📋 Chef's selections

• Things you wish you didn't need to know about S3
• Publicly Exposed AWS Document DB Snapshots
• The Best Way to Start with AWS Security Hub

🍹 IAM managed policy changes

• AccessAnalyzerServiceRolePolicy
• AmplifyBackendDeployFullAccess
• 🔀 Weekly diff
• MAMIP
• Sensitive

🧁 IAM permission changes

• payments: 2 updated actions
• emr-serverless: 1 new action
• application-signals: 15 new actions, 1 new resource, 3 new conditions
• workspaces-web: 1 updated action
• glue: 11 new actions
• swf: 2 new actions
• imagebuilder: 1 updated action
• ssm: 7 updated actions

🍪 API changes

• Amazon CodeGuru Security - 1 updated methods
• AWS Launch Wizard - 4 new 2 updated methods
• Agents for Amazon Bedrock - 3 updated methods
• Amazon Bedrock Runtime - 2 new methods
• AWS CloudTrail - 1 updated methods
• Amazon Connect Service - 2 updated methods
• EMR Serverless - 1 new 4 updated methods
• Amazon SageMaker Service - 8 updated methods
• AWS CodeBuild - 5 updated methods
• Amazon Connect Service - 1 updated methods
• AWS Glue - 11 updated methods
• AWS SecurityHub - 4 updated methods
• Amazon Elastic Compute Cloud - 2 updated methods
• Managed Streaming for Kafka - 1 updated methods
• Amazon Simple Workflow Service - 2 new methods

🥗 AWS security blogs

• How to issue use-case bound certificates with AWS Private CA
• Establishing a data perimeter on AWS: Analyze your account activity to evaluate impact and refine controls
• AWS completes the 2024 Cyber Essentials Plus certification
• The art of possible: Three themes from RSA Conference 2024
• Accelerate incident response with Amazon Security Lake
• Navigating the threat detection and incident response track at re:Inforce 2024

☕ CloudFormation resource changes

• AWS::SecurityHub::ConfigurationPolicy, AWS::SecurityHub::FindingAggregator, AWS::SecurityHub::OrganizationConfiguration, AWS::SecurityHub::PolicyAssociation
• AWS::SecurityLake::SubscriptionNotification

🎮 Amazon Linux vulnerabilities

No new CVEs.

🍛 Reddit threads on r/aws

• How do I block http requests using WAF?
• Seeking token storage advice
• IAM Role Credential rotation still a good practice?
• Non-Production Endpoints as an Attack Surface in AWS | Datadog Security Labs
• SCPs enforcing SSL on S3 buckets and effects on other Resources
• S3 Hosting — Advice Needed
• Security considerations for Cognito user pools
• Lambdas and serverless
• Anyone actually enforcing "least privileged" on your cloud environments?
• Security Hub as CloudSec Beginner - Feeling Lost
• Unrecognized new VPC charges
• subscribing
• sponsoring
• let us know