📣 Sponsor

75% of breaches happen because of bad permissions. 

The problem is that you don’t know exactly WHO has access to WHAT data in your environment. 

For example, roles labeled as “read-only” can often edit and delete sensitive data. 

Veza automatically finds and fixes every bad permission—in every app—across your environment.

Watch a demo of Veza with AWS

🥗 Appetizer

Hey Folks,

You've been busy for the last week. Don't worry; I've read all the AWS Security News for you, so you don't have to.

On August 15, 2023, EC2-Classic was officially phased out. It's noteworthy enough to mention, and a blog post from Werner is always a must-read.

A friend of mine is developing a new tool for deploying AWS LandingZone, and he published a paper discussing his approach in comparison to native solutions.

See you next week!

Victor

👀 Monitor AWS Managed IAM Policies

Managed Policy changed since last week: 9

1. 🚩 AWSElasticDisasterRecoveryLaunchActionsPolicy
2. 🚩 AWSElasticDisasterRecoveryReadOnlyAccess
3. AWSGlobalAcceleratorSLRPolicy
4. 🚩 AWSGlueServiceRole
5. AWSTrustedAdvisorServiceRolePolicy
6. 🚩 AmazonDataZoneEnvironmentRolePermissionsBoundary
7. 🚩 AmazonKeyspacesReadOnlyAccess_v2
8. CloudWatchReadOnlyAccess
9. 🚩 ReadOnlyAccess

Weekly diff
🤖 Powered by MAMIP | 🚩 Sensitive IAM Actions included