🥗 Appetizer

Hey Folks,

Hope you're doing well! I've had my nose buried in all sorts of articles, blog posts, and updates in the AWS Security universe so that you can skip the heavy lifting.

Here's a roundup of the juiciest stuff you need to know this week. First up, let's get into an eye-opening piece on Security Hub by Chris Faris. Trust me, you'll want to hear the key takeaways:

• Misleading Metrics & Dashboards: Security Hub may present metrics and dashboards that don't accurately reflect the security posture. They often lean towards compliance rather than assessing real risks, causing both misalignment and tension between engineering and security teams.
  
  
• Cost Underestimation: While Security Hub might seem cost-effective initially, the total cost can escalate when combined with AWS Config and other associated services. The pricing structure can be confusing, causing budgeting issues.
  
  
• Configuration Challenges: Despite features like Delegated Admin and Region Aggregation, disabling specific controls or customizing findings is far from straightforward. You'll need to dive into each account and region, making configuration and management cumbersome.

See the full article below.

Victor

👀 Monitor AWS Managed IAM Policies

Managed Policy changed since last week: 9

1. AWSSecurityHubServiceRolePolicy
2. 🚩 AmazonConnectServiceLinkedRolePolicy
3. AmazonDataZoneDomainExecutionRolePolicy
4. 🚩 AmazonDataZoneEnvironmentRolePermissionsBoundary
5. AmazonDataZoneFullUserAccess
6. 🚩 AmazonDataZoneGlueManageAccessRolePolicy
7. AmazonSageMakerCanvasAIServicesAccess
8. 🚩 AmazonSageMakerCanvasFullAccess
9. 🚩 AmazonVPCCrossAccountNetworkInterfaceOperations

Weekly diff
🤖 Powered by MAMIP | 🚩 Sensitive IAM Actions included