AWS Security Digest · Issue #127

Issue #127

Monday · October 23, 2023

🥖 Palate Cleanser

findmytakeover from @malprxctice detects dangling DNS record in a multi cloud environment.

It does this by scanning all the DNS zones and the infrastructure present within the configured cloud service provider either in a single account or multiple accounts and finding the DNS record for which the infrastructure behind it does not exist anymore rather than using wordlist.

It can easily detect and report potential subdomain takeovers that exist.

📋 Chef's selections

IAMActionHunter: Query AWS IAM permission policies with ease
Amazon S3 Inventory can include ACLs as object metadata in inventory reports
Amazon CloudFront announces support for 3072-bit RSA certificates

🍛 Reddit threads on r/aws

How to enable end-to-end encryption in AWS?
How we reduced our AWS bill by seven figures?
Why use Terraform over CloudFormation?

🍪 API changes

2023/07/13 - s3 - 5 updated api methods
Changes S3 Inventory now supports Object Access Control List and Object Owner as available object metadata fields in inventory reports.

🥖 Palate Cleanser

📋 Chef's selections

🍛 Reddit threads on r/aws

🍪 API changes

Get every AWS security change,on a plate every Monday.

Get every AWS security change,
on a plate every Monday.