Issue #143
Monday · February 12, 2024
🥖 Palate Cleanser
Hey folks,This week, I've launched two new open-source projects.
The first one facilitates hosting static websites internally on AWS without the need for CloudFront.
The second project serves as a tool to assist with the Default Host Management Settings for AWS SSM at the AWS Account Level.
Additionally, we're excited to announce sponsorship openings for the AWS Security Digest for 2024. If you're interested in supporting our newsletter and helping us continue into 2024, please reach out. This is an excellent chance to showcase your product and expertise in the field.
Cheers!
Victor
📋 Chef's selections
🥗 AWS security blogs
🍛 Reddit threads on r/aws
- Service Control Policy (SCP) Roll Out Strategy
- Hundreds of Random Requests on my Nginx logs?
- Can WAF block this scenario?
- Restrict access to Managed devices
- MFA email getting blocked?
- AWS S3 and Cloudfront restrict access to media files stored in bucket by whitelisting domains
- Permissions to grant an AWS Amplify account
🧁 IAM permission changes
🍪 API changes
🍹 IAM managed policy changes
Managed Policy changed since last week: 19- 🚩 AWSAuditManagerServiceRolePolicy
- AWSBatchServiceRole
- 🚩 AWSConfigServiceRolePolicy
- AWSMSKReplicatorExecutionRole
- 🚩 AWSMigrationHubOrchestratorConsoleFullAccess
- AWSServiceCatalogAppRegistryFullAccess
- 🚩 AWSSupportServiceRolePolicy
- 🚩 AWS_ConfigRole
- 🚩 AmazonBedrockFullAccess
- AmazonBedrockReadOnly
- 🚩 AmazonChimeSDKMediaPipelinesServiceLinkedRolePolicy
- 🚩 AmazonECSServiceRolePolicy
- 🚩 AmazonSageMakerCanvasDataPrepFullAccess
- 🚩 AmazonSageMakerCanvasFullAccess
- BatchServiceRolePolicy
- 🚩 CloudWatchFullAccessV2
- CloudWatchReadOnlyAccess
- IVSReadOnlyAccess
- 🚩 ReadOnlyAccess
🤖 Powered by MAMIP | 🚩 Sensitive IAM Actions included
☕ CloudFormation resource changes
🎮 Amazon Linux vulnerabilities
This section will show you the latest (Important and Critical) CVEs on Amazon Linux.- No CVEs published this week on Amazon Linux OS.
