📋 Chef's selections

1. Hacking Terraform State for Privilege Escalation
2. Auditing AWS EKS Pod Permissions
3. The state of ABAC on AWS (in 2024)

🥗 AWS security blogs

• New AWS whitepaper: AWS User Guide for Federally Regulated Financial Institutions in Canada
• Enhance container software supply chain visibility through SBOM export with Amazon Inspector and QuickSight
• How to develop an Amazon Security Lake POC
• AWS Payment Cryptography is PCI PIN and P2PE certified
• 2023 H2 IRAP report is now available on AWS Artifact for Australian customers
• AWS recognized as an Overall Leader in 2024 KuppingerCole Leadership Compass for Policy Based Access Management
• Enable multi-admin support to manage security policies at scale with AWS Firewall Manager
• How to use Regional AWS STS endpoints
• Winter 2023 SOC 1 report now available for the first time
• Modern web application authentication and authorization with Amazon VPC Lattice
• AWS HITRUST Shared Responsibility Matrix for HITRUST CSF v11.2 now available

🍛 Reddit threads on r/aws

• Lambda function authentication
• What is the correct approach to limiting a Cognito user to only specific IOT things?
• Suspecting that access tokens were leaked: Where to look for leak?
• Do I need to care about VPC, security groups, WAF, etc.?
• Cloudflare in front of AWS Cognito custom domain?
• AWS Windows Workspaces local administrator account question
• I have a question about EKS SecurityGroup.
• Cannot access Terraform store with new account
• Getting an "Amazon Web Services Sign In With Authentication Device" when accessing Login & Security in Account page on Amazon store
• How to set up MFA using touch ID on Mac or iPhone ?

🧁 IAM permission changes

• rds: 1 removed resource
• cloudtrail: 4 updated actions
• resource-groups: 3 new actions | 2 updated actions

🍪 API changes

• AWS Cost Explorer Service - 1 new methods
• AWS WAFV2 - 8 updated methods
• Amazon Relational Database Service - 18 updated methods
• AWS Batch - 4 updated methods

🍹 IAM managed policy changes

1. 🚩 AWSConfigServiceRolePolicy
2. AWSSecurityHubReadOnlyAccess
3. 🚩 AWSThinkboxAWSPortalAdminPolicy
4. 🚩 AWS_ConfigRole
5. 🚩 AmazonRDSCustomInstanceProfileRolePolicy
6. 🚩 AmazonSecurityLakeAdministrator
7. 🚩 AutoScalingServiceRolePolicy
8. 🚩 SecretsManagerReadWrite

☕ CloudFormation resource changes

• No update this week.

🎮 Amazon Linux vulnerabilities