📋 Chef's selections

1. Great X Thread about Amazon Cognito Security
2. Kubernetes LAN Party! A CTF designed to challenge your Kubernetes hacking skills
3. Great Podcast from Corey with Jack Ellis from Fathom Analytics

🥗 AWS security blogs

• How to access AWS resources from Microsoft Entra ID tenants using AWS Security Token Service
• AWS CloudHSM architectural considerations for crypto user credential rotation
• Introducing the AWS WAF traffic overview dashboard

🍛 Reddit threads on r/aws

• Endless Security Checks
• How do you handle security checks?
• Possible to put a security group on the IGW for global stateful network access rules?
• AWS Config Lambda Custom Rules Remediation
• AWS and IP spoofing
• How to handle customer aws account verification
• Redirect API Gateway to Lambda streaming function URL ?
• EKS Security Best Practices
• Urgent Assistance Needed: AWS Account Compromised with $150K in Unauthorized Charges
• GuardDuty malware scan shortfall
• Need a little bit of help

🧁 IAM permission changes

• s3: 6 updated resources
• wafv2: 1 new action
• dms: 18 removed actions, 4 removed resources, 4 removed conditions

🍪 API changes

• Amazon Relational Database Service - 12 updated methods
• Amazon Simple Email Service - 3 updated methods
• AWS CloudFormation - 4 updated methods

🍹 IAM managed policy changes

1. 🚩 AWSMarketplaceResaleAuthorizationServiceRolePolicy
2. 🚩 AWSMigrationHubOrchestratorServiceRolePolicy
3. AWSServiceRoleForCodeWhispererPolicy
4. AmazonEKS_CNI_Policy
5. 🚩 CloudWatchApplicationSignalsServiceRolePolicy

☕ CloudFormation resource changes

• AWS::Amplify::Domain
• AWS::WAFv2::WebACL
• AWS::WAFv2::RuleGroup
• AWS::Batch:JobDefinition

🎮 Amazon Linux vulnerabilities

• ALASECS-2024-035 (important): containerd - CVE-2023-39325, CVE-2023-39326, CVE-2023-3978, CVE-2023-47108