📋 Chef's selections

1. AWS LEGO: Organizing the Org
2. Amazon S3 Block Public Access Bypass
3. Amazon DynamoDB now supports resource-based policies

🥗 AWS security blogs

• Securing generative AI: Applying relevant security controls

🍛 Reddit threads on r/aws

• DynamoDB Adds Support for Resource-Based Policies
• WAF with externally hosted application and no redirect?
• Key rotation for non-aws service (Snowflake) managed by KMS
• Using AWS Cognito as authentication provider with fully custom UI components in react-native
• What’s the most secure way to store the private keys of the crypto wallets that we generate?
• requesting sanity check on IAM policy
• Hub and Spoke Model - Inspection Between Subnets
• ElastiCache Redis - why would someone set a second password?
• Conformance pack for ASAE 3150 or ISAE 3150
• Security Hub Central Configuration
• Unable to connect to any new databases
• Bypassing Amazon S3 Block Public Access and Creating a Public S3 Bucket

🧁 IAM permission changes

• ssm: 1 updated action
• ec2: 6 updated actions, 1 updated resource | 1 removed condition

🍪 API changes

• Amazon DynamoDB - 3 new 1 updated methods
  
• AWS Key Management Service - 1 updated methods
  
• Access Analyzer - 10 updated methods

🍹 IAM managed policy changes

1. 🚩 AWSCleanRoomsFullAccess
2. 🚩 AWSGlueDataBrewServiceRole
3. 🚩 AWSMarketplaceSellerFullAccess
4. 🚩 AmazonDynamoDBReadOnlyAccess
5. 🚩 AmazonRedshiftServiceLinkedRolePolicy
6. AmazonTimestreamInfluxDBFullAccess

☕ CloudFormation resource changes

• AWS::WAFv2::WebACL
• AWS::DynamoDB::Table

🎮 Amazon Linux vulnerabilities