Issue #163
Monday · June 24, 2024
π Chef's selections
-
Tales from the cloud trenches: Raiding for AWS vaults, buckets and secrets
Martin McCloskey takes us inside an attack campaign enumerating secrets, S3 buckets, and S3 Glacier vaults. Lotβs of tactics, techniques, and procedures (TTPs) in this one for those into detection and response.
-
Rami McCarthy took the challenge to do AWS security research to heart and published some code to find which vendors have Github Actions OIDC configured.
-
AWSβs head of security shares 7 reasons why security will always be Amazonβs top priority
This article focuses on how Amazon thinks about AI, innovation, and security culture. It reads a little as if it was written for SEO juice but there are some good nuggets in there for security leaders.
π₯ AWS security blogs
π§ IAM permission changes
- connect: 4 new actions, 1 new resource
- compute-optimizer: 3 new actions | 3 updated actions
- cloudshell: 1 new action, 3 new conditions | 1 updated action
- bedrock: 1 new action
- sagemaker-mlflow: 45 new actions, 1 new resource
- macie2: 2 new actions
- sagemaker: 8 new actions, 1 new resource | 3 updated actions
- servicediscovery: 1 updated action
- kms: 1 new action, 1 new condition
πͺ API changes
- Amazon Bedrock Runtime - 2 updated methods - This release adds document support to Converse and ConverseStream APIs
- CodeArtifact - 24 updated methods - Add support for the Cargo package format.
- AWS Compute Optimizer - 3 new 6 updated methods - This release enables AWS Compute Optimizer to analyze and generate optimization recommendations for Amazon RDS MySQL and RDS PostgreSQL.
- Cost Optimization Hub - 3 updated methods - This release enables AWS Cost Optimization Hub to show cost optimization recommendations for Amazon RDS MySQL and RDS PostgreSQL.
- Amazon Interactive Video Service RealTime - 5 updated methods - IVS Real-Time now offers customers the ability to record individual stage participants to S3.
- Amazon SageMaker Service - 2 new 14 updated methods - Adds support for model references in Hub service, and adds support for cross-account access of Hubs
- AWS Artifact - 1 updated methods - This release adds an acceptanceType field to the ReportSummary structure (used in the ListReports API response).
- Amazon OpenSearch Service - 7 updated methods - This release enables customers to use JSON Web Tokens (JWT) for authentication on their Amazon OpenSearch Service domains.
- Amazon Bedrock Runtime - 2 updated methods - This release adds support for using Guardrails with the Converse and ConverseStream APIs.
- Amazon Elastic Kubernetes Service - 3 updated methods - This release adds support to surface async fargate customer errors from async path to customer through describe-fargate-profile API response.
- Amazon SageMaker Service - 8 new 4 updated methods - Launched a new feature in SageMaker to provide managed MLflow Tracking Servers for customers to track ML experiments. This release also adds a new capability of attaching additional storage to SageMaker HyperPod cluster instances.
- AWS CodeBuild - 5 updated methods - AWS CodeBuild now supports global and organization GitHub webhooks
- AWS Glue - 5 new 12 updated methods - This release introduces a new feature, Usage profiles. Usage profiles allow the AWS Glue admin to create different profiles for various classes of users within the account, enforcing limits and defaults for jobs and sessions.
- AWS Elemental MediaConvert - 8 updated methods - This release includes support for creating I-frame only video segments for DASH trick play.
πΉ IAM managed policy changes
Managed Policy changed since last week: 9
