📋 Chef's selections

1. Tales from the cloud trenches: Using malicious AWS activity to spot phishing campaigns
2. How we sped up AWS CloudFormation deployments with optimistic stabilization
3. Application Load Balancer enables configuring HTTP client keepalive duration

🥗 AWS security blogs

• AWS completes the annual Dubai Electronic Security Centre certification audit to operate as a Tier 1 cloud service provider in the Emirate of Dubai
• AWS completes the annual UAE Information Assurance Regulation compliance assessment
• AWS Wickr achieves FedRAMP High authorization

🍛 Reddit threads on r/aws

• Password breaks secret manager
• ECS Fargate with FIPS enabled issues
• AWS Control Tower in an existing Organization
• Encrypted search question
• if i use protocol buffers that inter exchange client and server is "aws managed waf" aware on how to detect i.e sql injections or xss or any of the common ones? or should i stick to json and not binary format
• Rant: AWS Cognitio forcing you to pay for advanced security for important feature

🧁 IAM permission changes

• ecs: 9 updated actions
• datazone: 1 new action
• lexv2: 6 new actions

🍪 API changes

• Amazon GuardDuty - 1 updated methods
• AWS Transfer Family - 3 updated methods
• Timestream InfluxDB - 11 new methods

🍹 IAM managed policy changes

1. 🚩 AWSCodePipeline_FullAccess
2. 🚩 AWSMarketplaceSellerFullAccess
3. AmazonDataZoneDomainExecutionRolePolicy
4. 🚩 AmazonDataZoneFullAccess
5. AmazonDataZoneFullUserAccess
6. 🚩 AmazonDataZoneRedshiftGlueProvisioningPolicy
7. 🚩 AmazonLexReplicationPolicy
8. AmazonTimestreamInfluxDBFullAccess
9. 🚩 AmazonTimestreamInfluxDBServiceRolePolicy

☕ CloudFormation resource changes

• AWS CloudFormation added the CONFIGURATION_COMPLETE event to enable faster workflows involving the creation of resources.

🎮 Amazon Linux vulnerabilities