AWS Identity and Access Management (IAM) Access Analyzer makes it easier to implement least privilege permissions by analyzing resource policies to provide provable security and help you identify unintended public or cross-account access. A recent update allows you to validate public and cross-account access before deploying permissions changes. Now, we are extending policy validation in IAM Access Analyzer by adding over 100 policy checks with actionable recommendations. These checks use static analysis to help you proactively validate your permission policies during policy authoring to set secure and functional permissions. The checks include functional validation like developers might expect from a linter, and go beyond that to evaluate best practices in granting access. These checks analyze your policy and report security warnings, errors, general warnings, and suggestions based on their impact. They provide actionable recommendations that guide you to set secure and functional permissions. For example, IAM Access Analyzer reports a security warning when your policy grants access to pass any role to any service, which is overly permissive. The security warning includes a recommendation that you scope down the permissions to pass specific role(s) instead.
AWS IoT SiteWise Monitor adds support for accessing Monitor portals using AWS Identity and Access Management (IAM) users and roles
AWS IoT SiteWise is a managed service that makes it easy to collect, store, organize and monitor data from industrial equipment at scale to help you make better, data-driven decisions.
AWS Glue DataBrew is now available in Asia Pacific (Seoul), North America (Montreal), and South America (Sao Paulo) AWS Regions
AWS Glue DataBrew, a visual data preparation tool that makes it easy for data analysts and data scientists to clean and normalize data for analytics and machine learning, is now available in the following three additional AWS Regions:
- Asia Pacific (Seoul)
- North America (Montreal)
- South America (Sao Paulo)
Bundle Management APIs now generally available for Amazon WorkSpaces
Amazon WorkSpaces bundle management APIs are now available for customers to perform WorkSpaces bundle operations via command-line interface (CLI). The new set of APIs supports creation, deletion, and image association operations for WorkSpaces bundles. These APIs are intended for use by WorkSpaces administrators who want to automate WorkSpaces management workflows.
Amazon S3 Glacier announces a 40% price reduction for PUT and Lifecycle requests
Amazon S3 is reducing the cost to move data to Amazon S3 Glacier by lowering PUT and Lifecycle request charges by 40% for all AWS Regions. You can use the S3 PUT API to directly store compliance and backup data in S3 Glacier that does not require immediate access. You can also use S3 Lifecycle policies to move data from S3 Standard, S3 Standard-Infrequent Access, or S3 One Zone-Infrequent Access to S3 Glacier to save on storage costs when data becomes rarely accessed.
AWS Config Adds 3 New Config Rules for Amazon Secrets Manager
AWS Config now supports three new AWS Config managed rules to help you verify that your secrets in AWS Secrets Manager are configured in accordance with your organization’s security and compliance requirements. AWS Config records and evaluates configurations of your AWS resources. AWS Config managed rules are predefined rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. AWS Secrets Manager helps easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle.
AWS Cost Anomaly Detection now supports AWS CloudFormation
AWS Cost Anomaly Detection now supports provisioning cost monitors and alert subscriptions via AWS CloudFormation templates . You can now set up Cost Anomaly Detection via JSON or YAML commands, enabling quick, consistent, and scalable configurations across AWS accounts.
Amazon ECS now allows you to execute commands in a container running on Amazon EC2 or AWS Fargate
Amazon Elastic Container Service (Amazon ECS) introduces Amazon ECS Exec – a simple, secure, and auditable way for customers to execute commands in a container running on Amazon Elastic Compute Cloud (Amazon EC2) instances or AWS Fargate. ECS Exec gives you interactive shell or single command access to a running container making it easier to debug issues, diagnose errors, collect one-off dumps and statistics, and interact with processes in the container.
New AWS Solutions Consulting Offer – Virtual Desktop Accelerator
Virtual Desktop Accelerator is an AWS Solutions Consulting Offer delivered via a consulting engagement from RedNight Consulting, an AWS Digital Workplace Competency Partner. Virtual Desktop Accelerator will accelerate your Amazon WorkSpaces deployment and empower you to manage and scale your virtual environment. Customers that request this consulting offer will participate in an engagement that delivers a walkthrough of the critical design elements, help making decisions on features and functions to use, and deployment of Amazon WorkSpaces for your organization.
AWS Elemental MediaTailor introduces Channel Assembly for creating virtual linear OTT channels
Today we are excited to announce Channel Assembly with AWS Elemental MediaTailor. With Channel Assembly, you can create linear channels that are delivered over-the-top (OTT) in a cost-efficient way, even for channels with low viewership. Virtual live streams are created with a low running cost by using existing multi-bitrate encoded and packaged VOD content. You can also easily monetize Channel Assembly linear streams by inserting ad breaks in your programs without having to condition the content with SCTE-35 markers.