AWS Security Digest

Monday,
August 11, 2025

🥖 Palette Cleanser

It is with great sadness that I announce that Black Hat and DEF CON are over, and those who made it to Vegas must now go back to their day jobs, where the rest of us have been waiting with envy. A few blog posts are trickling in, and some Black Hat slides are available, but it will be a little while before the big content dumps.

Perhaps the most hyped talk of Hacker Summer Camp was James Kettle's dismantling of HTTP/1.1. The techniques he presented yielded $350,000 in bug bounties and uncovered over 30 million vulnerable websites. Among them, he identified a large number of vulnerable systems using Microsoft IIS behind AWS ALBs. AWS was apparently unwilling to fix the issue by default, but it can be mitigated with these two settings:

routing.http.drop_invalid_header_fields.enabled
routing.http.desync_mitigation_mode = strictest

Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.

📋 Chef's selections

ECScape: Understanding IAM Privilege Boundaries in Amazon ECS by Naor Haziz

This is actually a post–Black Hat presentation–updated blog post and follow-on from fwd:cloudsec 2025. It walks through abusing an internal ECS agent protocol to steal IAM credentials from other tasks on the same host, even when separated by privilege boundaries. Naor also covers detection challenges and mitigations like limiting IMDS access, isolating workloads, and preferring Fargate for stronger task isolation.
Azure AD says expired, AWS OpenSearch says working: the SAML certificate that refused to die by Lucian Patian

I get the sense there was a lot of AI-led writing in this one, but it didn’t turn out as AI slop because the technical content is actually good. It covers how mismatched certificate validation between Azure AD and AWS OpenSearch can let an expired SAML signing cert keep working, and how to spot and fix the issue before it becomes a security gap or an auditor’s nightmare.
AWS MWAA – RCE by Ricardo José Ruiz Fernández

This blog post disguised as a GitHub repo was actually published a couple of weeks ago, but I missed it. It details a remote code execution chain in Amazon Managed Workflows for Apache Airflow by abusing directed acyclic graph (DAG) uploads to run code in the underlying environment. The exploit hinges on injecting malicious Python into Airflow’s DAG processing flow, which the MWAA worker nodes happily execute with elevated environment permissions.

Bonus: Build a Time-Based Threat Detector with Lambda and Athena

🥗 AWS security blogs

🍛 Reddit threads on r/aws

AWS budget alerts but I don’t use aws

💸 Sponsor shoutout

Meet Pleri: your AI-powered cloud security teammate. She’s not a chatbot. Pleri proactively finds meaningful security work and fixes issues before they become problems.

Learn more about Pleri and see her in action.

🤖 Dessert

Dessert is made by robots, for those that enjoy the industrial content.

🧁 IAM permission changes

🍪 API changes

🍹 IAM managed policy changes

☕ CloudFormation resource changes

🎮 Amazon Linux vulnerabilities

📺 AWS security bulletins

Security Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)