AWS Security Digest

Issue #126

Monday · October 16, 2023

🥖 Palate Cleanser

I have an exciting blog post to share with you: "Cedar: Avoiding the cracks.

Ian McKay author delves into the common pitfalls and challenges faced by policy authors in the realm of Cedar authorization.

Discover practical solutions and best practices for issues like non-unique entity identifiers, invalid statements, short-circuiting, ambiguous entity types, unexpected order of operations, and side channels. 

Whether you're a seasoned Cedar expert or just starting out, these insights will help you navigate the world of Cedar authorization effectively.

📋 Chef's selections

  1. An Unexpected Implication of Lambda Privileges
  2. GuardDuty EKS Runtime Monitoring expands operating systems and processor support
  3. What's new in the CIS v2.0 benchmark for AWS

🍛 Reddit threads on r/aws

🍪 API changes

2023/07/07 - logs - 3 updated api methods
Changes   Add CMK encryption support for CloudWatch Logs Insights query result data
 
2023/07/05 - kms - 14 updated api methods
Changes   Added Dry Run Feature to cryptographic and cross-account mutating KMS APIs (14 in all). This feature allows users to test their permissions and parameters before making the actual API call.

Get every AWS security change,
on a plate every Monday.

6,700+ engineers, builders and CISOs let us diff the AWS changelog every week.