Issue #212
Monday · June 02, 2025
๐ฅ Palate Cleanser
Was it a quiet week, or was it just quiet in Bali?
If you also happen to have some quiet time, consider submitting to the fwd:cloudsec Europe CFP. It's an awesome conference, and they want talks from any practitioner who is responsible for securing a cloud service or service provider.
Have a wonderful week, my lovelies.
Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.
๐ Chef's selections
-
CloudTrail Logging Evasion: Where PolicyโฏSize Matters by Abian Morina
Simple hacking is the best hacking. What happens if you stick a lot of whitespace in a request to the AWS API? Sometimes maybe good things, sometimes maybe bad things. Abian provides precision about how whitespace is treated in IAM policies and how much whitespace is required to drop a policy from CloudTrail in an
iam:CreatePolicyAPI call. This issue won't be fixed for some time, so it's worth being on the lookout for "requestParameters too large" in CloudTrail. -
Storm-0558 and the Dangers of Cross-Tenant Token Forgery by Damian Archer
Damian analyzed the token abuse tactics used by Storm-0558 to forge tokens to access Microsoft OWA and Outlook.com. He turned all the lessons into this post, full of guidelines you can implement on top of any cloud provider to stay safe.
-
Automatically prioritize security issues from different tools with an LLM by Daniel Grzelak
Bad (or no) prioritization is a killer of security teams. This is a cool little experiment in using AWS Bedrock to prioritize security issues of different shapes and sizes, from disparate tools. It comes with Python code for three different prioritization approaches that have their own strengths and weaknesses, so you can adapt them to your environment.
๐ธ Sponsor shoutout
Pleri is your AI-powered teammate built to boost your cloud security team โ faster reactions, smarter actions, no extra headcount. Meet Pleri and see her in action.
๐ฅ AWS security blogs
- ๐ฃ Amazon EMR enables enhanced Apache Spark capabilities for Lake Formation tables with full table access
- ๐ฃ AWS Security Hub now supports NIST SP 800-171 Revision 2
- ๐ฃ AWS Network Firewall Adds Support for Multiple VPC Endpoints
- ๐ฃ AWS Secrets Manager announces support for cost allocation tags for secrets
- AWS achieves U.S. Department of Defenseโs CMMC Level 2 certification for Controlled Working Environment by Travis Goldbach
- Application security at re:Inforce 2025 by Daniel Begimher
- Introducing new regional implementations of Landing Zone Accelerator on AWS to support digital sovereignty by Max Peterson
- How to use the new AWS Secrets Manager Cost Allocation Tags feature by Jirka Fajfr
- Elevate your AI security: Must-see re:Inforce 2025 sessions by Margaret Jonson
- Navigating the threat detection and incident response track at re:Inforce 2025 by Nisha Amthul
- Safe and sound in the cloud: Your AWS security training guide by Srividhya Pallay
๐ Reddit threads on r/aws
๐ค Dessert
Every machine-tracked change this week. Nobody else assembles this.
๐ง IAM permission changes
๐ช API changes
- EMR Serverless
- Amazon SageMaker Service
- AWS Amplify
- Auto Scaling
- AWS Billing and Cost Management Pricing Calculator
- AWS CloudTrail
- AWS Data Exchange
- AWS DataSync
- Amazon FSx
- Amazon Interactive Video Service RealTime
- AmazonMWAA
- Amazon Simple Storage Service
- Amazon SageMaker Service
- Cost Optimization Hub
- Amazon Elastic Compute Cloud
- AWS Network Firewall
- Synthetics
- AWS Cost Explorer Service
- AWSDeadlineCloud
- Amazon Elastic Compute Cloud
๐น IAM managed policy changes
โ CloudFormation resource changes
-
No resource updates this week.
๐ฎ Amazon Linux vulnerabilities
- CVE-2025-4598
- CVE-2025-40909
- CVE-2025-4947
- CVE-2025-48734
- CVE-2025-5025
- CVE-2025-5283
- CVE-2025-5272
- CVE-2025-5269
- CVE-2025-5278
- CVE-2025-5268
- CVE-2025-5244
- CVE-2025-48796
- CVE-2025-5270
- CVE-2025-5222
- CVE-2025-5245
- CVE-2025-5266
- CVE-2025-5263
- CVE-2025-5271
- CVE-2025-48797
- CVE-2025-23247
- CVE-2025-48798
- CVE-2025-5265
- CVE-2025-5264
- CVE-2025-5267
- CVE-2025-5201
- CVE-2025-5204
- CVE-2025-5167
- CVE-2025-5202
- CVE-2025-5200
- CVE-2025-5168
- CVE-2025-5166
- CVE-2025-5203
- CVE-2025-5165
- CVE-2025-5169
๐บ AWS security bulletins
๐ฌ Security documentation changes
- AmazonECS Documentation Update
- amazonq Documentation Update
- amplify Documentation Update
- amplify Documentation Update
- amplify Documentation Update
- aurora-dsql Documentation Update
- aurora-dsql Documentation Update
- aws-backup Documentation Update
- clean-rooms Documentation Update
- cloudhsm Documentation Update
- cloudhsm Documentation Update
- config Documentation Update
- config Documentation Update
- config Documentation Update
- config Documentation Update
- config Documentation Update
- config Documentation Update
- config Documentation Update
- datasync Documentation Update
- datasync Documentation Update
- datasync Documentation Update
- datasync Documentation Update
- datazone Documentation Update
- datazone Documentation Update
- datazone Documentation Update
- datazone Documentation Update
- dms Documentation Update
- ebs Documentation Update
- eks Documentation Update
- eks Documentation Update
- eventbridge Documentation Update
- eventbridge Documentation Update
- fsx Documentation Update
- general Documentation Update
- lambda Documentation Update
- linux Documentation Update
- marketplace Documentation Update
- msk Documentation Update
- network-firewall Documentation Update
- network-firewall Documentation Update
- network-firewall Documentation Update
- network-firewall Documentation Update
- network-firewall Documentation Update
- network-firewall Documentation Update
- parallelcluster Documentation Update
- partner-central Documentation Update
- partner-central Documentation Update
- partner-central Documentation Update
- payment-cryptography Documentation Update
- redshift Documentation Update
