AWS Security Digest

Monday,
November 03, 2025

🥖 Palette Cleanser

When AWS isn't down, Azure must be? It's been a bad couple of weeks for the big cloud service providers. But as Roman Siewko points out about typical AWS availability, "as of October 25, 2025, the rolling figures are 99.84% (1-year) and 99.95% (5-year)."

Unfortunately, there were some reports that Lambda costs in us-east-1 spiked on outage day, so it might be worth checking your bill and having a chat with your AWS rep.

In addition to 🔥 chef's selections this week, there's also a special bonus: all the presentations from the 2025 SANS CloudSecNext Summit are live on YouTube. Most of them are cloud-agnostic or multi-cloud.

Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.

📋 Chef's selections

The Silent Attackers: Exploiting VPC Endpoints to Expose AWS Accounts of S3 Buckets Without a Trace by Maya Parizer

In the latest round of "how to win AWS account IDs and influence Amazon into tacitly admitting account IDs are not not secret" (double not intended), Maya got network activity CloudTrail events to reveal account IDs of arbitrary S3 buckets. This was the simplest of all the techniques previously disclosed, which makes it even more impressive - so it's sad to see it "fixed." Previous research from Ben Bridts, Sam Cox, and myself.
Bedrock'n'role: Annoying trust relationships in Bedrock service roles by Daniel Grzelak

It me, playing with Bedrock. For certain resource types, the management console will generate execution roles with overly permissive trust policies. Oddly, some resources have fully scoped trusts and others use wildcards.
Datadog threat roundup: Top insights for Q3 2025 by Greg Foss, Christophe Tafani-Dereeper, Eslam Salem, and Tesnim Hamdouni

I look forward to each iteration of this cloud threaty-threats report. In case you weren't aware, long-term creds are still getting leaked and used in many breaches, disclosed and undisclosed. Also, attackers like AI as much or more than your manager. But my favorite part is that AI is being used to generate profiles for fake remote workers applying for remote jobs. The included screenshot is of a very attractive man, which finally gives me hope that being born horribly unattractive was actually a good thing and I'll start getting more job offers because I'm clearly not AI-generated.

🥗 AWS security blogs

🍛 Reddit threads on r/aws

💸 Sponsor shoutout

Meet Pleri: your AI-powered cloud security teammate. She’s not a chatbot. Pleri proactively finds meaningful security work and fixes issues before they become problems.

Learn more about Pleri and see her in action.

🥖 Palette Cleanser

📋 Chef's selections

🥗 AWS security blogs

🍛 Reddit threads on r/aws

💸 Sponsor shoutout

🤖 Dessert

🧁 IAM permission changes

🍪 API changes

🍹 IAM managed policy changes

☕ CloudFormation resource changes

🎮 Amazon Linux vulnerabilities

📺 AWS security bulletins

🚬 Security documentation changes