AWS WAF 推出了隨時更新的 Managed Rule：「Ready-to-Use Managed Rules Now Available on AWS WAF」。
這些 ruleset 是由 3rd-party 提供的：
Choose from preconfigured RuleGroups provided in the AWS Marketplace by industry leading security experts: Alert Logic, Fortinet, Imperva, Trend Micro and TrustWave.
Rules are automatically updated as new threats emerge and offer a wide range of protections, including OWASP Top 10 mitigations, bad-bot defenses, and virtual patching against recent CVE’s.
Each RuleGroup is the product of a Seller’s unique expertise, made available to you at an affordable pay-as-you-go price.
在 AWS Marketplace 的「Managed Rules for AWS WAF - Web Application Firewall」裡拿兩家來看看。
趨勢的「Trend Micro Managed Rules for AWS WAF - WebServer (Apache, Nginx)」與「Trend Micro Managed Rules for AWS WAF - Content Management System (CMS)」都是：
Charge per month in each available region (pro-rated by the hour) $5.00 / unit
Charge per million requests in each available region $0.20 / unit
而 Imperva 則是提供不一樣的選擇，在「Imperva - Managed Rules for WordPress Protection on AWS WAF」是：
Charge per month in each available region (pro-rated by the hour) $30.00 / unit
Charge per million requests in each available region $0.60 / unit
而「Imperva - Managed Rules for IP Reputation on AWS WAF」則是：
Charge per month in each available region (pro-rated by the hour) $40.00 / unit
Charge per million requests in each available region $0.40 / unit
Amazon SES 的新功能，讓使用者可以設定 policy，以確保 mail reputation 不會掉的太差：「Amazon SES introduces email pausing and reputation metrics for configuration sets」，介紹的文章在「Protect your Reputation with Email Pausing and Configuration Set Reputation Metrics」。
所以你可以設定某些條件，停用某個 configuration set，或是停用整個帳號：
This release includes API operations that allow you to temporarily pause email sending for a specific configuration set, or across your entire Amazon SES account. You can use this feature to automatically pause email sending when your reputation metrics cross certain thresholds that you define.
這應該是在一個帳號有多個服務使用的情境下，用來降低風險的方式... 某個服務突然送出一堆 bounce mail 時可以只停用有問題的服務，而不是被 Amazon SES 整包停用。
另外因為經過 Amazon CloudWatch，所以可以串上 Amazon SNS 後將 AWS Lambda 接上去做更複雜的處理：
剛好是之前推出 Dependency Graph 後可以拿出來善用的利用：「Introducing security alerts on GitHub」，先前提到的 Dependency Graph 則是在「A more connected universe」這邊。
Vulnerability coverage 的部份有提到範圍，至少有公開 CVE 的會納入：
Vulnerabilities that have CVE IDs (publicly disclosed vulnerabilities from the National Vulnerability Database) will be included in security alerts. However, not all vulnerabilities have CVE IDs—even many publicly disclosed vulnerabilities don't have them. We'll continue to get better at identifying vulnerabilities as our security data grows. For more help managing security issues, check out our security partners in the GitHub Marketplace.
現在可以透過 AWS Budgets 來看到 Reserved Instance 的使用率了：「Monitor your Reserved Instance utilization by receiving alerts via AWS Budgets」。
Starting today, customers can now monitor and receive alerts when their Reserved Instance (“RI”) utilization falls below the threshold they define.
算是個開頭，不過我更想請 AWS 分析有哪些機器是長年開著沒有 discount 的... 或者像是 GCP 那樣自動算 :o
AMBER Alert (中文：安珀警戒) 把發佈的媒體擴展到網際網路上，與 Facebook 合作：「AMBER Alert Partners With Facebook」。
不過 Twitter 應該會比較適合，Facebook 先談到也不差就是了...