easy to miss an update. Our monthly round up highlights major AWS news, announcements, product updates and behind the scenes changes we think are most relevant.

Discover, Review, and Remediate Unintended Access to S3 Buckets Shared Through S3 Access Points

IAM Access Analyzer evaluation of S3 buckets now includes S3 Access Point policies in addition to bucket policies and access control lists. This will discord S3 buckets that can be accessed publicly or from other accounts or organizations. This tool is available at no additional cost and is in all commercial regions. If you are someone who has a lot of buckets in use, I suggest looking into this so that you can comb through your buckets for unintended access. It can be helpful for making sure that older buckets are properly secured and newer ones going forward are as well. You can read more about IAM Access Analyzer here.

EC2 Image Builder Adds Support for Ubuntu, Fhel, Centos, and SLES

This is a great addition to the EC2 Image Builder service as it allows you to build your images much faster and easier. Adding extremely popular flavors of Linux is great, as not everyone uses Amazon Linux and prefers RHEL, Ubuntu, or different flavors for their environment. Having more options is always a good thing and a welcome addition. If you have never used the Image Builder service, give it a look. You can find more information specifically about the additions here.

Cost Controls for Amazon Redshift Spectrum and Concurrency Scaling

For those managing a large amount of data, this will be a welcome addition to the toolsets that are already available. With these cost controls, you can create daily, weekly, and monthly usage limits, and define actions that Amazon Redshift automatically takes if those limits are reached to maintain your budget and predictability. You can also set up alerts through CloudWatch to send SNS to the administrator and disable further usage.

Setting up limits has also been simplified as you can do so in the console by choosing “Configure Usage limit” in “Actions” menu for the cluster. Doing so will allow you to monitor trends and get alerts related to your usage. If you are managing large amounts of fluctuating data, I would recommend looking into these additions as it could save you money and potential headaches. More information is here.

AWS Lambda Ready Partners

Part of the AWS Service Ready Program, the AWS Lambda Ready Program helps customers find developer tooling solutions validated by AWS serverless experts to integrate with AWS Lambda. Essentially, what this is doing is helping customers build highly available and scalable applications without thinking about servers. A lot of customers are not sure which APN Technology Partner developer tools work best for their application’s deployment, monitoring, and security. This helps those customers get what they need reliably.

I believe this is a great change as it will help bring exposure to those who are experts in the field of serverless. This will be a place backed by Amazon and experts who can vouch for the practices in place to ensure unknowing customers get what they need without having to worry about anything but their application. The exposure this can bring, if implemented well, a lot of good businesses to the foreground.

If you are looking for an AWS Lambda Ready Partner, I suggest reading up on it here.

 

Miscellaneous News:

Amazon RDS Now Supports Mariadb 10.4:

10.4 is the latest MariaDB version release and offers new functionality and enhancements for better performance, reliability, security, and manageability. Keeping Amazon RDS up to date with releases is always a positive thing. You can read more about this here.

Automate Provisioning of Amazon Workspaces Using AWS Lambda:

WorkSpaces which many companies have taken to using. Being able to do provision and de-provision through AWS Lambda greatly simplifies the task at hand and allows companies to use their existing directory group approval workflows to provision WorkSpaces. For more information, click here.

Enhanced DynamoDB Client in the AWS SDK for Java v2:

This will be a great feature for those going serverless as this enhancement module provides a more idiomatic code authoring experience. Being able to integrate applications with Amazon DynamoDB using an adaptive API can allow you to execute database operations directly with the data classes your applications already work with. Definitely worth a read here.

Amazon Redshift Launches RA3.4XLARGE Nodes Managed Storage:

A good addition, though I more than likely will not use something this large, I can see some out there using these. 64 TB of managed storage per node means you can use only what you need but still have the flexibility of more space if needed. Check it out here.

 

Leave a Reply