AWS Security Digest

Issue #149

Monday · February 05, 2024

🥖 Palate Cleanser

Hey folks,

This week, AWS introduced a new charge for Public IPv4 usage.
I have some concerns regarding all these small moves AWS introduces along the way, with little business value costing AWS customers a lot.

To name a few:

1. Adding new AWS Config Resources support
2. Making usage of Public IPv4 a paid feature
3. Promoting the usage of KMS Key Rotation

Something interesting is ramping up in the CloudFormation space; they are preparing a new capability to generate a CloudFormation template from existing assets on your AWS Account.

Bon appétit! 🍽️
Victor

📋 Chef's selections

  1. KMS Key Policy Privilege Escalation
  2. [Workshop] Ransomware on RDS - Simulation and Detection
  3. Data Perimeter Policy Examples on AWS

🥗 AWS security blogs

🍛 Reddit threads on r/aws

Security flair only.

🧁 IAM permission changes

🍪 API changes

🍹 IAM managed policy changes

Managed Policy changed since last week: 3
  1. AmazonDataZoneDomainExecutionRolePolicy
  2. 🚩 AmazonLexReplicationPolicy
  3. 🚩 ROSAInstallerPolicy
Weekly diff

🤖 Powered by MAMIP | 🚩 Sensitive IAM Actions included

☕ CloudFormation resource changes

🎮 Amazon Linux vulnerabilities

This section will show you the latest (Important and Critical) CVEs on Amazon Linux.

Amazon Linux 2

Get every AWS security change,
on a plate every Monday.

6,700+ engineers, builders and CISOs let us diff the AWS changelog every week.