🥖 Palette Cleanser

I thought for a second I was going mad this week and re-running last week's content. Last issue, "AI-assisted cloud intrusion achieves admin access in 8 minutes" was one of the ledes. This week we're asking how well an AI agent can run a cloud purple team exercise.

It's a little hidden, but AWS introduced new IAM condition keys that apply to requests coming through MCP servers, so you can deny actions via that path. It won't stop an agent using boto3 directly, but it's the first IAM primitive I'm aware of explicitly designed for the "AI agents calling AWS APIs" problem. It will be interesting to see how much utility these actually have in practice.

Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.

📋 Chef's selections

• Amazon CloudFront origin mTLS with open-source serverless CA by Paul Schwarzenberger

  AWS announced CloudFront mTLS to origins two weeks ago, and Paul walks through configuring end-to-end mutual TLS using an open-source serverless CA. The setup authenticates users to CloudFront, then CloudFront authenticates to API Gateway with its own certificate. One catch is that without a Lambda authorizer checking for CloudFront-specific headers, users with valid certs can bypass CloudFront and hit API Gateway directly.

• Can an AI Agent Run a Purple Team Exercise? by Permiso

  Apparently, a fancy AI agent autonomously emulated Scattered Spider tactics against an AWS environment, created a privileged IAM user, attached AdministratorAccess, launched CloudShell to harvest creds, and attempted EC2 serial console enablement as a backdoor. Every technique triggered alerts, but the agent face-planted on some simple things. It failed to switch identities mid-operation, continuing to use the original federated session instead of the newly created IAM user. This won't stop the AI overlords for long.

• TeamPCP: Cloud-Native Ransomware by Assaf Morag

  Are you into multi-cloud? TeamPCP is into multi-cloud. It/they (?) reportedly compromised 60,000+ servers, with 97% being cloud workloads (36% AWS, 61% Azure). It/they (?) target exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, then deploy a privileged DaemonSet that mounts the host filesystem across every node for instant cluster-wide persistence. Each compromised host becomes a scanner, creating worm-like propagation through cloud infrastructure.

🥗 AWS security blogs

• 📣 AWS Batch now provides Job Queue and Share Utilization Visibility
• 📣 AWS Payment Cryptography Achieves Cartes Bancaires Approval
• 📣 Amazon DocumentDB (with MongoDB compatibility) is Now Available in the Europe (Zurich) Region
• Scaling AWS Governance: How Moeve reduced response times with automated notifications by Ignacio Rodríguez García
• Securing .NET Microservices with Entra ID on AWS by Pavankumar Kasani

🍛 Reddit threads on r/aws

• GuardDuty found outgoing SSH Bruteforce attack - what now?
• Securing OrganizationAccountAccessRole role
• Minimax, Z.ai, Deepseek on Bedrock

💸 Sponsor shoutout

Meet Pleri: your AI-powered cloud security teammate. She’s not a chatbot. Pleri proactively finds meaningful security work and fixes issues before they become problems.

Learn more about Pleri and see her in action.

🧁 IAM permission changes

• sagemaker
• appconfig
• aidevops
• inspector2-telemetry
• signin
• workspaces
• bcm-pricing-calculator
• securityagent
• kafka
• deadline
• bedrock-agentcore

🍪 API changes

• Amazon CloudWatch
• Amazon Connect Service
• Amazon Elastic Compute Cloud
• Inspector2
• Amazon SageMaker Service
• Amazon Elastic Compute Cloud
• AWS Batch
• Amazon Elastic Compute Cloud
• Amazon Elastic Kubernetes Service
• Managed Streaming for Kafka Connect
• Amazon S3 Tables
• Amazon Bedrock AgentCore
• Amazon Connect Service
• Amazon Elastic Kubernetes Service
• Managed Streaming for Kafka
• Amazon Relational Database Service
• Amazon Elastic Compute Cloud
• Amazon Elastic Kubernetes Service
• Amazon NeptuneData
• AWS Parallel Computing Service

🍹 IAM managed policy changes

• AWSPartnerCentralOpportunityManagement
• AWSPartnerCentralMarketingManagement
• AWSPartnerCentralChannelManagement
• AmazonInspector2ManagedTelemetryPolicy
• AmazonInspector2ServiceRolePolicy
• ViewOnlyAccess
• VPCLatticeReadOnlyAccess
• VPCLatticeFullAccess
• SystemAdministrator
• SupportUser
• SignInLocalDevelopmentAccess
• ServiceQuotasReadOnlyAccess
• SecurityLakeResourceManagementServiceRolePolicy
• SecurityAudit
• SecurityAgentWebAppPolicy
• SecurityAgentWebAppAPIPolicy
• SageMakerStudioUserIAMPermissiveExecutionPolicy
• SageMakerStudioUserIAMDefaultExecutionPolicy
• SageMakerStudioUserIAMConsolePolicy
• SageMakerStudioQueryExecutionRolePolicy
• SageMakerStudioProjectUserRolePolicy
• SageMakerStudioProjectUserRolePermissionsBoundary
• SageMakerStudioProjectRoleMachineLearningPolicy
• SageMakerStudioProjectProvisioningRolePolicy
• SageMakerStudioFullAccess
• SageMakerStudioEMRServiceRolePolicy
• SageMakerStudioEMRInstanceRolePolicy
• SageMakerStudioEMRContainersSystemNamespaceRolePolicy
• SageMakerStudioDomainExecutionRolePolicy
• SageMakerStudioBedrockPromptUserRolePolicy
• SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy
• SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy
• SageMakerStudioBedrockFunctionExecutionRolePolicy
• SageMakerStudioBedrockFlowServiceRolePolicy
• SageMakerStudioBedrockEvaluationJobServiceRolePolicy
• SageMakerStudioBedrockChatAgentUserRolePolicy
• SageMakerStudioBedrockAgentServiceRolePolicy
• SageMakerStudioAdminProjectUserRolePolicy
• SageMakerStudioAdminIAMPermissiveExecutionPolicy
• SageMakerStudioAdminIAMDefaultExecutionPolicy
• SageMakerStudioAdminIAMConsolePolicy
• ResourceGroupsTaggingAPITagUntagSupportedResources
• ReadOnlyAccess
• RTBFabricServiceRolePolicy
• ROSAWorkerInstancePolicy
• ROSASharedVPCRoute53Policy
• ROSASharedVPCEndpointPolicy
• ROSASRESupportPolicy
• ROSANodePoolManagementPolicy
• ROSAKubeControllerPolicy
• ROSAInstallerPolicy
• ROSAIngressOperatorPolicy
• ROSAImageRegistryOperatorPolicy
• ROSAControlPlaneOperatorPolicy
• ROSAAmazonEBSCSIDriverOperatorPolicy
• QBusinessQuicksightPluginPolicy
• PowerUserAccess
• PartnerCentralIncentiveBenefitManagement
• NetworkSecurityDirectorServiceLinkedRolePolicy
• NetworkAdministrator
• MultiPartyApprovalReadOnlyAccess
• MultiPartyApprovalFullAccess
• IVSReadOnlyAccess
• IAMUserChangePassword
• GitLabDuoWithAmazonQPermissionsPolicy
• GameLiftContainerFleetPolicy
• FMSServiceRolePolicy
• EC2InstanceProfileForImageBuilder
• EC2FastLaunchServiceRolePolicy
• EC2FastLaunchFullAccess
• DynamoDBGlobalTableSettingsManagementServiceRolePolicy
• DatabaseAdministrator
• CostOptimizationHubReadOnlyAccess
• CostOptimizationHubAdminAccess
• ConsoleViewOnlyAccessFromVercel
• ConsoleFullAccessFromVercel
• ComputeOptimizerServiceRolePolicy
• CloudWatchSyntheticsFullAccess
• CloudWatchReadOnlyAccess
• CloudWatchOpenSearchDashboardsFullAccess
• CloudWatchOpenSearchDashboardAccess
• CloudWatchNetworkFlowMonitorTopologyServiceRolePolicy
• CloudWatchNetworkFlowMonitorServiceRolePolicy
• CloudWatchNetworkFlowMonitorAgentPublishPolicy
• CloudWatchLogsReadOnlyAccess
• CloudWatchLogsFullAccess
• CloudWatchFullAccessV2
• CloudWatchEventsFullAccess
• CloudWatchApplicationSignalsServiceRolePolicy
• CloudWatchApplicationSignalsReadOnlyAccess
• CloudWatchApplicationSignalsFullAccess
• CloudFrontReadOnlyAccess
• CloudFrontFullAccess
• Billing
• BedrockAgentCoreFullAccess
• AuroraDsqlServiceLinkedRolePolicy
• AmazonWorkSpacesThinClientReadOnlyAccess
• AmazonWorkSpacesThinClientFullAccess
• AmazonVPCReadOnlyAccess
• AmazonVPCFullAccess
• AmazonTimestreamInfluxDBFullAccessWithoutMarketplaceAccess
• AmazonTimestreamInfluxDBFullAccess
• AmazonTimestreamConsoleFullAccess
• AmazonSageMakerTrainingPlanCreateAccess
• AmazonSageMakerSpacesRouterPolicy
• AmazonSageMakerSpacesControllerPolicy
• AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy
• AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy
• AmazonSageMakerQuickSightVPCPolicy
• AmazonSageMakerPartnerAppsFullAccess
• AmazonSageMakerHyperPodTrainingOperatorAccess
• AmazonSageMakerHyperPodObservabilityAdminAccess
• AmazonSageMakerHyperPodInferenceAccess
• AmazonSageMakerHyperPodGatedModelAccess
• AmazonSageMakerFullAccess
• AmazonSageMakerCanvasSMDataScienceAssistantAccess
• AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy
• AmazonSSMAutomationRole
• AmazonS3TablesReadOnlyAccess
• AmazonS3TablesLakeFormationServiceRole
• AmazonS3TablesFullAccess
• AmazonRoute53FullAccess
• AmazonRedshiftFederatedAuthorization
• AmazonRDSPerformanceInsightsReadOnly
• AmazonRDSPerformanceInsightsFullAccess
• AmazonRDSCustomServiceRolePolicy
• AmazonRDSCustomPreviewServiceRolePolicy
• AmazonRDSCustomInstanceProfileRolePolicy
• AmazonQFullAccess
• AmazonQDeveloperAccess
• AmazonPrometheusConsoleFullAccess
• AmazonODBServiceRolePolicy
• AmazonKeyspacesReadOnlyAccess_v2
• AmazonKeyspacesReadOnlyAccess
• AmazonKeyspacesFullAccess
• AmazonInspector2ServiceRolePolicy
• AmazonInspector2ReadOnlyAccess
• AmazonInspector2FullAccess_v2
• AmazonGuardDutyFullAccess_v2
• AmazonGuardDutyFullAccess
• AmazonFSxFullAccess
• AmazonFSxConsoleReadOnlyAccess
• AmazonFSxConsoleFullAccess
• AmazonEventBridgeSchedulerReadOnlyAccess
• AmazonEventBridgeSchedulerFullAccess
• AmazonEventBridgeFullAccess
• AmazonEventBridgeApiDestinationsServiceRolePolicy
• AmazonEVSServiceRolePolicy
• AmazonEMRServicePolicy_v2
• AmazonEMRFullAccessPolicy_v2
• AmazonEKSServiceRolePolicy
• AmazonEKSMCPReadOnlyAccess
• AmazonEKSLoadBalancingPolicy
• AmazonEKSDashboardConsoleReadOnly
• AmazonEKSComputePolicy
• AmazonEKSClusterPolicy
• AmazonECSServiceRolePolicy
• AmazonECSInstanceRolePolicyForManagedInstances
• AmazonECSInfrastructureRoleforExpressGatewayServices
• AmazonECSInfrastructureRolePolicyForVolumes
• AmazonECSInfrastructureRolePolicyForServiceConnectTransportLayerSecurity
• AmazonECSInfrastructureRolePolicyForManagedInstances
• AmazonECSInfrastructureRolePolicyForLoadBalancers
• AmazonECSComputeServiceRolePolicy
• AmazonEC2ReadOnlyAccess
• AmazonEC2ImageReferencesAccessPolicy
• AmazonEC2ContainerServiceforEC2Role
• AmazonEBSCSIDriverPolicy
• AmazonDynamoDBFullAccess_v2
• AmazonDocDBElasticFullAccess
• AmazonDocDBConsoleFullAccess
• AmazonDataZoneSageMakerProvisioningRolePolicy
• AmazonDataZoneSageMakerManageAccessRolePolicy
• AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary
• AmazonDataZoneRedshiftManageAccessRolePolicy
• AmazonDataZoneGlueManageAccessRolePolicy
• AmazonDataZoneFullAccess
• AmazonDataZoneDomainExecutionRolePolicy
• AmazonDataZoneBedrockModelConsumptionPolicy
• AmazonConnectServiceLinkedRolePolicy
• AmazonCognitoPowerUser
• AmazonCloudWatchRUMReadOnlyAccess
• AmazonBraketFullAccess
• AmazonBedrockReadOnly
• AmazonBedrockMarketplaceAccess
• AmazonBedrockMantleReadOnly
• AmazonBedrockMantleInferenceAccess
• AmazonBedrockMantleFullAccess
• AmazonBedrockLimitedAccess
• AmazonBedrockFullAccess
• AmazonBedrockAgentCoreMemoryBedrockModelInferenceExecutionRolePolicy
• AmazonAuroraDSQLReadOnlyAccess
• AmazonAuroraDSQLFullAccess
• AmazonAuroraDSQLConsoleFullAccess
• AmazonAthenaFullAccess
• AmazonApplicationRecoveryControllerRegionSwitchPlanExecutionPolicy
• AmazonAppStreamServiceAccess
• AmazonAppStreamReadOnlyAccess
• AdministratorAccess-AWSElasticBeanstalk
• AccountManagementFromVercel
• AccessAnalyzerServiceRolePolicy
• AWS_ConfigRole
• AWSWAFReadOnlyAccess
• AWSWAFFullAccess
• AWSWAFConsoleReadOnlyAccess
• AWSWAFConsoleFullAccess
• AWSUserNotificationsServiceLinkedRolePolicy
• AWSTransformCustomManageTransformations
• AWSTransformCustomFullAccess
• AWSTransformCustomExecuteTransformations
• AWSTransformApplicationECSDeploymentPolicy
• AWSTransformApplicationDeploymentPolicy
• AWSThinkboxAWSPortalAdminPolicy
• AWSSystemsManagerJustInTimeNodeAccessRolePropagationPolicy
• AWSSystemsManagerJustInTimeAccessTokenSessionPolicy
• AWSSystemsManagerJustInTimeAccessTokenPolicy
• AWSSystemsManagerJustInTimeAccessServicePolicy
• AWSSupportServiceRolePolicy
• AWSSupportAccess
• AWSSupplyChainFederationAdminAccess
• AWSServiceRoleForUserSubscriptions
• AWSServiceRoleForImageBuilder
• AWSServiceRoleForAWSTransform
• AWSSecurityIncidentResponseTriageServiceRolePolicy
• AWSSecurityIncidentResponseServiceRolePolicy
• AWSSecurityIncidentResponseReadOnlyAccess
• AWSSecurityIncidentResponseFullAccess
• AWSSecurityIncidentResponseCaseFullAccess
• AWSSecurityHubV2ServiceRolePolicy
• AWSSecurityHubOrganizationsAccess
• AWSSecurityHubFullAccess
• AWSSecurityAgentWebAppPolicy
• AWSSecretsManagerClientReadOnlyAccess
• AWSSSOReadOnly
• AWSSSOMemberAccountAdministrator
• AWSSSOMasterAccountAdministrator
• AWSSSODirectoryReadOnly
• AWSSSODirectoryAdministrator
• AWSSSMForSAPServiceLinkedRolePolicy
• AWSRolesAnywhereReadOnly
• AWSRolesAnywhereFullAccess
• AWSResourceExplorerServiceRolePolicy
• AWSResilienceHubAsssessmentExecutionPolicy
• AWSRefactoringToolkitFullAccess
• AWSQuicksightAthenaAccess
• AWSQuickSightSecretsManagerWritePolicy
• AWSQuickSightSecretsManagerWriteAccess
• AWSQuickSetupStartStopInstancesExecutionPolicy
• AWSQuickSetupStartSSMAssociationsExecutionPolicy
• AWSQuickSetupSSMLifecycleManagementExecutionPolicy
• AWSQuickSetupSSMDeploymentRolePolicy
• AWSQuickSetupPatchPolicyPermissionsBoundary
• AWSQuickSetupManagedInstanceProfileExecutionPolicy
• AWSQuickSetupManageJITNAResourcesExecutionPolicy
• AWSQuickSetupJITNADeploymentRolePolicy
• AWSQuickSetupDeploymentRolePolicy
• AWSPurchaseOrdersServiceRolePolicy
• AWSPrivateMarketplaceRequests
• AWSPrivateMarketplaceAdminFullAccess
• AWSPrivateCAUser
• AWSPrivateCAPrivilegedUser
• AWSPrivateCAConnectorForKubernetesPolicy
• AWSPartnerLedSupportReadOnlyAccess
• AWSPartnerCentralSellingResourceSnapshotJobExecutionRolePolicy
• AWSPartnerCentralSandboxFullAccess
• AWSPartnerCentralOpportunityManagement
• AWSPartnerCentralMarketingManagement
• AWSPartnerCentralFullAccess
• AWSPartnerCentralChannelManagement
• AWSPartnerCentralChannelHandshakeApprovalManagement
• AWSPanoramaFullAccess
• AWSPanoramaApplianceServiceRolePolicy
• AWSPCSServiceRolePolicy
• AWSPCSComputeNodePolicy
• AWSOrganizationsFullAccess
• AWSObservabilityAdminTelemetryEnablementServiceRolePolicy
• AWSNetworkFirewallReadOnlyAccess
• AWSNetworkFirewallFullAccess
• AWSMcpServiceActionsFullAccess
• AWSMarketplaceSellerProductsReadOnly
• AWSMarketplaceSellerProductsFullAccess
• AWSMarketplaceSellerFullAccess
• AWSMarketplaceRead-only
• AWSMarketplaceManageSubscriptions
• AWSMarketplaceFullAccess
• AWSManagementConsoleBasicUserAccess
• AWSManagementConsoleAdministratorAccess
• AWSLambda_ReadOnlyAccess
• AWSLambda_FullAccess
• AWSLambdaManagedEC2ResourceOperator
• AWSLambdaBasicDurableExecutionRolePolicy
• AWSLakeFormationDataAdmin
• AWSLakeFormationCrossAccountManager
• AWSIoTSiteWiseReadOnlyAccess
• AWSIoTManagedIntegrationsFullAccess
• AWSIncidentManagerResolverAccess
• AWSIdentityCenterExternalManagementPolicy
• AWSIPAMServiceRolePolicy
• AWSGroundStationAgentInstancePolicy
• AWSFaultInjectionSimulatorSSMAccess
• AWSFaultInjectionSimulatorRDSAccess
• AWSFaultInjectionSimulatorNetworkAccess
• AWSFaultInjectionSimulatorEKSAccess
• AWSFaultInjectionSimulatorECSAccess
• AWSFaultInjectionSimulatorEC2Access
• AWSEntityResolutionConsoleFullAccess
• AWSElementalMediaConnectReadOnlyAccess
• AWSElementalMediaConnectFullAccess
• AWSElasticLoadBalancingServiceRolePolicy
• AWSElasticDisasterRecoveryLaunchActionsPolicy
• AWSElasticDisasterRecoveryConsoleFullAccess_v2
• AWSElasticDisasterRecoveryConsoleFullAccess
• AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
• AWSEC2SqlHaInstancePolicy
• AWSDeadlineCloud-WorkerHost
• AWSDeadlineCloud-UserAccessFarms
• AWSDataSyncFullAccess
• AWSDataLifecycleManagerServiceRole
• AWSDMSServerlessServiceRolePolicy
• AWSControlTowerServiceRolePolicy
• AWSControlTowerIdentityCenterManagementPolicy
• AWSControlTowerCloudTrailRolePolicy
• AWSControlTowerAccountServiceRolePolicy
• AWSConfigServiceRolePolicy
• AWSCodeDeployReadOnlyAccess
• AWSCodeDeployFullAccess
• AWSCodeDeployDeployerAccess
• AWSCodeCommitReadOnly
• AWSCodeCommitPowerUser
• AWSCodeCommitFullAccess
• AWSCodeBuildReadOnlyAccess
• AWSCodeBuildDeveloperAccess
• AWSCodeBuildAdminAccess
• AWSCloudFormationReadOnlyAccess
• AWSCloud9User
• AWSCloud9EnvironmentMember
• AWSCloud9Administrator
• AWSCleanRoomsMLReadOnlyAccess
• AWSCleanRoomsMLFullAccess
• AWSCleanRoomsFullAccessNoQuerying
• AWSCertificateManagerPrivateCAUser
• AWSCertificateManagerPrivateCAPrivilegedUser
• AWSBillingReadOnlyAccess
• AWSBillingConductorReadOnlyAccess
• AWSBillingConductorFullAccess
• AWSBackupServiceRolePolicyForScans
• AWSBackupServiceRolePolicyForRestores
• AWSBackupServiceRolePolicyForItemRestores
• AWSBackupServiceRolePolicyForIndexing
• AWSBackupServiceRolePolicyForBackup
• AWSBackupServiceLinkedRolePolicyForBackup
• AWSBackupSearchOperatorAccess
• AWSBackupOperatorAccess
• AWSBackupGuardDutyRolePolicyForScans
• AWSBackupFullAccess
• AWSArtifactReportsReadOnlyAccess
• AWSArtifactAgreementsReadOnlyAccess
• AWSArtifactAgreementsFullAccess
• AWSApplicationMigrationServiceRolePolicy
• AWSApplicationMigrationSSMAccess
• AWSApplicationMigrationNetworkMigrationMultiAccount
• AWSApplicationMigrationNetworkMigrationCustomResource
• AWSApplicationMigrationFullAccess
• AWSApplicationMigrationEC2Access
• AWSAccountSettingsManagementRole
• AWS-SSM-RemediationAutomation-ExecutionRolePolicy
• AWS-SSM-RemediationAutomation-AdministrationRolePolicy
• AWS-SSM-DiagnosisAutomation-ExecutionRolePolicy
• AWS-SSM-DiagnosisAutomation-AdministrationRolePolicy
• AIOpsReadOnlyAccess
• AIOpsOperatorAccess
• AIOpsConsoleAdminPolicy
• AIOpsAssistantPolicy
• AIOpsAssistantIncidentReportPolicy
• PartnerCentralIncentiveBenefitManagement
• ViewOnlyAccess
• VPCLatticeReadOnlyAccess
• VPCLatticeFullAccess
• SystemAdministrator
• SupportUser
• SignInLocalDevelopmentAccess
• ServiceQuotasReadOnlyAccess
• SecurityLakeResourceManagementServiceRolePolicy
• SecurityAudit
• SecurityAgentWebAppPolicy
• SecurityAgentWebAppAPIPolicy
• SageMakerStudioUserIAMPermissiveExecutionPolicy
• SageMakerStudioUserIAMDefaultExecutionPolicy
• SageMakerStudioUserIAMConsolePolicy
• SageMakerStudioQueryExecutionRolePolicy
• SageMakerStudioProjectUserRolePolicy
• SageMakerStudioProjectUserRolePermissionsBoundary
• SageMakerStudioProjectRoleMachineLearningPolicy
• SageMakerStudioProjectProvisioningRolePolicy
• SageMakerStudioFullAccess
• SageMakerStudioEMRServiceRolePolicy
• SageMakerStudioEMRInstanceRolePolicy
• SageMakerStudioEMRContainersSystemNamespaceRolePolicy
• SageMakerStudioDomainExecutionRolePolicy
• SageMakerStudioBedrockPromptUserRolePolicy
• SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy
• SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy
• SageMakerStudioBedrockFunctionExecutionRolePolicy
• SageMakerStudioBedrockFlowServiceRolePolicy
• SageMakerStudioBedrockEvaluationJobServiceRolePolicy
• SageMakerStudioBedrockChatAgentUserRolePolicy
• SageMakerStudioBedrockAgentServiceRolePolicy
• SageMakerStudioAdminProjectUserRolePolicy
• SageMakerStudioAdminIAMPermissiveExecutionPolicy
• SageMakerStudioAdminIAMDefaultExecutionPolicy
• SageMakerStudioAdminIAMConsolePolicy
• ResourceGroupsTaggingAPITagUntagSupportedResources
• ReadOnlyAccess
• RTBFabricServiceRolePolicy
• ROSAWorkerInstancePolicy
• ROSASharedVPCRoute53Policy
• ROSASharedVPCEndpointPolicy
• ROSASRESupportPolicy
• ROSANodePoolManagementPolicy
• ROSAKubeControllerPolicy
• ROSAInstallerPolicy
• ROSAIngressOperatorPolicy
• ROSAImageRegistryOperatorPolicy
• ROSAControlPlaneOperatorPolicy
• ROSAAmazonEBSCSIDriverOperatorPolicy
• QBusinessQuicksightPluginPolicy
• PowerUserAccess
• NetworkSecurityDirectorServiceLinkedRolePolicy
• NetworkAdministrator
• MultiPartyApprovalReadOnlyAccess
• MultiPartyApprovalFullAccess
• IVSReadOnlyAccess
• IAMUserChangePassword
• GitLabDuoWithAmazonQPermissionsPolicy
• GameLiftContainerFleetPolicy
• FMSServiceRolePolicy
• EC2InstanceProfileForImageBuilder
• EC2FastLaunchServiceRolePolicy
• EC2FastLaunchFullAccess
• DynamoDBGlobalTableSettingsManagementServiceRolePolicy
• DatabaseAdministrator
• CostOptimizationHubReadOnlyAccess
• CostOptimizationHubAdminAccess
• ConsoleViewOnlyAccessFromVercel
• ConsoleFullAccessFromVercel
• ComputeOptimizerServiceRolePolicy
• CloudWatchSyntheticsFullAccess
• CloudWatchReadOnlyAccess
• CloudWatchOpenSearchDashboardsFullAccess
• CloudWatchOpenSearchDashboardAccess
• CloudWatchNetworkFlowMonitorTopologyServiceRolePolicy
• CloudWatchNetworkFlowMonitorServiceRolePolicy
• CloudWatchNetworkFlowMonitorAgentPublishPolicy
• CloudWatchLogsReadOnlyAccess
• CloudWatchLogsFullAccess
• CloudWatchFullAccessV2
• CloudWatchEventsFullAccess
• CloudWatchApplicationSignalsServiceRolePolicy
• CloudWatchApplicationSignalsReadOnlyAccess
• CloudWatchApplicationSignalsFullAccess
• CloudFrontReadOnlyAccess
• CloudFrontFullAccess
• Billing
• BedrockAgentCoreFullAccess
• AuroraDsqlServiceLinkedRolePolicy
• AmazonWorkSpacesThinClientReadOnlyAccess
• AmazonWorkSpacesThinClientFullAccess
• AmazonVPCReadOnlyAccess
• AmazonVPCFullAccess
• AmazonTimestreamInfluxDBFullAccessWithoutMarketplaceAccess
• AmazonTimestreamInfluxDBFullAccess
• AmazonTimestreamConsoleFullAccess
• AmazonSageMakerTrainingPlanCreateAccess
• AmazonSageMakerSpacesRouterPolicy
• AmazonSageMakerSpacesControllerPolicy
• AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy
• AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy
• AmazonSageMakerQuickSightVPCPolicy
• AmazonSageMakerPartnerAppsFullAccess
• AmazonSageMakerHyperPodTrainingOperatorAccess
• AmazonSageMakerHyperPodObservabilityAdminAccess
• AmazonSageMakerHyperPodInferenceAccess
• AmazonSageMakerHyperPodGatedModelAccess
• AmazonSageMakerFullAccess
• AmazonSageMakerCanvasSMDataScienceAssistantAccess
• AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy
• AmazonSSMAutomationRole
• AmazonS3TablesReadOnlyAccess
• AmazonS3TablesLakeFormationServiceRole
• AmazonS3TablesFullAccess
• AmazonRoute53FullAccess
• AmazonRedshiftFederatedAuthorization
• AmazonRDSPerformanceInsightsReadOnly
• AmazonRDSPerformanceInsightsFullAccess
• AmazonRDSCustomServiceRolePolicy
• AmazonRDSCustomPreviewServiceRolePolicy
• AmazonRDSCustomInstanceProfileRolePolicy
• AmazonQFullAccess
• AmazonQDeveloperAccess
• AmazonPrometheusConsoleFullAccess
• AmazonODBServiceRolePolicy
• AmazonKeyspacesReadOnlyAccess_v2
• AmazonKeyspacesReadOnlyAccess
• AmazonKeyspacesFullAccess
• AmazonInspector2ServiceRolePolicy
• AmazonInspector2ReadOnlyAccess
• AmazonInspector2FullAccess_v2
• AmazonGuardDutyFullAccess_v2
• AmazonGuardDutyFullAccess
• AmazonFSxFullAccess
• AmazonFSxConsoleReadOnlyAccess
• AmazonFSxConsoleFullAccess
• AmazonEventBridgeSchedulerReadOnlyAccess
• AmazonEventBridgeSchedulerFullAccess
• AmazonEventBridgeFullAccess
• AmazonEventBridgeApiDestinationsServiceRolePolicy
• AmazonEVSServiceRolePolicy
• AmazonEMRServicePolicy_v2
• AmazonEMRFullAccessPolicy_v2
• AmazonEKSServiceRolePolicy
• AmazonEKSMCPReadOnlyAccess
• AmazonEKSLoadBalancingPolicy
• AmazonEKSDashboardConsoleReadOnly
• AmazonEKSComputePolicy
• AmazonEKSClusterPolicy
• AmazonECSServiceRolePolicy
• AmazonECSInstanceRolePolicyForManagedInstances
• AmazonECSInfrastructureRoleforExpressGatewayServices
• AmazonECSInfrastructureRolePolicyForVolumes
• AmazonECSInfrastructureRolePolicyForServiceConnectTransportLayerSecurity
• AmazonECSInfrastructureRolePolicyForManagedInstances
• AmazonECSInfrastructureRolePolicyForLoadBalancers
• AmazonECSComputeServiceRolePolicy
• AmazonEC2ReadOnlyAccess
• AmazonEC2ImageReferencesAccessPolicy
• AmazonEC2ContainerServiceforEC2Role
• AmazonEBSCSIDriverPolicy
• AmazonDynamoDBFullAccess_v2
• AmazonDocDBElasticFullAccess
• AmazonDocDBConsoleFullAccess
• AmazonDataZoneSageMakerProvisioningRolePolicy
• AmazonDataZoneSageMakerManageAccessRolePolicy
• AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary
• AmazonDataZoneRedshiftManageAccessRolePolicy
• AmazonDataZoneGlueManageAccessRolePolicy
• AmazonDataZoneFullAccess
• AmazonDataZoneDomainExecutionRolePolicy
• AmazonDataZoneBedrockModelConsumptionPolicy
• AmazonConnectServiceLinkedRolePolicy
• AmazonCognitoPowerUser
• AmazonCloudWatchRUMReadOnlyAccess
• AmazonBraketFullAccess
• AmazonBedrockReadOnly
• AmazonBedrockMarketplaceAccess
• AmazonBedrockMantleReadOnly
• AmazonBedrockMantleInferenceAccess
• AmazonBedrockMantleFullAccess
• AmazonBedrockLimitedAccess
• AmazonBedrockFullAccess
• AmazonBedrockAgentCoreMemoryBedrockModelInferenceExecutionRolePolicy
• AmazonAuroraDSQLReadOnlyAccess
• AmazonAuroraDSQLFullAccess
• AmazonAuroraDSQLConsoleFullAccess
• AmazonAthenaFullAccess
• AmazonApplicationRecoveryControllerRegionSwitchPlanExecutionPolicy
• AmazonAppStreamServiceAccess
• AmazonAppStreamReadOnlyAccess
• AdministratorAccess-AWSElasticBeanstalk
• AccountManagementFromVercel
• AccessAnalyzerServiceRolePolicy
• AWS_ConfigRole
• AWSWAFReadOnlyAccess
• AWSWAFFullAccess
• AWSWAFConsoleReadOnlyAccess
• AWSWAFConsoleFullAccess
• AWSUserNotificationsServiceLinkedRolePolicy
• AWSTransformCustomManageTransformations
• AWSTransformCustomFullAccess
• AWSTransformCustomExecuteTransformations
• AWSTransformApplicationECSDeploymentPolicy
• AWSTransformApplicationDeploymentPolicy
• AWSThinkboxAWSPortalAdminPolicy
• AWSSystemsManagerJustInTimeNodeAccessRolePropagationPolicy
• AWSSystemsManagerJustInTimeAccessTokenSessionPolicy
• AWSSystemsManagerJustInTimeAccessTokenPolicy
• AWSSystemsManagerJustInTimeAccessServicePolicy
• AWSSupportServiceRolePolicy
• AWSSupportAccess
• AWSSupplyChainFederationAdminAccess
• AWSServiceRoleForUserSubscriptions
• AWSServiceRoleForImageBuilder
• AWSServiceRoleForAWSTransform
• AWSSecurityIncidentResponseTriageServiceRolePolicy
• AWSSecurityIncidentResponseServiceRolePolicy
• AWSSecurityIncidentResponseReadOnlyAccess
• AWSSecurityIncidentResponseFullAccess
• AWSSecurityIncidentResponseCaseFullAccess
• AWSSecurityHubV2ServiceRolePolicy
• AWSSecurityHubOrganizationsAccess
• AWSSecurityHubFullAccess
• AWSSecurityAgentWebAppPolicy
• AWSSecretsManagerClientReadOnlyAccess
• AWSSSOReadOnly
• AWSSSOMemberAccountAdministrator
• AWSSSOMasterAccountAdministrator
• AWSSSODirectoryReadOnly
• AWSSSODirectoryAdministrator
• AWSSSMForSAPServiceLinkedRolePolicy
• AWSRolesAnywhereReadOnly
• AWSRolesAnywhereFullAccess
• AWSResourceExplorerServiceRolePolicy
• AWSResilienceHubAsssessmentExecutionPolicy
• AWSRefactoringToolkitFullAccess
• AWSQuicksightAthenaAccess
• AWSQuickSightSecretsManagerWritePolicy
• AWSQuickSightSecretsManagerWriteAccess
• AWSQuickSetupStartStopInstancesExecutionPolicy
• AWSQuickSetupStartSSMAssociationsExecutionPolicy
• AWSQuickSetupSSMLifecycleManagementExecutionPolicy
• AWSQuickSetupSSMDeploymentRolePolicy
• AWSQuickSetupPatchPolicyPermissionsBoundary
• AWSQuickSetupManagedInstanceProfileExecutionPolicy
• AWSQuickSetupManageJITNAResourcesExecutionPolicy
• AWSQuickSetupJITNADeploymentRolePolicy
• AWSQuickSetupDeploymentRolePolicy
• AWSPurchaseOrdersServiceRolePolicy
• AWSPrivateMarketplaceRequests
• AWSPrivateMarketplaceAdminFullAccess
• AWSPrivateCAUser
• AWSPrivateCAPrivilegedUser
• AWSPrivateCAConnectorForKubernetesPolicy
• AWSPartnerLedSupportReadOnlyAccess
• AWSPartnerCentralSellingResourceSnapshotJobExecutionRolePolicy
• AWSPartnerCentralSandboxFullAccess
• AWSPartnerCentralOpportunityManagement
• AWSPartnerCentralMarketingManagement
• AWSPartnerCentralFullAccess
• AWSPartnerCentralChannelManagement
• AWSPartnerCentralChannelHandshakeApprovalManagement
• AWSPanoramaFullAccess
• AWSPanoramaApplianceServiceRolePolicy
• AWSPCSServiceRolePolicy
• AWSPCSComputeNodePolicy
• AWSOrganizationsFullAccess
• AWSObservabilityAdminTelemetryEnablementServiceRolePolicy
• AWSNetworkFirewallReadOnlyAccess
• AWSNetworkFirewallFullAccess
• AWSMcpServiceActionsFullAccess
• AWSMarketplaceSellerProductsReadOnly
• AWSMarketplaceSellerProductsFullAccess
• AWSMarketplaceSellerFullAccess
• AWSMarketplaceRead-only
• AWSMarketplaceManageSubscriptions
• AWSMarketplaceFullAccess
• AWSManagementConsoleBasicUserAccess
• AWSManagementConsoleAdministratorAccess
• AWSLambda_ReadOnlyAccess
• AWSLambda_FullAccess
• AWSLambdaManagedEC2ResourceOperator
• AWSLambdaBasicDurableExecutionRolePolicy
• AWSLakeFormationDataAdmin
• AWSLakeFormationCrossAccountManager
• AWSIoTSiteWiseReadOnlyAccess
• AWSIoTManagedIntegrationsFullAccess
• AWSIncidentManagerResolverAccess
• AWSIdentityCenterExternalManagementPolicy
• AWSIPAMServiceRolePolicy
• AWSGroundStationAgentInstancePolicy
• AWSFaultInjectionSimulatorSSMAccess
• AWSFaultInjectionSimulatorRDSAccess
• AWSFaultInjectionSimulatorNetworkAccess
• AWSFaultInjectionSimulatorEKSAccess
• AWSFaultInjectionSimulatorECSAccess
• AWSFaultInjectionSimulatorEC2Access
• AWSEntityResolutionConsoleFullAccess
• AWSElementalMediaConnectReadOnlyAccess
• AWSElementalMediaConnectFullAccess
• AWSElasticLoadBalancingServiceRolePolicy
• AWSElasticDisasterRecoveryLaunchActionsPolicy
• AWSElasticDisasterRecoveryConsoleFullAccess_v2
• AWSElasticDisasterRecoveryConsoleFullAccess
• AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
• AWSEC2SqlHaInstancePolicy
• AWSDeadlineCloud-WorkerHost
• AWSDeadlineCloud-UserAccessFarms
• AWSDataSyncFullAccess
• AWSDataLifecycleManagerServiceRole
• AWSDMSServerlessServiceRolePolicy
• AWSControlTowerServiceRolePolicy
• AWSControlTowerIdentityCenterManagementPolicy
• AWSControlTowerCloudTrailRolePolicy
• AWSControlTowerAccountServiceRolePolicy
• AWSConfigServiceRolePolicy
• AWSCodeDeployReadOnlyAccess
• AWSCodeDeployFullAccess
• AWSCodeDeployDeployerAccess
• AWSCodeCommitReadOnly
• AWSCodeCommitPowerUser
• AWSCodeCommitFullAccess
• AWSCodeBuildReadOnlyAccess
• AWSCodeBuildDeveloperAccess
• AWSCodeBuildAdminAccess
• AWSCloudFormationReadOnlyAccess
• AWSCloud9User
• AWSCloud9EnvironmentMember
• AWSCloud9Administrator
• AWSCleanRoomsMLReadOnlyAccess
• AWSCleanRoomsMLFullAccess
• AWSCleanRoomsFullAccessNoQuerying
• AWSCertificateManagerPrivateCAUser
• AWSCertificateManagerPrivateCAPrivilegedUser
• AWSBillingReadOnlyAccess
• AWSBillingConductorReadOnlyAccess
• AWSBillingConductorFullAccess
• AWSBackupServiceRolePolicyForScans
• AWSBackupServiceRolePolicyForRestores
• AWSBackupServiceRolePolicyForItemRestores
• AWSBackupServiceRolePolicyForIndexing
• AWSBackupServiceRolePolicyForBackup
• AWSBackupServiceLinkedRolePolicyForBackup
• AWSBackupSearchOperatorAccess
• AWSBackupOperatorAccess
• AWSBackupGuardDutyRolePolicyForScans
• AWSBackupFullAccess
• AWSArtifactReportsReadOnlyAccess
• AWSArtifactAgreementsReadOnlyAccess
• AWSArtifactAgreementsFullAccess
• AWSApplicationMigrationServiceRolePolicy
• AWSApplicationMigrationSSMAccess
• AWSApplicationMigrationNetworkMigrationMultiAccount
• AWSApplicationMigrationNetworkMigrationCustomResource
• AWSApplicationMigrationFullAccess
• AWSApplicationMigrationEC2Access
• AWSAccountSettingsManagementRole
• AWS-SSM-RemediationAutomation-ExecutionRolePolicy
• AWS-SSM-RemediationAutomation-AdministrationRolePolicy
• AWS-SSM-DiagnosisAutomation-ExecutionRolePolicy
• AWS-SSM-DiagnosisAutomation-AdministrationRolePolicy
• AIOpsReadOnlyAccess
• AIOpsOperatorAccess
• AIOpsConsoleAdminPolicy
• AIOpsAssistantPolicy
• AIOpsAssistantIncidentReportPolicy
• AWSResourceExplorerServiceRolePolicy
• SageMakerStudioProjectProvisioningRolePolicy

☕ CloudFormation resource changes

No resource updates this week.

🎮 Amazon Linux vulnerabilities

• CVE-2026-2369: libsoup heap buffer overflow in content sniffing (7.1 Important)
• CVE-2026-26081: haproxy QUIC NEW_TOKEN packet parsing crash (7.5 Important)
• CVE-2026-2443: libsoup HTTP Range header memory disclosure (5.9 Medium)
• CVE-2026-26080: haproxy QUIC frame type parsing flaw (7.5 Important)
• CVE-2026-2006: PostgreSQL text handling buffer overrun enables RCE (8.8 Important)
• CVE-2026-2005: PostgreSQL pgcrypto heap overflow enables RCE (8.8 Important)
• CVE-2020-37167: ClamAV bytecode interpreter weak input validation (6.7 Medium)
• CVE-2026-2004: PostgreSQL intarray extension arbitrary code execution (8.8 Important)
• CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow (7.1 Important)
• CVE-2026-2003: PostgreSQL oidvector validation memory exposure (4.3 Medium)
• CVE-2026-2271: GIMP PSP parser integer overflow (4.4 Medium)
• CVE-2025-14821: libssh Windows config file MITM and downgrade (7.8 Important)
• CVE-2026-0964: libssh SCP protocol path traversal (6.5 Medium)
• CVE-2026-0965: libssh DoS on unexpected config files (3.3 Low)
• CVE-2026-25990: Pillow PSD out-of-bounds write (7.1 Important)
• CVE-2026-1837: libjxl LCMS2 uninitialized memory write (8.1 Important)
• CVE-2026-2272: GIMP ICO import integer overflow heap overflow (4.4 Medium)
• CVE-2026-0968: libssh sftp_parse_longname out-of-bounds read (4.2 Medium)
• CVE-2025-12474: libjxl uninitialized memory read via incorrect optimization (3.1 Low)
• CVE-2026-0967: libssh DoS via crafted patterns (2.2 Low)
• CVE-2026-0966: libssh buffer underflow in ssh_get_hexa (8.2 Important)
• CVE-2026-25646: libpng png_set_quantize out-of-bounds read infinite loop (6.8 Medium)
• CVE-2025-31648: Intel microcode improper flow handling privilege escalation (3.9 Low)
• CVE-2025-32735: Intel NPU driver improper conditions check DoS (5.5 Medium)
• CVE-2026-2239: GIMP PSD loader heap-buffer-overflow (4.4 Medium)
• CVE-2026-1584: GnuTLS NULL pointer dereference via malformed ClientHello (7.5 Important)
• CVE-2026-25506: munge buffer overflow leaks crypto keys enables forgery (7.8 Important)
• CVE-2025-54514: Intel SoC improper resource isolation integrity loss (2.3 Low)
• CVE-2026-26007: python-cryptography SECT curve signature forgery (6.5 Medium)
• CVE-2025-52534: AMD microcode guest-to-host memory write (6.5 Medium)

📺 AWS security bulletins

No bulletins this week.

🚬 Security documentation changes

• IAM: Added MCP condition keys (aws:CalledViaAWSMCP, aws:ViaAWSMCPService) for service tracking
• AWS Backup: Added checksum verification and data replacement process details
• AWS Backup: Updated IAM policy example to use root ARN format in KMS key policies
• Bedrock: Updated section titles to focus on configuration/vulnerability analysis and prompt injection
• Bedrock: Replaced Knowledge Bases section with Security, Guardrails, and Observability
• Bedrock: Renamed section to 'Prompt injection security'
• Bedrock: Added OpenAI API reference, changed section to 'Control permissions'
• Bedrock: Added automatic model access section with IAM prerequisites and FTU requirements
• Bedrock: Renamed section to 'Model customization access and security'
• Bedrock: Added comprehensive monitoring sections, renamed to 'Observability'
• Bedrock: Changed focus from vulnerability analysis to abuse detection and Guardrails
• Bedrock: Restructured security content to emphasize Guardrails and Observability
• Bedrock: Added Bedrock Mantle endpoint configuration and example VPC policy
• Bedrock: Renamed section from 'Prompt injection security' to 'Abuse detection'
• CLI: Added r8id instance types and NestedVirtualization parameter documentation
• Connect: Added 'task' to KMS key permission requirements for Connect AI agents
• Deadline Cloud: Clarified credential requirements, removed time-bound IAM policy example
• DRS: Added agent versions 6.42.15/6.42.14 with CVE-2025-15467 and CVE-2025-9230 fixes
• EKS: Added enableV4Egress config to disable IPv4 egress from IPv6 pods
• EKS: Added warning about Ingress NGINX retirement and security risks
• EKS: Added options to disable session tags and configure session policies for Pod Identity
• EKS: Added session tag disable and session policy config for Pod Identity associations
• FSx: Modified KMS key policy syntax, removed SecretsManager encryption context condition
• Lambda: Added network/connectivity error troubleshooting for security groups and Kafka
• Redshift: Updated JDBC driver links from v2.2.2 to v2.2.3
• SageMaker: Replaced BYOO docs with instructions to download from private S3 bucket
• Security IR: Updated doc history with AI Investigative Agent customer data disclaimer
• Sign-in: Added managed policy docs for same-device and cross-device authentication
• Config: Added documentation about IAM policy updates for AWS Config
• Config: Added docs for AWSConfigServiceRolePolicy and AWS_ConfigRole policy updates
• Connect: Added analytics option with PII warning