AWS re:Invent 2022 – Day 1 Recap

Amazon Inspector Now Scans AWS Lambda Functions for Vulnerabilities: Amazon Inspector, a vulnerability management service that continually scans workloads across Amazon Elastic Compute Cloud (Amazon EC2) instances & container images in Amazon Elastic Container Registry (Amazon ECR) now supports scanning AWS Lambda functions and Lambda layers. Customers who had to assess the lambda functions against common vulnerabilities had to use AWS and third-party tools. This increased the complexity of keeping all their workloads secure. As new vulnerabilities can appear at any time, it is very important for the security of your applications that the workloads are continuously monitored and rescanned in near real-time as new vulnerabilities are published.

Protect Sensitive Data with Amazon CloudWatch Logs: Safeguard sensitive data that are ingested by CloudWatch Logs by using CloudWatch Logs data protection policies. When sensitive information is logged, CloudWatch Logs data protection will automatically mask it per your configured policy. This is designed so that none of the downstream services that consume these logs can see the unmasked data. These policies let you audit and mask sensitive log data. If data protection for a log group is enabled, then sensitive data that matches the data identifiers is masked. A user who has the logs Unmask IAM permission can view unmasked data for validation. Each managed data identifier is designed to detect a specific type of sensitive data, such as credit card numbers, AWS secret access keys, or passport numbers for a particular country or region. We can configure it to use these identifiers to analyze logs ingested by the log group and take actions when they are detected.

AWS Backup – Protect and Restore Your CloudFormation Stacks: AWS Backup now supports attaching an AWS CloudFormation stack to the data protection policies for the applications managed using infrastructure as code (IaC). With this, all stateful and stateless components supported by AWS Backup are backed up around the same time. As the application managed with CloudFormation is updated, AWS Backup automatically keeps track of changes and updates the data protection policies for us. This gives users a single recovery point that can be used to recover the application stack or the individual resources and helps to prove compliance with the data protection policies.

Schedule a meeting with our AWS cloud solution experts and accelerate your cloud journey with Idexcel.