📣 How to deal with AWS unused assets?

Frustrated with costly AWS bills? 😰 Many teams, especially data scientists diving into LLM and AI experiments, are feeling the pinch.

With the rise of tools like Sagemaker and GPU-intensive instances, expenses can skyrocket if assets are left running.

Enter unusd.cloud – your smart solution to detect those forgotten AWS assets and trim your bills! 🔍✂️

Say goodbye to wasted spend and hello to a leaner AWS budget! 💼💡

🥗 Appetizer

Hey folks,

Big news from AWS!

Building on their commitment to digital sovereignty, AWS has announced the launch of the AWS European Sovereign Cloud. It will be hosted in Germany.

Tailored specifically for Europe, this new cloud is designed to cater to the unique sovereignty needs of public sector and regulated industry customers in the region.

Victor

🍹 Monitor AWS Managed IAM Policies

Managed Policy changed since last week: 12

1. AWSElasticDisasterRecoveryAgentInstallationPolicy
2. 🚩 AWSElasticDisasterRecoveryEc2InstancePolicy
3. 🚩 AWSResilienceHubAsssessmentExecutionPolicy
4. 🚩 AWSSupportServiceRolePolicy
5. 🚩 AmazonConnectServiceLinkedRolePolicy
6. AmazonConnectSynchronizationServiceRolePolicy
7. AmazonElasticsearchServiceRolePolicy
8. AmazonOpenSearchServiceRolePolicy
9. AmazonRDSPerformanceInsightsFullAccess
10. AmazonRDSPerformanceInsightsReadOnly
11. 🚩 AmazonRedshiftServiceLinkedRolePolicy
12. 🚩 AmazonSageMakerCanvasDataPrepFullAccess

Weekly diff

🤖 Powered by MAMIP | 🚩 Sensitive IAM Actions included

🥗 AWS Security Blog

• A phased approach towards a complex HITRUST r2 validated assessment
• The security attendee’s guide to AWS re:Invent 2023
• Mask and redact sensitive data published to Amazon SNS using managed and custom data identifiers
• AWS FedRAMP Revision 5 baselines transition update
• AWS Digital Sovereignty Pledge: Announcing a new, independent sovereign cloud in Europe
• Updated Essential Eight guidance for Australian customers

🧁 IAM Permission Changes

• resource-explorer: AWS Service Removed
• gamesparks: AWS Service Removed
• lakeformation: 3 new actions: 3 new actions: CreateLakeFormationOptIn (Enforce Lake Formation permissions for the given databases, tables, and principals), DeleteLakeFormationOptIn (Remove the Lake Formation permissions enforcement of the given databases, tables, and principals), ListLakeFormationOptIns (Retrieve the current list of resources and principals that are opt in to enforce Lake Formation permissions)

🍪 Amazon Linux CVEs

This section will show you the latest (Important and Critical) CVEs on Amazon Linux.

Amazon Linux 2

• ALAS-2023-2318 (critical): squid - CVE-2019-12524, CVE-2019-12529, CVE-2019-18677, CVE-2019-18678, CVE-2019-18860, CVE-2021-28116
• ALAS-2023-2317 (important): python3 - CVE-2022-48565