
July 14, 2025
🥖 Palette Cleanser
Welcome back to another edition of your favorite free AWS security newsletter. We all need it to stay free because AWS just changed how its free tier works for new accounts, moving some services away from a 12-month free period to a $100 credit model.
It looks like some form of vector database support is probably coming to S3. We get this sweet gossip thanks to Nick Frichette's ongoing work enumerating undocumented AWS APIs.
Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.
📋 Chef's selections
-
Shift-Left Security with Amazon Inspector Code Security by Sena Yakut
I love this post because you can copy and paste the enclosed code, follow the instructions, and have a working infrastructure-as-code scanning pipeline up and running in under 30 minutes. It's something every company eventually needs to do, but it often causes much wasted effort and heartache. Sena did what AWS should have done and made the process trivial.
-
Investigate Your Own AWS Attack with Athena by Rich Mogull
We love Rich. His newest SLAW lab spins up a booby-trapped CloudFormation stack that deliberately leaks an IAM key and triggers a simulated attack from his account. Your job is to investigate the incident using CloudTrail and Athena, gauge the blast radius, and tidy up the lab before heading back to reality.
-
Unmasking Lambda's Hidden Threat - When Your Bootstrap Becomes a Backdoor by Guillermo Fernandez Cano and Sergio Jimenez
This is a cool variation of existing persistence techniques for Lambda that abuse language-specific bootstrap code. If the target is using a custom runtime, the authors claim modifying the bootstrap file can survive legitimate code deployments. Pretty sweet, if true.
🥗 AWS security blogs
- Strengthen Your AWS Cloud Storage Security with Superna Defender by Andrew Peng
- Introducing: Guidance for a media lake on AWS by Robert Raver
- Proactive strategies for cyber resilience and business continuity on AWS by Devin Gordon
- Macquarie University accelerates cloud transformation with AWS by AWS Public Sector Blog Team
- Spring 2025 SOC 1/2/3 reports are now available with 184 services in scope by Paul Hong
- Establishing a European trust service provider for the AWS European Sovereign Cloud by Colm MacCárthaigh
- Spring 2025 PCI DSS compliance package available now by Will Black
- 2025 CyberVadis report now available for due diligence on third-party suppliers by Tea Jioshvili
🍛 Reddit threads on r/aws
💸 Sponsor shoutout

Meet Pleri: your AI-powered cloud security teammate. She’s not a chatbot. Pleri proactively finds meaningful security work and fixes issues before they become problems.
Learn more about Pleri and see her in action.
🤖 Dessert
Dessert is made by robots, for those that enjoy the industrial content.
🧁 IAM permission changes
-
No changes this week.
🍪 API changes
🍹 IAM managed policy changes
- AmazonBraketServiceRolePolicy
- SageMakerStudioProjectUserRolePolicy
- AWSDirectoryServiceServiceRolePolicy
- SageMakerStudioAdminProjectUserRolePolicy
- AWSBillingReadOnlyAccess
- SupportUser
- AmazonSageMakerHyperPodObservabilityAdminAccess
- AmazonS3TablesLakeFormationServiceRole
- SageMakerStudioAdminProjectUserRolePolicy
- AWSSSMForSAPServiceLinkedRolePolicy
☕ CloudFormation resource changes
-
No resource updates this week.
🎮 Amazon Linux vulnerabilities
📺 AWS security bulletins
-
No bulletins this week.
🚬 Security documentation changes
- dlami Documentation Update
- eks Documentation Update
- eks Documentation Update
- eks Documentation Update
- managedservices Documentation Update
- managedservices Documentation Update
- sagemaker Documentation Update
- IAM Documentation Update
- govcloud-us Documentation Update
- odb Documentation Update
- opsworks Documentation Update
- appsync Documentation Update
- athena Documentation Update
- connect Documentation Update
- connect Documentation Update
- greengrass Documentation Update
- sagemaker Documentation Update
- sagemaker Documentation Update
- sagemaker Documentation Update
- sagemaker Documentation Update
- sagemaker Documentation Update