🥗 Appetizer

Hey folks,

Got some cool stuff for you this week, particularly a must-read on essential monitoring for AWS Containers, courtesy of Cloudonaut.

Heads up, AWS has made AMI Block Public Access the default setting for new accounts and those without a public AMI since July 15, 2023. A smart move to avoid unintentional sharing and beef up security. Need a public AMI? You can turn it off manually. This is global, by the way.

I'm digging how AWS is ramping up security measures at the account level and making them default.

That's Security by Design for you.

Victor

🍹 Monitor AWS Managed IAM Policies

​Managed Policy changed since last week: 9

1. AWSElasticDisasterRecoveryConsoleFullAccess
2. 🚩 AWSElasticDisasterRecoveryLaunchActionsPolicy
3. 🚩 AWSEntityResolutionConsoleFullAccess
4. AWSResourceExplorerServiceRolePolicy
5. 🚩 AWSServiceRoleForImageBuilder
6. AWSVendorInsightsVendorFullAccess
7. 🚩 AmazonMSKFullAccess
8. AmazonRoute53RecoveryControlConfigReadOnlyAccess
9. ROSAKubeControllerPolicy

Weekly diff

🤖 Powered by MAMIP | 🚩 Sensitive IAM Actions included

🥗 AWS Security Blog

• IAM Roles Anywhere with an external certificate authority
• AWS Security Profile: Liam Wadman, Senior Solutions Architect, AWS Identity
• Securing generative AI: An introduction to the Generative AI Security Scoping Matrix
• AWS announces Cloud Companion Guide for the CSA Cyber Trust mark

🧁 IAM Permission Changes

• kms: 1 updated action - 1 updated action: ListRetirableGrants (resources)
• ecs: 1 updated action - 1 updated action: ExecuteCommand (resources)
• es: 3 new actions - 3 new actions: GetDomainMaintenanceStatus (Grants permission to retrieve the status of maintenance action for the node), ListDomainMaintenances (Grants permission to retrieve a list of maintenance actions for the OpenSearch Service domain), StartDomainMaintenance (Grants permission to initiate the maintenance on the node)