Issue #142
Monday · February 05, 2024
๐ฅ Palate Cleanser
Hey folks,I have to admit, I'm somewhat underwhelmed by the announcements at re:Invent 2023. It seems like there weren't any groundbreaking features or exciting developments this time around. Perhaps I've been in the industry too long and have become a bit jaded?
The highlights for me were the introduction of S3 Express OZ, the new AWS AI-powered TAM (Amazon Q, wait, Q like in James Bond? ๐คต), and S3 Access Grants methods (yet another way to fail on security).
Hope you've recovered from your post re:Invent blues. Stay well, everyone.
What about you? What did you think of this year's event? Feel free to hit reply and share your thoughts.
Victor
๐ Chef's selections
๐ฅ AWS security blogs
- Use CodeWhisperer to identify issues and use suggestions to improve code security in your IDE
- How to improve cross-account access for SaaS applications accessing customer accounts
- Fall 2023 SOC reports now available with 171 services in scope
- Optimize AWS administration with IAM paths
- Use IAM Roles Anywhere to help you improve security in on-premises container workloads
- Security at multiple layers for web-administered apps
- Introducing new central configuration capabilities in AWS Security Hub
- Use IAM Identity Center APIs to audit and manage application assignments
- Introducing IAM Access Analyzer custom policy checks
๐ Reddit threads on r/aws
๐ง IAM permission changes
๐ช API changes
๐น IAM managed policy changes
Managed Policy changed since last week: 48 (Large one due to re:Invent ๐คข)- ๐ฉ AWSBackupFullAccess
- AWSBackupServiceLinkedRolePolicyForBackup
- ๐ฉ AWSBackupServiceRolePolicyForBackup
- ๐ฉ AWSBackupServiceRolePolicyForRestores
- ๐ฉ AWSCleanRoomsMLFullAccess
- AWSCleanRoomsMLReadOnlyAccess
- AWSElasticDisasterRecoveryAgentInstallationPolicy
- AWSElasticDisasterRecoveryAgentPolicy
- ๐ฉ AWSElasticDisasterRecoveryConsoleFullAccess_v2
- AWSElasticDisasterRecoveryConversionServerPolicy
- ๐ฉ AWSElasticDisasterRecoveryEc2InstancePolicy
- AWSElasticDisasterRecoveryFailbackInstallationPolicy
- AWSElasticDisasterRecoveryFailbackPolicy
- AWSElasticDisasterRecoveryNetworkReplicationPolicy
- ๐ฉ AWSElasticDisasterRecoveryReadOnlyAccess
- ๐ฉ AWSElasticDisasterRecoveryRecoveryInstancePolicy
- AWSElasticDisasterRecoveryReplicationServerPolicy
- AWSElasticDisasterRecoveryServiceRolePolicy
- ๐ฉ AWSElasticDisasterRecoveryStagingAccountPolicy
- ๐ฉ AWSElasticDisasterRecoveryStagingAccountPolicy_v2
- ๐ฉ AWSFaultInjectionSimulatorEC2Access
- AWSFinSpaceServiceRolePolicy
- AWSSecurityHubServiceRolePolicy
- AWSServiceRoleForNeptuneGraphPolicy
- AWSZonalAutoshiftPracticeRunSLRPolicy
- AccessAnalyzerServiceRolePolicy
- ๐ฉ AmazonConnectServiceLinkedRolePolicy
- AmazonDataZoneDomainExecutionRolePolicy
- AmazonDataZoneFullUserAccess
- AmazonDetectiveInvestigatorAccess
- AmazonEKSWorkerNodePolicy
- AmazonElastiCacheFullAccess
- ๐ฉ AmazonElasticFileSystemFullAccess
- AmazonFSxConsoleFullAccess
- AmazonFSxFullAccess
- AmazonOneEnterpriseFullAccess
- AmazonOneEnterpriseInstallerAccess
- AmazonOneEnterpriseReadOnlyAccess
- AmazonQFullAccess
- ๐ฉ AmazonSageMakerCanvasAIServicesAccess
- ๐ฉ AmazonSageMakerClusterInstanceRolePolicy
- ๐ฉ AmazonSageMakerFullAccess
- CloudTrailServiceRolePolicy
- ElastiCacheServiceRolePolicy
- IAMAccessAnalyzerReadOnlyAccess
- ๐ฉ NeptuneConsoleFullAccess
- ๐ฉ NeptuneGraphReadOnlyAccess
- ๐ฉ ReadOnlyAccess
๐ค Powered by MAMIPย | ๐ฉ Sensitive IAM Actions included
โ CloudFormation resource changes
- AWS::S3Express::DirectoryBucket /ย AWS::S3Express::BucketPolicy
- AWS::ElastiCache::ServerlessCache
- AWS::AccessAnalyzer::Analyzer
- AWS::Backup::RestoreTestingPlan /ย AWS::Backup::RestoreTestingSelection
- AWS::ManagedBlockchain::Accessor
- AWS::EKS::PodIdentityAssociation
๐ฎ Amazon Linux vulnerabilities
This section will show you the latest (Important and Critical) CVEs on Amazon Linux.- No CVEs published this week on Amazon Linux OS.
