Blog
AWS Identity and Access Management (IAM) Introduces New Condition Key for Enhanced Security
With the endless flood of new products, features and changes from AWS and its surrounding ecosystem, it can be easy to miss an update. Our monthly round up highlights major AWS news, announcements, product updates and behind the scenes changes we think are most relevant.
Amazon Athena adds support for querying data in S3 buckets
AWS Identity and Access Management (IAM) has added support for aws: CalledVia, a new condition key, for use with all services that make requests using your credentials.
When you submit a query to Athena that scans data from Amazon S3, Athena reads the required data from S3 to execute your query on your behalf using SSL encryption.
This is a great addition and will make using Athena queries for S3 not just easier, but more secure. Using SSL encryption, the queries will allow sensitive data to remain secure. With everything that has appeared in the news about some companies’ lack of security, adding additional measures is a great way to stay ahead. Additionally, with a large amount of workers being home, security is of even greater importance. Definitely give this a look and read more here.
Amazon EKS adds envelope encryption for secrets with AWS KMS
You can now use AWS Key Management Service (KMS) keys to provide envelope encryptions of Kubernetes secrets stored in Amazon Elastic Kubernetes Service (EKS). This is considered a security best practice for applications that store sensitive data. These Kubernetes secrets allow you to manage sensitive information, such as passwords, docker registry credentials and TLS keys using the Kubernetes API.
Now you can further encrypt Kubernetes secrets with KMS keys that you create or import keys generated from another system to AWS KMS and use them with the cluster without installing or managing additional software.
This additional security will definitely help make sensitive data more secure. Unfortunately, if you are running a Kubernetes version older than 1.13, this will not be available as it is only available on 1.13 and newer. I definitely suggest looking more into this and you can do so here.
Miscellaneous News:
Amazon EKS Now Supports 1.15:
Little to say here other than what the title says. This is just a newer version of EKS being released. Those of you looking to upgrade, here is your upgrade! You can read more about it here.
AWS AppConfig announces integration with Amazon S3:
AWS AppConfig now supports Amazon S3 as a source to store and retrieve application configurations. This will enable AWS customers who use S3 to store application configurations to on board seamlessly with AWS AppConfig by specifying the URL of the configuration stored in their S3 bucket. This is going to be a great service since a lot of people already use S3 to store information. You’ll be able store your configurations and to have AppConfig pull that information will be a lot easier. If this interests you — and it should — read about it here.