Monday,
May 26, 2025

🥖 Palette Cleanser

Om Suwastiastu 🏝️ That's Balinese for 'may you (and your AWS account) be blessed and protected.'

Last week there was a lot of talk of vulnerability-free containers. This week is totally different! Docker released their *hardened* containers. I wonder what kind of containers next week will bring?

I'm really enjoying how much AWS has been listening to their community lately, slowly putting what-should-be-unnecessary projects to bed. This week they launched an end-of-support announcements page that tracks service changes and deprecations, services closing access to new customers, services announcing end of support, and services and features reaching end of support. Now if we could get that in a machine consumable form like RSS, that would be lovely. <3

Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.

📋 Chef's selections

  • Root in prod: The most important security analysis you will never do on your AWS accounts by Daniel Grzelak

    I don't like the author but the content is great. Trust relationships within and between AWS accounts are notoriously underappreciated as a risk and very difficult to track. There aren't many tools to help. In this article I give you all the code you need to do it yourself, make pretty graphs, and really dig into who/what could nuke your business.

  • Setting Up a Cloud Security Roadmap for Your Startup by Chandrapal Badshah

    Chandra has been helping startups with AWS security for a while now. He's learned a lot along the way and turned his advice into this guest post. He reviewed 3 of the open source roadmap options and who they might be best for. A point he makes towards the end stands out: these roadmaps are great starting points but if you have time, "be opinionated when creating your roadmap" and align it with your business.

  • Using the AWS CLI and Securing CloudShell by Rich Mogull

    I can't remember the last time Rich didn't release a new AWS security tutorial in a given week. His posts could be in ASD every week. This time he explains how to use AWS CloudShell as a secure, browser-based home for the AWS CLI. The hidden metadata-service credentials were news to me! The walkthrough then has you assume roles into other accounts, run CLI commands, download files, and inspect CloudTrail so you can both operate and monitor CloudShell safely.

Bonusii:

🥗 AWS security blogs

🍛 Reddit threads on r/aws

    No threads this week.

💸 Sponsor shoutout

Pleri is your AI-powered teammate built to boost your cloud security team — faster reactions, smarter actions, no extra headcount. Meet Pleri and see her in action.

🤖 Dessert

Dessert is made by robots, for those that enjoy the industrial content.

🧁 IAM permission changes

🍪 API changes

🍹 IAM managed policy changes

☕ CloudFormation resource changes

🎮 Amazon Linux vulnerabilities

📺 AWS security bulletins

    No bulletins this week.

🚬 Security documentation changes

YouTube Twitter LinkedIn

Crafted with ❤️ by Plerion. We simplify cloud security.