📋 Chef's selections

1. Terraform module for Certificate Authority on AWS
2. Deciding on S3 Intelligent Tiering
3. IAMGraph: Mapping Cross-Account Attack Paths in AWS Environments

🥗 AWS security blogs

• TLS inspection configuration for encrypted egress traffic and AWS Network Firewall
• How to generate security findings to help your security team with incident response simulations

🍛 Reddit threads on r/aws

• Are there risks I'm overlooking with a public EKS endpoint?
• Need help setting up a ECS Task with awsvpc mode
• Clotho: A library and egress proxy that acts as a CASB
• Protect my AWS ECS service node.js backend
• Most cost effective way to secure a static site hosted on S3 through Cloudfront distribution?
• Private key of a .pem file should be the only way to SSH into EC2.

📌

🧁 IAM permission changes

• ecs: 9 updated actions
• sagemaker: 3 new actions | 4 updated actions
• deadline: 103 new actions, 9 new resources, 11 new conditions

🍪 API changes

• AWS Transfer Family - 4 updated methods
• AWS CloudFormation - 1 updated methods
• Amazon Lightsail - 3 updated methods

🍹 IAM managed policy changes

1. AWSDeadlineCloud-FleetWorker
2. AWSDeadlineCloud-UserAccessFarms
3. AWSDeadlineCloud-UserAccessFleets
4. AWSDeadlineCloud-UserAccessJobs
5. AWSDeadlineCloud-UserAccessQueues
6. AWSDeadlineCloud-WorkerHost
7. 🚩 AWSDirectoryServiceFullAccess
8. 🚩 AWSManagedServicesDeploymentToolkitPolicy
9. AWSMarketplaceGetEntitlements
10. 🚩 AWSMigrationHubStrategyCollector
11. AWSServiceRoleForCodeWhispererPolicy
12. 🚩 AdministratorAccess-Amplify
13. AmazonDataZoneDomainExecutionRolePolicy
14. AmazonDataZoneFullUserAccess
15. 🚩 AmazonDataZoneGlueManageAccessRolePolicy
16. 🚩 AmazonSageMakerFullAccess
17. 🚩 AmazonSecurityLakeMetastoreManager

☕ CloudFormation resource changes

• AWS::Bedrock
• AWS::SecurityHub
• AWS::CloudWatch::AnomalyDetector

🎮 Amazon Linux vulnerabilities