‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

20th Monday
November, 2023

Time to read: 4 minutes

📣️ AWS Security Foundations for Dummies (Sponsor)

Rampant cloud activity? Cloud risk can grow faster than your AWS bill (true story).

That’s why Wiz partnered with Wiley to create the AWS Security for Dummies ebook. This free pdf contains 46 pages of expert tips to harden your AWS environment, including:

How to get the basics right to help scale security when your footprint (inevitably) grows
How to secure specific resources based on your usage (VMs, S3, Cloudtrails, and more)
Which critical weaknesses to prioritize so you aren’t caught off guard

All of these techniques can be found here – grab your free digital copy now and boost your AWS security posture.

🥗 Appetizer

Hey folks,

Big shoutout to our latest sponsor, Wiz, for their support with this newsletter – couldn't have done it without them!

This issue features an insightful report from Datadog's research team on Cloud Security's current landscape, offering a valuable perspective by comparing it to previous studies. It's a must-read for grasping corporate trends.

Plus, we've got updates on over 29 IAM Managed Policies.

Victor

📋 Chef's Weekly selections

🍹 Monitor AWS Managed IAM Policies

Managed Policy changed since last week: 29

Weekly diff

🤖 Powered by MAMIP - 🚩 Sensitive IAM Actions included

🍔 AWS API Changes

TrustedAdvisor Public API - 10 new methods - AWS Trusted Advisor introduces new APIs to enable you to programmatically access Trusted Advisor best practice checks, recommendations, and prioritized recommendations. Trusted Advisor APIs enable you to integrate Trusted Advisor with your operational tools to automate your workloads.
AWS Lambda - 8 updated methods - Adds support for logging configuration in Lambda Functions. Customers will have more control how their function logs are captured and to which cloud watch log group they are delivered also.
Amazon Elastic Compute Cloud - 3 new 24 updated methods - AWS EBS now supports Snapshot Lock, giving users the ability to lock an EBS Snapshot to prohibit deletion of the snapshot. This release introduces the LockSnapshot, UnlockSnapshot & DescribeLockedSnapshots APIs to manage lock configuration for snapshots. The release also includes the dl2q_24xlarge.

🥣 Secret Sauce

New section alert! Each week, we'll showcase your top AWS insights, focusing on AWS Security tricks and tips. Got a cool command-line hack, a clever console maneuver, or an awesome open-source tool? Send us your best tips for a shot at being featured in our upcoming issues.

l will start first with this great command to get the CloudWatch LogGroups ordered by StorageSize

$ aws logs describe-log-groups --query "logGroups[*].{LogGroup:logGroupName,VolumeSize:storedBytes,RetentionInDays:retentionInDays} | reverse(sort_by(@, &VolumeSize))" --output table

Victor Grenu - Indie AWS Architect - @zoph

🥗 AWS Security Blog

🧁 IAM Permission Changes

☕︎ CloudFormation Updates

🍪 Amazon Linux CVEs

This section will show you the latest (Important and Critical) CVEs on Amazon Linux.

No CVEs published this week on Amazon Linux OS.

👾 r/aws

🗯️ Enjoying our updates? Share your thoughts!

☆ ☆ ☆ ☆ ☆

🖊️ stay ahead of the game by subscribing

📢 Gain visibility for your brand by sponsoring our content

💌 If you have any suggestions for future topics, let us know