‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

18th Monday
December, 2023

Time to read: 3 minutes

📣 The 2023 Kubernetes Security Report (Sponsor)

The shocking reality of critical vulnerabilities in publicly-exposed containers.
Kubernetes (K8s) has transformed the way applications are deployed and managed in the cloud-native landscape. Based on our scans of over 200,000 cloud accounts, the Wiz Security Research team exposes how many clusters are at risk, and what it means for your cloud defense. You’ll discover:

In-depth breakdown of Kubernetes attack chains
Statistics on security controls and mitigations
The best ways to defend against cloud attacks

Think of it as your playbook against cloud threats. All this and more can be found here – grab your free copy now.

🥗 Appetizer

Hey folks,

As 2023 draws to a close, this marks the final edition of the AWS Security Digest Newsletter for the year.

It's been a fantastic journey sharing the latest and most relevant AWS security updates with you all.

We'll be back in 2024, ready to serve another year of fresh, insightful content in the world of AWS security.

In the meantime, I wish you all a wonderful holiday season. May you enjoy memorable moments with your loved ones during Christmas 🎄.

Cheers!

Victor

📋 Chef's Weekly selections

🍹 Monitor AWS Managed IAM Policies

Managed Policy changed since last week: 11

Weekly diff

🤖 Powered by MAMIP | 🚩 Sensitive IAM Actions included

🍔 AWS API Changes

🥣 Secret Sauce

Each week, we'll showcase your top AWS insights, focusing on AWS Security tricks and tips. Got a cool command-line hack, a clever console maneuver, or an awesome open-source tool? Send us your best tips for a shot at being featured in our upcoming issues.

Two new features launched at the start of re:invent for Access Analyzer that I’ve been using constantly since: check-access-not-granted and check-no-new-access.

These are great for quick checks or to add to your CI/CD pipelines or CloudFormation hooks.

Hopefully we continue to see improvements, like getting a more descriptive failure message :) (Requires CLI 2.13.39 or later. CloudShell currently uses 2.13.33 as of 12/1/2023 so this won’t work unless you upgrade or wait)

Check to see if new permissions are added to a policy before deploying:

More info and announcement article.

Christophe Limpalair - Co-Founder of Cybr and developer at heart

📣 Elevate Your AWS Security with Prowler SaaS (Sponsor)

Prowler SaaS makes it easy to discover what is important in your AWS environment and make it more secure.

Prioritize critical aspects with actionable insights, gaining control over your cloud workloads and ensuring continuous monitoring.

Ready to elevate your cloud security game? Sign up now for a free trial.

🥗 AWS Security Blog

🧁 IAM Permission Changes

☕︎ CloudFormation Updates

AWS::B2BI::Capability

🍪 Amazon Linux CVEs

This section will show you the latest (Important and Critical) CVEs on Amazon Linux.

ALAS-2023-461 (important): kernel - CVE-2023-6111

👾 r/aws

🗯️ Enjoying our updates? Share your thoughts!

☆ ☆ ☆ ☆ ☆

🖊️ stay ahead of the game by subscribing

📢 Gain visibility for your brand by sponsoring our content

💌 If you have any suggestions for future topics, let us know