In case you missed any of the AWS Security Blog posts from March and April, they are summarized and linked to below. The posts are shown in reverse chronological order (most recent first), and the subject matter ranges from the AWS Config Rules repository to automatically updating AWS WAF IP blacklists.
April 28, AWS WAF How-To: How to Import IP Address Reputation Lists to Automatically Update AWS WAF IP Blacklists
A number of organizations maintain reputation lists of IP addresses used by bad actors. Their goal is to help legitimate companies block access from specific IP addresses and protect their web applications from abuse. These downloadable, plaintext reputation lists include Spamhaus's Don’t Route Or Peer (DROP) List and Extended Drop (EDROP) List, and Proofpoint’s Emerging Threats IP list. Similarly, the Tor project’s Tor exit node list provides a list of IP addresses currently used by Tor users to access the Internet. Tor is a web proxy that anonymizes web requests and is sometimes used by malicious users to probe or exploit websites.
April 27, Federated SSO How-To: How to Set Up Federated Single Sign-On to AWS Using Google Apps
Among the services offered to Google Apps for Work users is a Security Assertion Markup Language (SAML) 2.0–based SSO service. You can use this service to provide one-click SSO to your AWS resources by using your existing Google Apps credentials. For users to whom you grant SSO access, they will see an additional SAML app in your Google Apps account, as highlighted in the following screenshot. When your users click the SAML app, Google Apps authenticates and redirects them to the AWS Management Console. In this blog post, I will show you how you can use Google Apps to set up federated SSO to your AWS resources.
April 21, AWS WAF How-To: How to Prevent Hotlinking by Using AWS WAF, Amazon CloudFront, and Referer Checking
You can use AWS WAF to help prevent hotlinking. AWS WAF is a web application firewall that is closely integrated with Amazon CloudFront (AWS’s content delivery network [CDN]), and it can help protect your web applications from common web exploits that could affect application availability, compromise security, and consume excessive resources. In this blog post, I will show you how to prevent hotlinking by using header inspection in AWS WAF, while still taking advantage of the improved user experience from a CDN such as CloudFront.Read More →