🥗 Appetizer

Hey folks,

AWS is still shipping some new significant features, and there is no (yet) freeze before re:Invent 2023 (in 14 days).

Interestingly, following the announcement of Block Public Sharing for AMI a few weeks ago, AWS introduced the same capacity but for Snapshots.

I've updated my AWS Security Survival Kit (Open Source) with this new capacity to let you apply bare minimal AWS security to your accounts. (Alerting and Configuration)

Victor

🍹 Monitor AWS Managed IAM Policies

Managed Policy changed since last week: 16

1. 🚩 AWSAuditManagerServiceRolePolicy
2. 🚩 AWSIAMIdentityCenterAllowListForIdentityContext
3. AWSIPAMServiceRolePolicy
4. AWSIncidentManagerIncidentAccessServiceRolePolicy
5. AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy
6. AWSResourceExplorerServiceRolePolicy
7. AWSSecurityHubServiceRolePolicy
8. AWSServiceCatalogAppRegistryFullAccess
9. AWSServiceRolePolicyForBackupRestoreTesting
10. AWSTrustedAdvisorServiceRolePolicy
11. AccessAnalyzerServiceRolePolicy
12. AmazonConnectCampaignsServiceLinkedRolePolicy
13. AmazonRekognitionReadOnlyAccess
14. 🚩 AmplifyBackendDeployFullAccess
15. 🚩 CloudWatchApplicationSignalsServiceRolePolicy
16. 🚩 PartnerCentralAccountManagementUserRoleAssociation

Weekly diff

🤖 Powered by MAMIP - 🚩 Sensitive IAM Actions included

🥗 AWS Security Blog

• Set up AWS Private Certificate Authority to issue certificates for use with IAM Roles Anywhere
• AWS KMS is now FIPS 140-2 Security Level 3. What does this mean for you?
• AWS Wickr achieves FedRAMP Moderate authorization
• How to improve your security incident response processes with Jupyter notebooks
• Build an entitlement service for business applications using Amazon Verified Permissions

🧁 IAM Permission Changes

• cloudtrail: 2 updated actions
• logs: 15 new actions, 3 new resources, 2 new conditions | 3 updated actions
• wafv2: 4 updated actions