22th Monday
May, 2023

📣 Sponsor

Identify all cloud accounts with Nudge Security

Nudge Security discovers all AWS, GCP and Azure assets associated with your organization, including the unmonitored accounts your teams may have forgotten about. And, you can get alerted as new accounts are created so you ensure proper security controls are applied from day one. Find out what you’re missing in minutes - no agents, network changes, APIs or browser plug-ins required.

Start free trial

🥗 Appetizer

In March 2023, Datadog experienced a two-day incident resulting from a security update to the systemd component. The incident prompted several important lessons:

Recognizing the indirect coupling of behavior between regions, highlighting the need to strengthen the foundational infrastructure.
Understanding the clear hierarchy of data importance, prioritizing live data and alerts over historical data.
Considering the scale of degradation in chaos tests to ensure the platform can operate effectively in degraded conditions.
Improving communication with customers during incidents by providing clear guidance and updates.
Exploring better methods of communicating detailed real-time product status.

My two cents:

It is crucial to note that despite the implementation of multi-cloud, multi-region, and chaos engineering strategies, system failures can still occur. Therefore, investing efforts and resources into incident response preparation and effective communication during major outages is essential.

📋 Menu of the week

👀 Monitor AWS Managed IAM Policies

Policies changed since last week (8):

Weekly diff

🍔 AWS API Changes

🍕 AWS Security Blog

📣 Sponsor

At unusd.cloud, our approach focuses on detecting and eliminating unused assets to reduce AWS spending, attack surface, and environmental impact.

With features such as automatic waste detection, per account scan schedules, and spending drift detection, our product offers a comprehensive solution to optimize your AWS budget.

Try it for free (Forever) for a single AWS Account.

We've also revisited our pricing thanks to customer feedbacks!

🍓 IAM Permission Changes

Amazon Connect (connect)
5 new actions, 1 new resource | 3 updated actions
Amazon DynamoDB (dynamodb)
2 updated actions | 1 removed condition

AWS Glue (glue)1 new resource | 8 updated actions
AWS CloudFormation (cloudformation)1 updated action
AWS Cloud9 (cloud9)1 new action

Amazon EC2 (ec2)
7 new actions | 23 updated actions, 1 updated resource | 2 removed conditions

AWS WAF V2 (wafv2)1 new resource | 3 updated actions
AWS Outposts (outposts)1 updated resource
Amazon API Gateway Management V2 (apigatewayv2)1 updated action
Amazon EMR on EKS (EMR Containers) (emr-containers)1 new action

👾 r/aws

🖊️ Stay ahead of AWS Security game by subscribing

📢 Gain visibility for your brand by sponsoring our content

💌 If you have any suggestions for future topics, let us know