📣 Sponsor

Veza helps manage AWS identity and access.

• Audit user access
• At-a-glance view of user access to data across cloud apps (AWS + 100 apps ala Github, Snowflake etc)
• Ensure compliance with Soc 2, etc
• Identify Misconfigurations
• Reduce Over Provisioning
• Reduce Access Sprawl

Watch a demo and see how.

🥗 Appetizer

Today is the last issue of the season for 💌 AWS Security Digest Newsletter. See you in September! 🌴

I'm so grateful to all sponsors who made this newsletter possible and accessible for free to all readers!

🫶🏻 ASD Sponsors: IAM Pulse, Codeshield, Teleport, Verica, Drata, Codiga, NudgeSecurity, SymOps, K9 Security, Veza, Permiso, Cloudonaut

Initially, it was a newsletter for my usage to digest all news from AWS Security topics every Monday, and now:

📈 2200+ Readers and growing
📆 128 Issues
💰 Annual Revenue: 25k$
👀 Avg Open Rate: 55%, CTR: 15%

I can't wait to share all the updates and news related to AWS Security in this weekly digest email next season. I have so many ideas for the next year for you to stay ahead of the game!

👀 Monitor AWS Managed IAM Policies

Policy changed since last week (13):

1. AWSCodeCommitFullAccess
2. AWSCodeCommitPowerUser
3. AWSMarketplaceSellerProductsFullAccess
4. AWSMigrationHubRefactorSpaces-EnvironmentsWithoutBridgesFullAccess
5. AWSMigrationHubRefactorSpacesFullAccess
6. AWSMigrationHubRefactorSpacesServiceRolePolicy
7. AWSPurchaseOrdersServiceRolePolicy
8. AmazonCognitoUnAuthedIdentitiesSessionPolicy
9. AmazonSageMakerModelGovernanceUseAccess
10. CloudWatchInternetMonitorServiceRolePolicy
11. Health_OrganizationsServiceRolePolicy
12. ROSAKubeControllerPolicy
13. SecurityAudit

Weekly diff

Powered by MAMIP

🍔 AWS API Changes

Amazon SageMaker Service - 1 new 1 updated methods
Cross account support for SageMaker Feature Store

Amazon Security Lake - 3 new 2 updated methods
Adding support for Tags on Create and Resource Tagging API.

AWS Resource Access Manager - 3 updated methods
This release adds support for securely sharing with AWS service principals.

AWS Systems Manager for SAP - 1 new 6 updated methods
Added support for SAP Hana High Availability discovery (primary and secondary nodes) and Backint agent installation with SSM for SAP.

AWS WAFV2 - 8 updated methods
Added the URI path to the custom aggregation keys that you can specify for a rate-based rule.

🍓 IAM Permission Changes

grafana: 1 new action
1 new action: ListVersions (Grants permission to list all available supported Grafana versions. Optionally, include a workspace to list the versions to which it can be upgraded)

datasync: 1 updated action
1 updated action: ListTaskExecutions (resources)

mq: 1 new action
1 new action: Promote (Grants permission to promote a broker)

dms: 3 updated actions
3 updated actions: ListMigrationProjects (dependents), GetMetadataModel (dependents), ListMetadataModelAssessmentActionItems (dependents)

ec2: 1 updated action
1 updated action: CopyImage (conditions)