📋 Chef's selections

1. Shift Left Security with Amazon Inspector
2. Moving away from CDK
3. Exploring Red Team Persistence via AWS Lex Chatbots

🥗 AWS security blogs

• How AWS can help you navigate the complexity of digital sovereignty
• AWS completes the 2023 South Korea CSP Safety Assessment Program
• AWS renews K-ISMS certificate for the AWS Asia Pacific (Seoul) Region
• How to migrate asymmetric keys from CloudHSM to AWS KMS
• 2023 C5 Type 2 attestation report available, including two new Regions and 170 services in scope
• How to migrate your on-premises domain to AWS Managed Microsoft AD using ADMT

🍛 Reddit threads on r/aws

• Dealing With Terraform As Security Engineer
• You can now assign multiple MFA devices in IAM
• Using AWS Cognito for an iOS Application without AWS Amplify
• AMI Snapshots Unencrypted?

🧁 IAM permission changes

• eks: 4 updated conditions
• sagemaker: 1 new action | 232 updated actions
• appsync: 2 new actions

🍪 API changes

• AWS Glue - 2 updated methods
• AWS WAFV2 - 1 new methods
• Amazon SageMaker Service - 6 updated methods

🍹 IAM managed policy changes

1. 🚩 AWSMarketplaceSellerFullAccess
2. 🚩 AWSMigrationHubStrategyCollector
3. AWSOrganizationsFullAccess
4. AWSOrganizationsReadOnlyAccess
5. AmazonDataZoneDomainExecutionRolePolicy
6. 🚩 AmazonLexFullAccess
7. AmazonRedshiftReadOnlyAccess
8. 🚩 AmazonSageMakerCanvasBedrockAccess
9. 🚩 AmazonVPCFullAccess
10. AmazonVPCReadOnlyAccess
11. 🚩 CloudWatchAgentAdminPolicy
12. 🚩 CloudWatchAgentServerPolicy
13. Health_OrganizationsServiceRolePolicy
14. LakeFormationDataAccessServiceRolePolicy
15. 🚩 ReadOnlyAccess

☕ CloudFormation resource changes

• AWS::Cassandra::Table

🎮 Amazon Linux vulnerabilities