AWS Re:invent 2022 Recap for Cloud Security Professionals

This was the 10th or 11th year of AWS Re:invent (depending on whether you believe Google or CEO of AWS ). This year again there was a record crowd of over 50,000 attendees and we have the inside scoop from the conference, the KeyNote analysis and what was launched that you need to note as a Cloud Security Professionals.

This topic was also covered along with AWS Reinvent 2022 Keynote highlights from CEO and CTO of AWS, on Cloud Security Podcast which you can listen to or watch at the bottom of this article or simply click on the image below:

Note: If you have been following my AWS Re:invent for some time e.g 2019, 2020 (COVID Online only year),2021 (the year that no one went anywhere neither did I). We

This blog is divided into 4 categories instead of my usual 3 as like everything AWS and Public Cloud is evolving so to cover the type of releases from the event and inclues region availability, service GA status and where relevant use case for the release now we have a 4th category.

• AWS Security Product Release — new security products from AWS
• AWS Security Products Updates — new features to existing security products
• AWS Security features to existing products — security features to existing products
• BONUS — AWS Product Release for Developer first Security — AWS New products you should keep an eye out on as they are going to be used heavily by Developers once GA.

Let’s go:

NOTE: Services in preview mode i.e not available for all AWS customer are marked as (Preview). There is limited information on these services due the service being gated. If you would like to access any of these services contact your AWS Account Manager to get access to service for you to test while in preview mode.

AWS Security Product Release

• AWS Security Lake (Preview)
  It is a managed security data lake that combines various security datasets (AWS or external) and then controls and transforms them.
  NOTE: Amazon Security Lake should be enabled in all supported AWS Regions to ensure all relevant data from is collected.
• AWS Verified Access (Preview)
  This is a new secure connectivity service that allows you to enable local or remote secure access to applications without a VPN.
• Amazon Verified Permissions (Preview)
  This allows users to manage fine-grained permissions and authorization within custom applications. Fine-grained control is meant to combine the best of RBAC and ABAC (role-based vs attribute-based). Some people are saying that this could be an interesting alternative to OPA (Open Policy Agent)

AWS Security Products Updates

• Amazon Inspector now scans AWS Lambda functions for vulnerabilities
• Amazon GuardDuty RDS Protection
• Automated Data Discovery for Amazon Macie
• New controls in AWS Control Tower
• AWS Config Rules now support proactive compliance
• AWS KMS (Key management service) External Key Store (XKS)
• Amazon VPC (Virtual Private Cloud) has VPC Lattice
• Amazon CloudWatch now has cross-account observability

AWS Security features to existing products

• Delegated administrator for AWS Organization
• AWS Backup now supports attaching an AWS CloudFormation stack to your data protection policies.
• Amazon EventBridge Pipes is now generally available

AWS Product Release for Developer first Security

• AWS Application Composer (Preview)
  Building serverless applications have never been easier. How often would you be in a situation where you have been provided with a Infrastructure as Code (IaC) and are expected to understand or modify it or even sometimes start from scratch when you have never worked on IaC but you know AWS Services. AWS Application Composer could be the answer to your prayers. “AWS Application Composer is a visual designer that you can use to build your serverless applications from multiple AWS services. Use Application Composer’s interactive builder to design your application architecture by selecting, connecting, and defining AWS resources on a canvas. As you design, Application Composer automatically develops your infrastructure as code (IaC) templates, following AWS best practices. With Application Composer, you can start with an initial sketch, create deployable code, and integrate into your current workflows to improve your development experience.” — AWS Blog
• Amazon CodeCatalyst (Preview)
  Now AWS users specifically developers can build and deliver faster on AWS with Amazon CodeCatalyst. This service unifies software development services like project planning services, automation services like Github Actions, team communication services etc. Code Catalyst even though in preview mode comes with a lot of walkthrough project templates, projects examples, which you should use at your own discretion.
  “CodeCatalyst is fully managed by AWS, so AWS users can focus on development.” — AWS Blog

Takeaway for Cloud Security in AWS for 2023

My prediction is the pattern of minor upgrades to existing security services will continue to enable the creation of a Developer First driven Cloud eco-system using AWS services.

Also, throughout 2023 AWS employees, SAs, Advocates will push the use of AWS Application Composer and AWS CodeCatalyst to increase adoption of the service and produce more applications on software developement lifecycle using AWS services using AWS services only. This is great if you are an AWS Cloud only company but how many of those will be there in 2023 is yet to be seens as 2022 was already the year of Multi-Cloud everywhere.

I would advice making decision based on what your organization needs instead of only building infrastructure or entire stack of your software development lifecycle based on what AWS recommends especially if you are multi-cloud or planning to be multi-cloud.