AWS Outage - What is impacted?

<p>Cloud Security News this week 8 December 2021</p> <ul> <li>If you use AWS, you may have noticed some issues with your services this week. AWS reported on Tuesday morning that they were seeing impacts to multiple APIs in the US-East 1 region. The issues were impacting their monitoring and incident response tooling impacting their ability to provide timely updates. A bit later they reported that they had identified the root cause of the issue causing service API and console issues. Root logins for consoles in all AWS regions were affected by this issue, however customers could &nbsp;login to consoles other than US-EAST-1 by using an IAM role for authentication. Services impacted include: EC2, Connect, DynamoDB, Glue, Athena, Timestream, and Chime. Most of the services have now recovered and all updates can be viewed <a href="https://status.aws.amazon.com/"><u><strong>here</strong></u></a></li> <li>Recently McAfee and FireEye announced the availability of new cloud security capabilities on <a href="https://www.scmagazine.com/news/security-news/cloud-security/aws-configuration-issues-lead-to-exposure-of-5-million-records"><u>Amazon Web Services</u></a> (AWS) as well as integration with the Amazon Inspector vulnerability management service. According to McAfee Enterprise and FireEye, their behavior analysis and machine-learning extended detection and response (XDR) capabilities combined with Amazon Inspector promises to deliver AWS customers greater visibility and protection of cloud-based applications and data.</li> <li>The research team at LightSpin discovered that the Jupiter Notebook instance of SageMaker could reach the Notebook Instance metadata endpoint. For context, having access to the metadata endpoint and requesting access tokens from an over-permissive IAM Role is a very well known SSRF vulnerability in AWS. In this case, the research team reported their finding to AWS and this has been resolved since. You can learn more about this<a href="https://blog.lightspin.io/aws-sagemaker-notebook-takeover-vu