New Security Controls Released:
AWS Security Hub has recently introduced six new security controls, expanding the total number of controls offered by Security Hub to 264. These new controls enable fully-automatic security checks for services like Amazon CloudFront and Amazon Simple Storage Service (Amazon S3). To utilize these controls, it is necessary to first enable the corresponding standard they belong to, which could be either Foundational Security Best Practices (FSBP) or National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5. If you are already utilizing these standards and have Security Hub configured to automatically enable new controls, the newly released controls will run seamlessly without requiring any additional actions.
Here are the details of the new controls that have been launched:
- [ACM.2] RSA certificates managed by ACM should use a key length of at least 2,048 bits.
- [AppSync.2] AWS AppSync should have request-level and field-level logging enabled.
- [CloudFront.13] CloudFront distributions should implement origin access control.
- [ElasticBeanstalk.3] Elastic Beanstalk should stream logs to CloudWatch.
- [StepFunctions.1] Step Functions state machines should have logging enabled.
- [S3.17] S3 buckets should be encrypted at rest with AWS KMS keys.
By implementing these new controls, you can enhance the security posture of your AWS environment.
Amazon RDS supports T4g instances:
Amazon RDS supporting AWS (APIs) Graviton2-based T4g database instances in various regions. The T4g instances offer a baseline level of CPU performance with the ability to burst CPU usage as needed. Compared to comparable x86-based T3 instances, T4g instances provide up to 36% better price performance, depending on the database engine, version, and workload.
The availability of T4g database instances for Amazon RDS has been expanded to include the following regions: US East (N. Virginia, Ohio), US West (Oregon, N. California), Canada (Central), Europe (Ireland, Frankfurt, London, Stockholm, Spain, Milan, Paris), South America (São Paulo), Asia Pacific (Mumbai, Seoul, Singapore, Sydney, Tokyo, Hyderabad, Hong Kong), the Middle East (UAE), and AWS GovCloud (US). You can find detailed pricing and regional availability information on the Amazon RDS pricing page.
T4g database instances are supported on Amazon RDS for the following versions:
- PostgreSQL: 15.2 and higher, 14.3 and higher, 13.7 and higher, and 12.11 and higher.
- MySQL: 8.0.32 and higher.
- MariaDB: 10.6.12 and higher, 10.5.19 and higher, and 10.4.28 and higher.
To upgrade to T4g instances, you can modify the database instance type to T4g using the AWS Management Console or AWS CLI. For more detailed instructions, please refer to the Amazon RDS User Guide.
