🥗 Appetizer

Hey folks,

As you make your way to the vibrant casinos of Las Vegas, gearing up for an exciting re:Invent week, I'm here to bring you a condensed pre-re:Invent update.

Expect a comprehensive follow-up in our next issue, packed with information on new services and features.

In line with our yearly tradition, I've upgraded the @mamip_aws schedule to perform IAM Managed Policies scans every 30 minutes.

This enhancement ensures we stay ahead of the curve, promptly capturing any new #AWS services and features unveiled at #reInvent.

Wishing you all a fantastic re:Invent,

Victor

🍹 Monitor AWS Managed IAM Policies

Managed Policy changed since last week: 19

1. 🚩 AWSIAMIdentityCenterAllowListForIdentityContext
2. 🚩 AWSRepostSpaceSupportOperationsPolicy
3. AWSSSMForSAPServiceLinkedRolePolicy
4. AWSSecurityHubServiceRolePolicy
5. AmazonDetectiveInvestigatorAccess
6. AmazonEKSWorkerNodePolicy
7. AmazonFSxConsoleFullAccess
8. AmazonFSxFullAccess
9. AmazonGuardDutyServiceRolePolicy
10. AmazonInspector2AgentlessServiceRolePolicy
11. AmazonPrometheusFullAccess
12. 🚩 AmazonPrometheusScraperServiceRolePolicy
13. 🚩 AwsGlueSessionUserRestrictedNotebookPolicy
14. CloudTrailServiceRolePolicy
15. CloudWatchLogsFullAccess
16. CloudWatchLogsReadOnlyAccess
17. CostOptimizationHubServiceRolePolicy
18. ElasticLoadBalancingReadOnly
19. IAMAccessAnalyzerReadOnlyAccess

Weekly diff

🤖 Powered by MAMIP - 🚩 Sensitive IAM Actions included

🥣 Secret Sauce

New section alert! Each week, we'll showcase your top AWS insights, focusing on AWS Security tricks and tips. Got a cool command-line hack, a clever console maneuver, or an awesome open-source tool? Send us your best tips for a shot at being featured in our upcoming issues.

“This is my favourite IAM statement I’ve ever written. Can you figure out what it does?”

{    
  "Version": "2012-10-17",    
  "Statement": [        
    {            
     "Effect": "Allow",            
     "Action": "sns:Publish",            
     "NotResource": "arn:*:sns:*:*:*"        
     }    
  ]
}

Ian Mckay - Cloud Principal @ Kablamo, hoarder of S3 Buckets - @iann0036