Monday,
January 05, 2026

🥖 Palette Cleanser

Happy New Year, friends. Welcome to 2026, the year of… invasions? We’re on pace for 73 invasions by the United States this year, and there are only 12 independent countries in South America, two of which host AWS regions. The “on pace” thing is obviously silly, but it does make Chris Farris' post on threat modeling cloud providers and their ruling governments even more compelling.

The Cloud Village is back at the RSA Conference for its third go-around. Call for papers and labs close on January 25, so fire up your LLM and start prompting.

It’s going to be another big year in cloud security as the distinction between AI and cloud blurs even more. I promise to steadfastly protect you from the mediocrity of AI content slop, and I hope you all continue to consume the amazing work cloud security researchers are churning out.

Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.

📋 Chef's selections

  • BadPods Series: Everything Allowed on AWS EKS by Kiran Dawadi

    I regularly tell students the best way to get into cloud security (well, anything really) is to go do the thing and write about what you learn as you learn to not suck at the thing. Kiran recently started playing with Kubernetes and wrote up his findings on hacking the BadPods open source Kube hackmes. Nothing novel here, but lots of technical details on exactly how to do various escapes and lateral movement.

  • European Sovereign Cloud by Chris Farris

    The EU AWS partition is coming. Chris explains that AWS’s European Sovereign Cloud is not “just another region,” but a hard partition with separate IAM, billing, support, and failure domains that are unreachable from the commercial cloud as a matter of design. Sovereignty is enforced less by law than by architecture: cross-partition access simply cannot happen, and Nitro sharply limits operator visibility. It’s worth reading because it follows that technical reality through to its uncomfortable conclusions about sanctions, nationalization, and what “trust” actually means in cloud computing.

Bonus: Wiz Operation Cloudfall BlackHat EU CTF

🥗 AWS security blogs

🍛 Reddit threads on r/aws

    No threads this week.

💸 Sponsor shoutout

Pleri logo

Meet Pleri: your AI-powered cloud security teammate. She’s not a chatbot. Pleri proactively finds meaningful security work and fixes issues before they become problems.

Learn more about Pleri and see her in action.

🤖 Dessert

Dessert is made by robots, for those that enjoy the industrial content.

🧁 IAM permission changes

🍪 API changes

🍹 IAM managed policy changes

☕ CloudFormation resource changes

    No resource updates this week.

🎮 Amazon Linux vulnerabilities

📺 AWS security bulletins

    No bulletins this week.

🚬 Security documentation changes

YouTube Twitter LinkedIn

Crafted with ❤️ by Plerion. We simplify cloud security.