diff --git a/Graviton.md b/Graviton.md index 7c638b2c..3544804c 100644 --- a/Graviton.md +++ b/Graviton.md @@ -2,7 +2,7 @@ Jump to - [AWS services that benefits from AWS Graviton](#aws-services-that-benefits-from-aws-graviton) -- [Instances Powered by Arm-based AWS Graviton Processors - **Sydney**](#instances-powered-by-arm-based-aws-graviton-processors---sydney) +- [Instances Powered by Arm-based AWS Graviton Processors - **Sydney** and **Melbourne**](#instances-powered-by-arm-based-aws-graviton-processors---sydney-and-melbourne) - [Resources for getting started with AWS Graviton](#resources-for-getting-started-with-aws-graviton) @@ -23,7 +23,7 @@ See also [AWS Graviton Fast Start](https://aws.amazon.com/ec2/graviton/fast-star --- -## Instances Powered by Arm-based AWS Graviton Processors - **Sydney** +## Instances Powered by Arm-based AWS Graviton Processors - **Sydney** and **Melbourne** Source [AWS Graviton](https://aws.amazon.com/ec2/graviton/) and [availability and pricing](https://aws.amazon.com/ec2/pricing/on-demand/) (last checked on 2022-12-22) | | Instance types | Powered by | SYD | MEL | Built for diff --git a/S3/README.md b/S3/README.md index d0fc9e0a..ef85be98 100644 --- a/S3/README.md +++ b/S3/README.md @@ -3,6 +3,8 @@ Jump to - [Useful Libs and Tools](#useful-libs-and-tools) - [Useful Articles and Blogs](#useful-articles-and-blogs) + - [CloudTrail Events vs. Server Access Logs](#cloudtrail-events-vs-server-access-logs) + - [S3 Incident Response](#s3-incident-response) - [S3 Access Control](#s3-access-control) - [VPC Enpoints](#vpc-enpoints) - [Static Websites](#static-websites) @@ -19,6 +21,41 @@ Jump to --- ## Useful Articles and Blogs +### CloudTrail Events vs. Server Access Logs + +- CloudTrail Events + - Logs Delay + - Data events: 5 minutes + - Management events: 15 minutes + - Log Coverage + - Bucket operations: covered by default + - Object operations: if data events are enabled + - Cost + - Management events: Free + - Data events: Pay according to number of API calls + - Log Format + - JSON +- Server Access Log + - Logs Delay + - A few hours + - Log Coverage + - The completeness of server loggins is not guaranteed + - Cost + - Free (only pay for 3 storage of logs) + - Log Format + - Non-standard, requires normalisation + - Lifecycle deletion actions are not caught by CloudTrail data event logs, only Server Access Logs. + + +### S3 Incident Response + +- [The Rise of S3 Ransomware: How to Identify and Combat It](https://thehackernews.com/2023/10/the-rise-of-s3-ransomware-how-to.html), The Hacker News, 2023-10-25 +- Related SQL queries from https://github.com/axon-git/threat-hunting +- Playbook and workshop from AWS + - https://github.com/aws-samples/aws-customer-playbook-framework/blob/main/docs/Ransom_Response_S3.md + - https://catalog.workshops.aws/aws-cirt-ransomware-simulation-and-detection/en-US + + ### S3 Access Control - [IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)](https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/), AWS, 2023-07-07 diff --git a/SNS/README.md b/SNS/README.md index 7d9fdd84..64a63c58 100644 --- a/SNS/README.md +++ b/SNS/README.md @@ -10,5 +10,8 @@ Jump to - [amazon-sns-python-extended-client-lib](https://github.com/awslabs/amazon-sns-python-extended-client-lib) - Extended Client Library for Python to support payloads up to 2GB + --- ## Useful Articles and Blogs + +- [Mask and redact sensitive data published to Amazon SNS using managed and custom data identifiers](https://aws.amazon.com/blogs/security/mask-and-redact-sensitive-data-published-to-amazon-sns-using-managed-and-custom-data-identifiers/), AWS, 2023-10-25