Newsletter Logo
12th Monday
June, 2023
πŸ“£ Sponsor

Your company relies on you to keep your AWS infrastructure secure β€” but it’s hard to manage safe, temporary access while moving quickly and staying above water.

With the Sym SDK, you can build temporary access workflows for IAM and SSO, deployed in an easy-to-use requests app in Slack.

Sym gives you peer approval, privilege escalation and de-escalation, and all the integrations you need to automate decisions, getting you to least privilege, with the least hassle.

Try Sym today
πŸ₯— Appetizer

This week, an exciting new CTF challenge titled "The Big IAM Challenge" was launched by wiz in the field of IAM.

Even for someone with a background in security like myself, it proved to be quite challenging and highly enjoyable.

I particularly appreciated the diverse levels and the overall experience. I highly recommend it to all AWS practitioners.
πŸ“‹ Menu of the week
  1. We reported a security issue in AWS CDK's eks.Cluster component
  2. aws-amicleaner  - cleanup unused AMIs from cloudonaut
  3. A collection of documented and undocumented AWS API models​
πŸ‘€ Monitor AWS Managed IAM Policies

Policies changed since last week (19):

  • AWSConfigServiceRolePolicy
  • AWSControlTowerAccountServiceRolePolicy
  • AWSElasticDisasterRecoveryConsoleFullAccess
  • AWSElasticDisasterRecoveryNetworkReplicationPolicy
  • AWSElasticDisasterRecoveryServiceRolePolicy
  • AWSWAFConsoleFullAccess
  • AWSWAFConsoleReadOnlyAccess
  • AWSWAFFullAccess
  • AWSWAFReadOnlyAccess
  • AWS_ConfigRole
  • AmazonDocDBElasticFullAccess
  • AmazonDocDBElasticReadOnlyAccess
  • AmazonInspector2ReadOnlyAccess
  • AmazonKeyspacesFullAccess
  • CloudWatchLogsReadOnlyAccess
  • CloudWatchReadOnlyAccess
  • ROSAInstallerPolicy
  • ROSANodePoolManagementPolicy
  • SecurityAudit
Weekly diff​
πŸ” AWS API Changes
  • Payment Cryptography Control Plane - 20 new methods
  • Payment Cryptography Data Plane - 11 new methods
  • AWS Service Catalog - 1 updated methods
  • AWS CloudFormation - 2 updated methods
  • Amazon EMR Containers - 6 updated methods
  • Amazon CloudWatch Logs - 3 new 1 updated methods
  • Inspector2 - 2 updated methods
  • AWS Signer - 2 new methods
  • Amazon Simple Queue Service - 3 new methods
  • AWS CloudFormation - 3 new methods
  • AWS Key Management Service - 1 updated methods
  • AWS CloudTrail - 2 new 5 updated methods
  • AWS WAFV2 - 2 new methods
πŸ• AWS Security Blog
  • Temporary elevated access management with IAM Identity Center
  • 2023 ISO + CSA STAR certs available with 8 new services and 1 new Region
  • Our commitment to shared cybersecurity goals
  • Updated AWS Ramp-Up Guide available for security, identity, and compliance
πŸ“ IAM Permission Changes
  • elasticloadbalancingv2: 1 new condition | 22 updated actions
  • elasticloadbalancing: 1 new condition | 22 updated actions
  • sqs: 3 new actions
  • profile: 11 new actions, 2 new resources | 5 updated actions
  • cloudfront: 1 updated action | 1 removed action
  • imagebuilder: 1 updated action
  • signer: 2 new actions
  • logs: 2 new actions
  • kms: 1 new condition | 1 updated action
  • wafv2: 2 new actions
  • cloudtrail: 2 new actions
  • codecommit: 1 updated action
πŸ‘Ύ r/aws
  • Why I recommended ECS instead of Kubernetes to my latest AWS
  • Application Composer Now Generally Available – Visually Build Serverless Applications Quickly
  • Announcing Container Image Signing with AWS Signer and Amazon EKS
πŸ–ŠοΈ Stay ahead of AWS Security game by subscribing
πŸ“’ Gain visibility for your brand by sponsoring our content
πŸ’Œ If you have any suggestions for future topics, let us know
Twitter social link LinkedIn social link Website social link