Newsletter Logo
5th Monday
June, 2023
📣 Sponsor

Did you know 88% of companies offering enterprise CSPM also offer a CIEM solution? 

In fact, products across the security industry are adding CIEM-powered workflows because so many roles need to manage or understand access. 

Discover your product category's CIEM adoption trends in the market research brief.
🥗 Appetizer

This week, the chef prepared a great sauce of IMDSv1, a guidance to get rid of unsecure IAM Users long-term credentials from Scott Piper, and a great walkthrough of compromised AppRunner instance from Bhagavan.

Also, AWS Config now allows your to use an Exception list on resource type. Great Improvement!
📋 Menu of the week
  1. Instance Metadata Service Packet Analyzer simplifies migration to IMDSv2
  2. Misconfiguration Spotlight: Securing the EC2 Instance Metadata Service
  3. Guidance on getting rid of AWS IAM user access keys
👀 Monitor AWS Managed IAM Policies

​Policies changed since last week (16):

  • AWSFaultInjectionSimulatorEC2Access
  • AWSFaultInjectionSimulatorECSAccess
  • AWSFaultInjectionSimulatorEKSAccess
  • AWSFaultInjectionSimulatorSSMAccess
  • AWSIoTDeviceTesterForFreeRTOSFullAccess
  • AWSMarketplaceSellerFullAccess
  • AWSVPCVerifiedAccessServiceRolePolicy
  • AWSWAFConsoleFullAccess
  • AWSWAFConsoleReadOnlyAccess
  • AWSWAFFullAccess
  • AWSWAFReadOnlyAccess
  • AdministratorAccess-Amplify
  • AmazonInspector2ServiceRolePolicy
  • AmazonRDSCustomServiceRolePolicy
  • AmazonSecurityLakeAdministrator
  • ROSASRESupportPolicy
Weekly diff​
🍔 AWS API Changes
  • 2023/06/01 - profile - 7 new api methods
  • 2023/06/01 - ivs - 6 updated api methods
  • 2023/05/31 - config - 2 updated api methods
  • 2023/05/30 - securityhub - 2 updated api methods
  • 2023/05/30 - securitylake - 18 new 10 updated api methods
  • 2023/05/30 - wafv2 - 11 updated api methods
🍕 AWS Security Blog
  • Announcing the AWS Blueprint for Ransomware Defense
  • Updated whitepaper: Architecting for PCI DSS Segmentation and Scoping on AWS
  • AWS Security Profile: Ritesh Desai, GM, AWS Secrets Manager
🍓 IAM Permission Changes

  • AWS Marketplace Portal (aws-marketplace-management)
  • AWS Database Migration Service (dms)
  • Amazon AppFlow (appflow)
  • Amazon WorkSpaces Web (workspaces-web)
  • AWS IoT FleetWise (iotfleetwise)
  • Amazon Security Lake (securitylake)
  • Amazon EventBridge Schemas (schemas)
  • AWS DeepRacer (deepracer)
  • Amazon DynamoDB (dynamodb)
  • AWS IQ (iq)
  • Amazon QuickSight (quicksight)
  • AWS IoT Wireless (iotwireless)
👾 r/aws

  • Why has AWS made IAM Actions impossible to find?
  • Was my SES (or AWS account) just hacked?
  • Best way to decrease latency (API <-> Lambda <-> Dynamodb)
🖊️ Stay ahead of AWS Security game by subscribing
📢 Gain visibility for your brand by sponsoring our content
💌 If you have any suggestions for future topics, let us know
Twitter social link LinkedIn social link Website social link