AWS Security Digest

Monday,
April 14, 2025

🥖 Palette Cleanser

Good news fam, we’re richer than last issue! But still poorer than the issue before that. ⚖️🤷‍♂️ Lucky we’re all AWS security purists and don’t have to live in meatspace with the rest of the capitalists.

Since many of us are playing with AI — or watching others play with AI (no innuendo intended) — it’s a good time to talk about the Model Context Protocol (MCP) and its application to AWS. MCP is an open protocol that standardizes how applications provide context to LLMs. It has the potential to make writing AWS security agents and complex workflows on top of LLMs really easy.

Both Amazon and the community have been quick to rally around it. AWS has released quite a number of MCP servers for things ranging from accessing AWS documentation to creating pretty AWS architecture diagrams. Paul Santus made an MCP server for interacting with those pesky service reference JSON files AWS now publishes, with IAM actions, condition keys, and more. But it’s not all good news — Invariant Labs has demonstrated attacks against some implementations and the folks at Wiz have also been doing attack demos.

Enjoy the issue. Hopefully, there will be no more references to the world economy in future editions.

Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.

📋 Chef's selections

Gaining Long-Term AWS Access with CodeBuild and GitHub by Adan Alvarez

Adan, you sly dog. This post is another sneaky way of backdooring an AWS role in a perfectly legitimate-looking way. If your org uses CodeBuild, you’re very likely to skip over this in an investigation, because a trust relationship with codebuild.amazonaws.com is going to look totes fine. Instructions for doing the bad things and detecting them are within.
Handling Network Throttling with AWS EC2 at Pinterest by Jia Zhan & Sachin Holla

Sometimes an article is written for not-security but ends up having lots of security implications. This is one of those times. This is one of those times. During past incidents, the Pinterest engineering team discovered that peak traffic was blowing past the baseline bandwidth on their EC2 instances, causing unpredictable network latency from traffic throttling. They figured out a bunch of AWS bottlenecks and quirks, and made their infrastructure a lot more resilient. The same analysis and fixes could serve you well in the event of a denial-of-service attack, even if you're fronted by a protection service like AWS Shield.
dAWShund – framework to put a leash on naughty AWS permissions by Nikolas Mantas

There’s an existing tool called BloodHound, which uses graph theory to map unintended relationships within Active Directory, Entra ID (formerly Azure AD), and Microsoft Azure IaaS. Nikolas has written some code to squish AWS IAM constructs into BloodHound for analysis. He also provides queries to ask interesting questions of the graph, like ‘what users have a password enabled but have never used it’ or ‘what principals have any access to the RDS service’.

Bonusii:

🥗 AWS security blogs

🍛 Reddit threads on r/aws

💸 Sponsor shoutout

Have you got a long list of AWS security issues you could fix but no idea how bad any of it really is?

Instead, start a free trial with Plerion. Focus on the 1% of risks that matter & achieve better security outcomes.

🥖 Palette Cleanser

📋 Chef's selections

🥗 AWS security blogs

🍛 Reddit threads on r/aws

💸 Sponsor shoutout

🤖 Dessert

🧁 IAM permission changes

🍪 API changes

🍹 IAM managed policy changes

☕ CloudFormation resource changes

🎮 Amazon Linux vulnerabilities

📺 AWS Security Bulletins