AWS Identity and Access Management (IAM) now supports passkey as a second authentication factor to provide easier and more secure sign-ins across your user’s devices. Based on FIDO standards, passkeys use public key cryptography, which enables strong, phishing-resistant authentication that is more secure than passwords. IAM now allows you to secure access to AWS accounts using passkeys for multi-factor authentication (MFA) with support for built-in authenticators, such as Touch ID on Apple MacBooks and Windows Hello facial recognition on PCs. Passkeys can be created with a hardware security key or your chosen passkey provider using your fingerprint, face, or device PIN which can be synced across your devices to sign-in with AWS. This capability extends the existing multi-factor authentication (MFA) functionality to include passkeys as a second factor. Passkey support in IAM is a new feature to help improve MFA usability and recoverability. You can use a range of supported IAM MFA methods, including FIDO-certified security keys to harden access to your AWS accounts.
AWS CloudTrail Lake announces generative AI-powered natural language query generation
New generative AI-powered natural language query generation (preview) enabling you to more easily analyze your AWS activity events in CloudTrail Lake without having to write complex SQL queries. Now you can ask questions in English about your AWS API and user activity, such as “How many errors were logged during the past week for each service and what was the cause of each error?” or “Show me all users who logged in using console yesterday?” and AWS CloudTrail will generate a SQL query, which you can run as is or fine-tune to meet your use case.
Amazon GuardDuty Malware Protection now supports Amazon S3
AWS announces the general availability of Amazon GuardDuty Malware Protection for Amazon S3. This expansion of GuardDuty Malware Protection allows you to scan newly uploaded objects to Amazon S3 buckets for potential malware, viruses, and other suspicious uploads and take action to isolate them before they are ingested into downstream processes. GuardDuty Malware Protection for Amazon S3 is available in all AWS Regions where GuardDuty is available, excluding China Regions and GovCloud (US) Regions.
See below a recap of the rest of the announcements, respective blog links, and an on-the-record quote from Mr. Phil Rodrigues, Global Head of Customer Security Outcomes, AWS.
”Security is our top priority. AWS provides our customers in India with cloud security solutions that allow them to experiment and iterate securely, so they can move quickly and stay secure, especially in this day of generative AI. At AWS re:Inforce, we announced a series of services and features which allow customers to innovate securely with advanced technology including generative AI, enhance their security with more multi-factor authentication options, and more. Our focus is to continually raise the bar for security in the industry by providing the most secure place for builders in India to develop innovative applications.”
Additional Announcements:
AWS re:Inforce: Keynote and All Announcements Recap
AWS’s head of security shares 7 reasons why security will always be Amazon’s top priority
Chris Betz shares his perspective on the 7 reasons why security has always been and will continue to be a top priority for Amazon. These include security being a part of everyone’s job, getting the security basics right, and security as a requirement for innovation among others.
AWS Audit Manager generative AI best practices framework now includes SageMaker
Available Tuesday 6/11, AWS Audit Manager offers a new version of the ‘generative AI best practices framework’ that now provides visibility into customer’s generative AI usage on Amazon SageMaker, in addition to Amazon Bedrock. The AWS framework includes 110 controls across areas such as governance, data security, privacy, incident management, and business continuity planning.
AWS IAM Access Analyzer now offers unused access recommendations for least privilege
AWS Identity and Access Management (IAM) Access Analyzer now offers actionable recommendations to guide you to remediate unused access. Now, you can include step-by-step recommendations provided by IAM Access Analyzer to notify and simplify how developers refine unused permissions.
AWS IAM Access Analyzer now offers policy checks for public and critical resource access
AWS Identity and Access Management (IAM) Access Analyzer now extends custom policy checks to proactively detect non-conformant updates to policies that grant public access or grant access to critical AWS resources ahead of deployments. Security teams can use these checks to streamline their reviews, automatically approving policies that conform with their security standards, and inspecting more deeply when they don’t. Custom policy checks use the power of automated reasoning—security assurance backed by mathematic proof.
AWS Cloud WAN introduces service insertion
AWS Cloud WAN service insertion feature streamlines the integration of network services like firewalls, intrusion detection/prevention systems, and other appliances into your global network. As the network grows, the management overhead does not. AWS Cloud WAN service insertion supports common use cases and architectures, whether customers are inspecting Cloud WAN traffic flowing between VPCs, between AWS Regions, from their on-premises to a VPC, and from their VPCs or on-premises to the internet.
AWS Private CA introduces support for the Simple Certificate Enrollment Protocol (SCEP)
AWS Private Certificate Authority (AWS Private CA) is a highly available, versatile CA that organizations use to issue private certificates for securing their applications and devices