Issue #147
Monday · January 22, 2024
๐ฅ Palate Cleanser
Hey folks,Thanks for your feedback on last week's survey; your input is valuable for planning the year ahead.
Many of you inquired about supporting the newsletter's continuity. The best way to help is by sharing it with your friends and colleagues.
Also, if you're currently reading through the web-view, consider subscribing. It makes a big difference.
Bon appรฉtit! ๐ฝ๏ธ
Victor
๐ Chef's selections
๐ฅ AWS security blogs
- How to use AWS Database Encryption SDK for client-side encryption and perform searches on encrypted attributes in DynamoDB tables
- OT/IT convergence security maturity model
- Building a security-first mindset: three key themes from AWS re:Invent 2023
- Generate AI powered insights for Amazon Security Lake using Amazon SageMaker Studio and Amazon Bedrock
๐ Reddit threads on r/aws
Security flair only.- Should I Use OAuth
- Custom lambda authorizor caching even though caching turned off
- Why AWS isnโt using EC2 security groups to front EKS API endpoint?
- Restrict access to all resources based on Resource Tags
- Convert 3rd party idp token to access/refresh tokens
- Authenticating third-party apps or APIs into an AWS account.
- Using Amazon Cognito Tokens for Fine-Grained Access Control (2023)
๐ง IAM permission changes
๐ช API changes
- AWS Transfer Family - 2 updated methods - AWS Transfer Family now supports static IP addresses for SFTP & AS2 connectors and for async MDNs on AS2 servers.
- AmazonMWAA - 1 updated methods - This Amazon MWAA feature release includes new fields in CreateWebLoginToken response model. The new fields IamIdentity and AirflowIdentity will let you match identifications, as the Airflow identity length is currently hashed to 64 characters.
- Amazon Keyspaces - 1 new 4 updated methods - This release adds support for Multi-Region Replication with provisioned tables, and Keyspaces auto scaling APIs
๐น IAM managed policy changes
Managed Policy changed since last week: 6- AWSBillingReadOnlyAccess
- AWSElasticDisasterRecoveryCrossAccountReplicationPolicy
- AWSElasticDisasterRecoveryServiceRolePolicy
- ๐ฉ AWSSupportServiceRolePolicy
- AWSTrustedAdvisorServiceRolePolicy
- Billing
๐ค Powered by MAMIP | ๐ฉ Sensitive IAM Actions included
โ CloudFormation resource changes
๐ฎ Amazon Linux vulnerabilities
This section will show you the latest (Important and Critical) CVEs on Amazon Linux.Amazon Linux 2
- Amazon Linux 2023
- ALAS-2024-485 (important): java-21-amazon-corretto - CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20945, CVE-2024-20952
- ALAS-2024-484 (important): java-11-amazon-corretto - CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952
- ALAS-2024-483 (important): java-17-amazon-corretto - CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952
- ALAS-2024-482 (important): java-1.8.0-amazon-corretto - CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952
- ALAS-2024-2415 (important): java-17-amazon-corretto - CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952
- ALAS-2024-2414 (important): java-11-amazon-corretto - CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952
- ALASCORRETTO8-2024-009 (important): java-1.8.0-amazon-corretto - CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952
Amazon Linux 2
