Newsletter July 5, 2020

This past week would have been AWS re:Inforce were it not for the Pandemic. I’d expected a few more security-related announcements to drop, but without a keynote deadline I guess AWS is getting these services truly launch-ready (which takes about 6 months as this week we saw two re:Invent announcements finally go GA).

RDS Proxy

RDS Proxy is a managed AWS service that is designed to improve performance of distributed serverless applications talking to RDS databases. It performs connection pooling and managed authentication that Lambda can use, thus preventing a lambda scale-up event from overwhelming the database.

Amazon WorkSpaces

Amazon WorkSpaces is a Desktop as a Service (DaaS) offering that provides a Windows or Linux workstation hosted and managed by AWS in the customer’s VPC. It leverages PCoIP technology (rather than Remote Desktop Protocol) for better screen refresh.

Newsletter June 28, 2020

Welcome to Practical Cloud Security Newsletter for June 28, 2020 This is our first newsletter. Our goal here at Practical Cloud Security is to summarize what a security processional needs to know with regard to AWS Security. Our information should be timely, informative and actionable to security programs of all sizes. Site Updates This week we released updates on the following services: Amazon Honeycode AWS Client VPN AWS Organizations AWS Lambda Amazon Virtual Private Cloud (VPC) Amazon Macie What has Amazon been up to this week?

AWS Client VPN

AWS Client VPN is a OpenVPN service from AWS. It allows anyone with the correct permissions the ability to create a network path into your VPC. While this is typically a good thing, Client VPN can also act as an end-run around the corporate VPN if your VPCs leverage DirectConnect or Site-to-Site VPN. Because it can leverage AWS Active Directory, it can be configured independent of your corporate identity system and provide back doors for third parties and departed employees.

AWS Organizations

Central governance and management across AWS accounts. AWS Organizations provides central billing. It provides several key governance and security controls and should be leveraged by any company with more than one AWS account.

AWS Lambda

AWS Lambda is a function-as-a-service. A Lambda function is a small bit of code, invoked asynchronously or via an API Gateway. Lambda functions require no operating systems or container infrastructure and live for no more than 15 minutes. They are a core component of the concept of “Serverless”.

Amazon Virtual Private Cloud (VPC)

VPCs are a fundamental building block in AWS. VPCs allow you to specify your own IP range. Many AWS Resources must be deployed into a VPC, and VPCs control the network security for those resources. VPCs can be connected to your corporate networks via the use of Direct Connect or VPN, and thus can be a back door path into your enterprise.