Updated S3, SNS notes (#491)

Graviton.md

@@ -2,7 +2,7 @@
 
 Jump to
 - [AWS services that benefits from AWS Graviton](#aws-services-that-benefits-from-aws-graviton)
-- [Instances Powered by Arm-based AWS Graviton Processors - **Sydney**](#instances-powered-by-arm-based-aws-graviton-processors---sydney)
+- [Instances Powered by Arm-based AWS Graviton Processors - **Sydney** and **Melbourne**](#instances-powered-by-arm-based-aws-graviton-processors---sydney-and-melbourne)
 - [Resources for getting started with AWS Graviton](#resources-for-getting-started-with-aws-graviton)
 
 
@@ -23,7 +23,7 @@ See also [AWS Graviton Fast Start](https://aws.amazon.com/ec2/graviton/fast-star
 
 
 ---
-## Instances Powered by Arm-based AWS Graviton Processors - **Sydney**
+## Instances Powered by Arm-based AWS Graviton Processors - **Sydney** and **Melbourne**
 Source [AWS Graviton](https://aws.amazon.com/ec2/graviton/) and [availability and pricing](https://aws.amazon.com/ec2/pricing/on-demand/) (last checked on 2022-12-22)
 
 | | Instance types | Powered by | SYD | MEL | Built for

S3/README.md

@@ -3,6 +3,8 @@
 Jump to
 - [Useful Libs and Tools](#useful-libs-and-tools)
 - [Useful Articles and Blogs](#useful-articles-and-blogs)
+    - [CloudTrail Events vs. Server Access Logs](#cloudtrail-events-vs-server-access-logs)
+    - [S3 Incident Response](#s3-incident-response)
     - [S3 Access Control](#s3-access-control)
     - [VPC Enpoints](#vpc-enpoints)
     - [Static Websites](#static-websites)
@@ -19,6 +21,41 @@ Jump to
 ---
 ## Useful Articles and Blogs
 
+### CloudTrail Events vs. Server Access Logs
+
+- CloudTrail Events
+    - Logs Delay
+        - Data events: 5 minutes
+        - Management events: 15 minutes
+    - Log Coverage
+        - Bucket operations: covered by default
+        - Object operations: if data events are enabled
+    - Cost
+        - Management events: Free
+        - Data events: Pay according to number of API calls
+    - Log Format
+        - JSON
+- Server Access Log
+    - Logs Delay
+        - A few hours
+    - Log Coverage
+        - The completeness of server loggins is not guaranteed
+    - Cost
+        - Free (only pay for 3 storage of logs)
+    - Log Format
+        - Non-standard, requires normalisation
+    - Lifecycle deletion actions are not caught by CloudTrail data event logs, only Server Access Logs.
+
+
+### S3 Incident Response
+
+- [The Rise of S3 Ransomware: How to Identify and Combat It](https://thehackernews.com/2023/10/the-rise-of-s3-ransomware-how-to.html), The Hacker News, 2023-10-25
+- Related SQL queries from https://github.com/axon-git/threat-hunting
+- Playbook and workshop from AWS
+    - https://github.com/aws-samples/aws-customer-playbook-framework/blob/main/docs/Ransom_Response_S3.md
+    - https://catalog.workshops.aws/aws-cirt-ransomware-simulation-and-detection/en-US
+
+
 ### S3 Access Control
 
 - [IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)](https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/), AWS, 2023-07-07

SNS/README.md

@@ -10,5 +10,8 @@ Jump to
 
 - [amazon-sns-python-extended-client-lib](https://github.com/awslabs/amazon-sns-python-extended-client-lib) - Extended Client Library for Python to support payloads up to 2GB
 
+
 ---
 ## Useful Articles and Blogs
+
+- [Mask and redact sensitive data published to Amazon SNS using managed and custom data identifiers](https://aws.amazon.com/blogs/security/mask-and-redact-sensitive-data-published-to-amazon-sns-using-managed-and-custom-data-identifiers/), AWS, 2023-10-25