🥗 Appetizer

Hey folks,

What is the best way to start your week? Maybe you will start by reading this newsletter while commuting, then enjoy your ride.

We are starting the pre-reinvent announcements this month, you will see a lot of stuff moving on AWS part. Keep an eyes on MAMIP that generally spoil some announcements by catching the required IAM permissions needed by new features or services.

If you are reading the web version of this newsletter, please considering subscribing, it helps us. A lot.

Have a great week ahead!

Victor

🍹 Monitor AWS Managed IAM Policies

Managed Policy changed since last week: 9

1. 🚩 AWSDataLifecycleManagerSSMFullAccess
2. AWSIPAMServiceRolePolicy
3. 🚩 AWSLakeFormationCrossAccountManager
4. AWSQuickSightSageMakerPolicy
5. AWSSSMForSAPServiceLinkedRolePolicy
6. 🚩 AWSSupplyChainFederationAdminAccess
7. AmazonVPCNetworkAccessAnalyzerFullAccessPolicy
8. AmazonVPCReachabilityAnalyzerFullAccessPolicy
9. 🚩 SecurityAudit

Weekly diff

🤖 Powered by MAMIP | 🚩 Sensitive IAM Actions included

🥗 AWS Security Blog

• How to create an AMI hardening pipeline and automate updates to your ECS instance fleet
• How to use chaos engineering in incident response
• How to share security telemetry per OU using Amazon Security Lake and AWS Lake Formation
• How to visualize Amazon Security Lake findings with Amazon QuickSight
• Refine permissions for externally accessible roles using IAM Access Analyzer and IAM action last accessed
• Security considerations for running containers on Amazon ECS

🧁 IAM Permission Changes

• ec2: 2 new actions - 2 new actions: DisableImage (Grants permission to disable an AMI), EnableImage (Grants permission to re-enable a disabled AMI);
• s3: 1 updated condition - 1 updated condition: s3:x-amz-server-side-encryption-aws-kms-key-id (type)
• redshift: 1 new action - 1 new action: FailoverPrimaryCompute (Grants permission to failover the primary compute of an Multi-AZ cluster to another AZ)