Issue #141
Monday · January 29, 2024
๐ฅ Palate Cleanser
Hey folks,As you make your way to the vibrant casinos of Las Vegas, gearing up for an exciting re:Invent week, I'm here to bring you a condensed pre-re:Invent update.
Expect a comprehensive follow-up in our next issue, packed with information on new services and features.
In line with our yearly tradition, I've upgraded the @mamip_aws schedule to perform IAM Managed Policies scans every 30 minutes.
This enhancement ensures we stay ahead of the curve, promptly capturing any new #AWS services and features unveiled at #reInvent.
Wishing you all a fantastic re:Invent,
Victor
๐ Chef's selections
๐ฅ AWS security blogs
- How to use the BatchGetSecretValue API to improve your client-side applications with AWS Secrets Manager
- How to use the PassRole permission with IAM roles
- Upcoming improvements to your AWS sign-in experience
- AWS Security Profile: Chris Betz, CISO of AWS
- How to use multiple instances of AWS IAM Identity Center
- AWS achieves SNI 27001 certification for the AWS Asia Pacific (Jakarta) Region
- Establishing a data perimeter on AWS: Require services to be created only within expected networks
๐ Reddit threads on r/aws
- New organization-wide IAM condition keys to restrict AWS service-to-service requests
- A couple of security questions from a newer AWS user
- RDS or self-managed PostgreSQL?
- Help with SSL certificate
- Vulnerability reports for AWS Lambda?
- Best enterprise tools for scanning, analyzing and recommending AWS IAM?
- Validation pdfs in lambdas before they get uploaded to s3
- Generating AWS Signature V4 within RStudio
- WebSocket API GW & Cognito-based auth - Are there easier/better ways to do this?
- Amazon CloudFront announces CloudFront security dashboard, a Unified CDN and Security Experience
- Suggestion for authenticating front-end Angular app to call Backend Lambda behind Gateway
- Canโt keep SSM session open
- Help with Amplify Auth access
- How can I get the IP's that connected to an AWS workspace
- EC2 T2 Ubuntu instance with amd64 vulnerabilities
- UPDATE: Help with SSL certificate
- Permission boundaries: make sure roles can't create roles with more permissions than themselves, even when they have multiple attached policies
๐ง IAM permission changes
๐ช API changes
๐น IAM managed policy changes
Managed Policy changed since last week: 19- ๐ฉ AWSIAMIdentityCenterAllowListForIdentityContext
- ๐ฉ AWSRepostSpaceSupportOperationsPolicy
- AWSSSMForSAPServiceLinkedRolePolicy
- AWSSecurityHubServiceRolePolicy
- AmazonDetectiveInvestigatorAccess
- AmazonEKSWorkerNodePolicy
- AmazonFSxConsoleFullAccess
- AmazonFSxFullAccess
- AmazonGuardDutyServiceRolePolicy
- AmazonInspector2AgentlessServiceRolePolicy
- AmazonPrometheusFullAccess
- ๐ฉ AmazonPrometheusScraperServiceRolePolicy
- ๐ฉ AwsGlueSessionUserRestrictedNotebookPolicy
- CloudTrailServiceRolePolicy
- CloudWatchLogsFullAccess
- CloudWatchLogsReadOnlyAccess
- CostOptimizationHubServiceRolePolicy
- ElasticLoadBalancingReadOnly
- IAMAccessAnalyzerReadOnlyAccess
๐ค Powered by MAMIPย - ๐ฉ Sensitive IAM Actions included
โ CloudFormation resource changes
- AWS::Transfer::Server and AWS::Transfer::User resources have been updated.
๐ฎ Amazon Linux vulnerabilities
This section will show you the latest (Important and Critical) CVEs on Amazon Linux.- No CVEs published this week on Amazon Linux OS.
