Amaan Khan’s Post

Red Canary wrote a great article on how adversaries can steal AWS Single Sign-On (SSO) access tokens from local machines and how to detect it! 🔗

🎥 New AWS Tutorial Alert! 🚀 In this video, I dive into Multi-Factor Authentication (MFA) in AWS and walk through how to enhance security by enabling MFA for AWS users. 🛡️ 🔑 I also show how to set up access keys for users so they can access the AWS CLI, empowering them to work seamlessly from the command line. 📊 And, to keep track of everything, I’ll guide you on how to generate a credentials report—a powerful tool for auditing user access and ensuring best practices are followed. #AWS #CloudSecurity #MFA #IAM #AccessKeys #AWSTutorial #CloudComputing

Amazon DynamoDB released support for resource-based IAM policies two days ago. There was some controversy whether that's a good thing from a security point of view. Independent of whether you like the change or not, I've just added support for it to aws-lint-iam-policies. You can now scan all DynamoDB table and stream policies across an AWS Organization for potential security issues and errors: https://lnkd.in/dKFmc6e8

Excited to announce I co-authored my first blog for AWS with my colleague Thaddeus Worsnop! This blog details best practices for configuring DNS on Active Directory with Amazon Route 53. Take a look below! https://lnkd.in/e4CEHWKF

You can now provide a list of AWS account IDs that you trust when running aws-lint-iam-policies. If your resource-based policies have trust relationships to those accounts, findings won't be generated. This is particularly useful when you audit entire Organizations and, for example, want to silence findings about central roles like OrganizationAccountAccessRole, or you are using CSPM products that have trusts into all your accounts. Happy linting! https://lnkd.in/dRW-4QhD

Attackers can gain access to AWS accounts or sensitive data by creating in advance S3 storage buckets with predictable names that will be automatically used by various services and tools.

🔒 Secure Your AWS S3 Access with VPC Endpoint Gateway! 🌐 Enhance your network security and optimize data transfer by using VPC Endpoint Gateway for S3. 🚀✨ What You’ll Learn: Chapter 1 Introduction Of VPC Endpoint For S3 Chapter 2 VPC Endpoint Terminologies Chapter 3 Create VPC Endpoint For S3 Learn how to configure and use VPC Endpoint Gateway for S3 in my latest YouTube video https://lnkd.in/d8NZYQza #AWSS3 #VPCEndpoint #NetworkSecurity #TechTips #CloudComputing

Is AWS Secrets Manager CLI broken? When I try and get a secret in the AWS CLI it throws a weird error. GetSecretValue operation: Invalid name. Must be a valid name containing alphanumeric characters, or any of the following: -/_+=.@! aws secretsmanager --profile $PROFILE get-secret-value --secret-id arn:aws:ssm:eu-west-1:{accountId}:parameter/{secret name} Interestingly the "any of the following. -/_+=.@!" doesn't include a : which is part of every arn? This is from a script that I've used regularly for months and have had no issue. Is this a bug? #aws #secretsmanager

🔒 Secure Your AWS S3 Access with VPC Endpoint Gateway! 🌐 Enhance your network security and optimize data transfer by using VPC Endpoint Gateway for S3. 🚀✨ What You’ll Learn: Chapter 1 Introduction Of VPC Endpoint For S3 Chapter 2 VPC Endpoint Terminologies Chapter 3 Create VPC Endpoint For S3 Learn how to configure and use VPC Endpoint Gateway for S3 in my latest YouTube video https://lnkd.in/dhyEUr-s #AWSS3 #VPCEndpoint #NetworkSecurity #TechTips #CloudComputing

Beware! We've recently discovered that AWS is charging users for 4xx requests to S3 buckets. This is alarming and requires immediate attention. 😐 As indicated by numerous GitHub references, this issue impacts a significant number of users, particularly those using us-east-1 buckets. A simple PUT request can easily result in massive bills for other users. We strongly urge AWS to take action and cease charging for 4xx requests to S3 buckets. Doing so would not only benefit users financially, but also prevent potential billing catastrophes. This is so alarming: https://lnkd.in/dwWBnKtU #AWS #S3 #CloudComputing