re:Invent 2023 Updates to AWS Security Hub

Streamlining Security Management

Happy National Popcorn Day! This is Unlimited Leave, the AWS Management and Governance newsletter that is always stuck doing re-work.

This time, we’re reconfiguring AWS Security Hub.

The irony is, that it’s more of a hold my beer moment, but if you want to grab some popcorn, today is the day to do it.

I almost pulled the trigger on an issue last week but I just couldn’t drum up content that I think is related to the theme of this newsletter.

At this time, I’m going to shoot for a minimum issue on the third Friday of the month with special issues for updates and announcements going forward.

This week's topics

  • Refresh of AWS Security Hub

  • A couple of relevant announcements

  • Get to Know Your Customers Day (Yesterday)

Refresh of AWS Security Hub

In one of the online communities I’m in, I’m keeping a close watch on a thread discussing AWS Security Hub Bankruptcy. This very quickly seems like the path I am going down.

I wrote a recent blog post discussing the 2023 AWS re: Invent Security Hub announcement.

Back in late 2022 and the beginning of 2023 I spent way too much time figuring out how I would use Security Hub across multiple organizations and accounts to be the source of truth for what developers and account owners are responsible for regarding the security of their accounts.

At re:Invent 2022 I went to a closed Security Hub ‘roundtable-ish’ discussion and expressed my issues and I was validated. I was also promised a major SH overhaul. I didn’t know I’d have to wait until the following re:Invent but I finally got what I wished for.

Here is that post if you are interested:

This is my first post to https://community.aws but is a Canonical Link to my AWS Blog.

Announcement(s) & Blogs

  • Implementing automated and centralized tagging controls with AWS Config and AWS Organizations - a beautiful write-up for tagging across an AWS Organization. The downside and something I’m still livid about is that Account Tags on Accounts themselves implemented from the Organizations Service STILL do not show in CUR. This is because accounts themselves are not ‘metered services’. This is problematic for many reasons. Sure there are ways around this, but this is a huge gap. Do better AWS. I’ve submitted a request for this.

  • Amazon ECS and AWS Fargate now integrate with Amazon EBS - while not related to M&G, I have started deploying more services and scheduled (EventBridge) tasks that do relate to my M&G workloads. This is an interesting enhancement to ECS.

  • AWS CloudShell now supports Docker in 13 Regions - in the same vein, I have a handful of containers for different operational CI/CD tasks. Being able to pull these in live with my session permissions to run account-level operations seems to be a direction I’m going to look into.

Get to know your customers

While today is not Get to Know Your Customers Day, yesterday was, and the timing is perfect.

Last week a reader/follower found a YouTube video of me where I was demoing one of my CICD flows. In the video, I was managing multiple AWS Account/Organization Sessions within the same browser.

The tool I was using was the freemium version of Ghost Browser.

There are many of these tools. I use almost all of them for different purposes. Ghost Browser is my daily driver for bouncing in and out of Organizations and Accounts via the console but it has its limitations.

I also have mentioned in the past that I use https://leapp.cloud

There is also Firefox Containers which is leveraged by both Leapp and Granted.dev.

Even though there are many tools, some still are not aware of them or use them regularly. I would really like to know how all of you are managing multi-organization workloads.

Multi-account workloads as well out of curiosity, but most specifically if you are managing or accessing multiple AWS Organizations daily, I would appreciate it if you reply to this email and give me a brief synopsis or I would love to have a conversation with you.

A reply is the only option for now as I have reverted to the free tier of this platform and Polls are not a free option.

I look forward to hearing from you.

Review past issues HERE | Share with others HERE
Start your own newsletter with this link
Disclaimer: The resources and topics shared within this newsletter are for informational use only. Any resources deployed or tools implemented are done so at your own risk. Do your research and testing before the implementation of any resource or service deployed for any workload.