📣 Sponsor

Tired of sifting through assets to find the dormant ones? 😓

Let unusd.cloud do the work! Our tool identifies unused AWS assets in all AWS regions, saving you money and time. ⌛💰

Our mission is to chasse idle AWS assets on your account to avoid any surprise billing.

Its free forever for a single AWS Account.

🥗 Appetizer

Hey Folks,

You've been busy for the last week. Don't worry; I've read all the AWS Security News for you, so you don't have to.

Here's a sum up, great content from Wiz and great features from AWS, like RegEx on CloudWatch Logs and enhanced Botnet protection for AWS WAF.

Also, the ECS team brings aws:ResourceTag/${TagKey} condition to nearly all ECS actions.

See you next week!

Victor

👀 Monitor AWS Managed IAM Policies

Managed Policy changed since last week: 9

1. 🚩 AWSBackupFullAccess
2. AWSBackupOperatorAccess
3. 🚩 AWSBackupServiceRolePolicyForBackup
4. 🚩 AWSBackupServiceRolePolicyForRestores
5. 🚩 AWSConfigServiceRolePolicy
6. AWSServiceRoleForCloudWatchMetrics_DbPerfInsightsServiceRolePolicy
7. 🚩 AWS_ConfigRole
8. 🚩 AmazonChimeSDKMediaPipelinesServiceLinkedRolePolicy
9. 🚩 AmazonInspector2ServiceRolePolicy

Weekly diff

🤖 Powered by MAMIP
🚩 Sensitive IAM Actions included

🍔 AWS API Changes

Amazon Elastic Compute Cloud - 24 updated methods Introducing Amazon EC2 C7gd, M7gd, and R7gd Instances with up to 3.8 TB of local NVMe-based SSD block-level storage. These instances are powered by AWS Graviton3 processors, delivering up to 25% better performance over Graviton2-based instances.

Amazon Relational Database Service - 18 updated methods Add support for feature integration with AWS Backup.

AWS WAFV2 - 8 updated methods The targeted protection level of the Bot Control managed rule group now provides optional, machine-learning analysis of traffic statistics to detect some bot-related activity. You can enable or disable the machine learning functionality through the API.

🍓 IAM Permission Changes

iam: 1 updated condition 1 updated condition: iam:PermissionsBoundary (type)

ecs: 40 updated actions 40 updated actions: CreateService (conditions), DeleteAttributes (conditions), DeleteService (conditions), DeleteTaskSet (conditions), DescribeContainerInstances (conditions) ...

sesv2: 5 new actions, 1 new resource, 1 new condition 5 new actions: CancelExportJob (Grants permission to cancel an export job), CreateExportJob (Grants permission to create an export job), ...