Issue #146
Monday · January 15, 2024
🥖 Palate Cleanser
Hey folks,This year, I've got a small favor to ask you. Your thoughts and feedback on our newsletter are like secret ingredients to us. They help us whip up the perfect blend of content - fresh, secure, and exactly to your taste.
So, could you spare a moment to tell us what you love, what you'd toss out, and any flavor you think we're missing? Your input is crucial in helping us serve up the most satisfying AWS security feast.
Here's a quick survey to share your thoughts.
Thank you for helping us make this newsletter better for everyone!
Bon appétit! 🍽️
Victor
📋 Chef's selections
🥗 AWS security blogs
- How to customize access tokens in Amazon Cognito user pools
- Strengthen the DevOps pipeline and protect data with AWS Secrets Manager, AWS KMS, and AWS Certificate Manager
- Automate Cedar policy validation with AWS developer tools
- AWS named as a Leader in 2023 ISG Provider Lens report for Multi Public Cloud Services – Sovereign Cloud Infrastructure Services (EU)
- AWS Certificate Manager will discontinue WHOIS lookup for email-validated certificates
- How to use AWS Secrets Manager and ABAC for enhanced secrets management in Amazon EKS
🍛 Reddit threads on r/aws
Security flair only.- Best practices for Organizations and root users
- AWS Guard Duty Finding
- Fargate/CVE
- Bypass Cognito Account Enumeration Controls
- Why and how to use IAM Identity Center for standalone account
- Security Group
- IAM Policy Question Deny Statements
- Application Inventory
- 401 Unauthorized Error after Re-Login with AWS Cognito and ALB
- LDAPS for AWS Managed AD Connection Issues
- Newbie question about access keys on a new IAM account in a blank AWS Acct.
- AWS multi-account strategy when there are multiple production environments
🧁 IAM permission changes
🍪 API changes
🍹 IAM managed policy changes
Managed Policy changed since last week: 9- 🚩 AWSGrafanaWorkspacePermissionManagementV2
- AWSLambdaVPCAccessExecutionRole
- AccessAnalyzerServiceRolePolicy
- AmazonECSInfrastructureRolePolicyForVolumes
- AmazonFSxConsoleFullAccess
- AmazonFSxConsoleReadOnlyAccess
- AmazonFSxFullAccess
- 🚩 AmazonFSxServiceRolePolicy
- 🚩 DynamoDBReplicationServiceRolePolicy
🤖 Powered by MAMIP - 🚩 Sensitive IAM Actions included
☕ CloudFormation resource changes
🎮 Amazon Linux vulnerabilities
This section will show you the latest (Important and Critical) CVEs on Amazon Linux.Amazon Linux 2
- ALASKERNEL-5.10-2024-045 (important): kernel - CVE-2023-39198, CVE-2023-46862, CVE-2023-6121, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932
- ALASKERNEL-5.15-2024-033 (important): kernel - CVE-2023-46862, CVE-2023-6121, CVE-2023-6622, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932
