📋 Chef's selections

1. Cognito-api: An authentication API based on AWS Cognito
2. Reverse Engineering on AWS Key IDs
3. AWS Network Firewall egress filtering can be easily bypassed

🍛 Reddit threads on r/aws

• Prevent DDoS on api Gateway
• AWS role session tags for GitHub Actions
• How do you set up https on an EC2 server using a whitelist IP security group?
• Cognito AccessToken in lambda event variable
• Any good designs around AWS SCP development staging in a Terraform shop?
• MFA, What to do if I lose the device which had authenticator.
• Tracking finding remediation in Security Hub?
• Cleanup Network ACL and Security Group Rules?
• AWS access key stolen - somebody using it for frauds

🍪 API changes

• Amazon Elastic Compute Cloud - 1 new methods - Launching GetSecurityGroupsForVpc API. This API gets security groups that can be associated by the AWS account making the request with network interfaces in the specified VPC.
• AWS Network Firewall - 12 updated methods - Network Firewall now supports inspection of outbound SSL/TLS traffic.
• AWS CodePipeline - 7 updated methods - Add ability to trigger pipelines from git tags, define variables at pipeline level and new pipeline type V2.
• Amazon Elastic Kubernetes Service - 14 updated methods - Added support for Cluster Subnet and Security Group mutability.
• AWS Network Manager - 6 updated methods - This release adds API support for Tunnel-less Connect (NoEncap Protocol) for AWS Cloud WAN

☕ CloudFormation resource changes

• Nothing new this week.

🎮 Amazon Linux vulnerabilities

• ALAS-2023-2318 (critical): squid - CVE-2019-12524, CVE-2019-12529, CVE-2019-18677, CVE-2019-18678, CVE-2019-18860, CVE-2021-28116
• ALAS-2023-2317 (important): python3 - CVE-2022-48565