🥖 Palette Cleanser

Happy birthday S3! Twenty years ago on Pi Day, AWS quietly launched a little service that would store objects on the internet. What started as an internal need for elastic, scalable storage is now foundational infrastructure for AI workloads, data lakes, and just about everything else. To celebrate, AWS gave us all a present: account-regional namespaces that finally kill bucketsquatting. More on that below. Meanwhile, AWS is expanding Security Hub into multicloud, which feels weird but fun.

In case you missed it, CodeBuild recently got two new IAM condition keys that are super useful: codebuild:BuildArn and codebuild:ProjectArn. You can now scope IAM policies to specific builds or projects, so your CodeBuild role can prove where it came from when accessing other AWS resources. Think of it like aws:SourceArn but for your CI/CD pipeline. No more overly broad build roles.

Not really AWS related but I'm sure many of us are feeling it... Rich Mogull wrote a piece for CSA on why one IAM to rule all your AI agents doesn't work. He breaks agents into "islands of identity" - personal desktop agents, coding agents, SaaS agents, and enterprise agents - each with fundamentally different IAM needs. I'm increasingly running into this problem myself, and it's clear nobody has a good answer yet. Kane Narraway dug into the practical side this week, pointing out that OAuth scopes are way too broad for agents ("you don't get 'read the last 5 emails about Project X,' you get 'read access to your entire inbox'") and estimating 2-3 years before access control is genuinely solved for agents. Expect demos soon.

The Plerion team, including the founder, will be in San Francisco next week (March 23-26) for RSAC. Reach out to Keith Davison to grab a coffee or an adult beverage.

Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.

📋 Chef's selections

• Bucketsquatting is (Finally) Dead by Ian Mckay

  After a decade of reporting bucketsquatting issues to AWS, Ian finally gets to write the happy ending. AWS introduced a new namespace syntax for S3 buckets that embeds your account ID and region into the name (e.g., myapp-123456789012-us-west-2-an). No more registering a bucket and waiting for it to be used, nor waiting for the moment when the bucket is deleted so it can be sniped. AWS is recommending using the namespace for all new buckets, but that feels like a lesson not learned from years of bucket exposures. Just force it as the default, my friends! Another angle focused on shadow resources here.

• Behind the console: Active phishing campaign targeting AWS console credentials by Martin Mc Closkey

  Martin caught an active adversary-in-the-middle phishing campaign going after AWS Console creds via typosquatted domains like cloud-recovery[.]net. The kit proxies real-time auth to the legitimate AWS sign-in endpoint, validates credentials on the fly, and likely captures OTP codes too. Post-compromise console access was observed within 20 minutes of credential submission (why so long?!), originating from Mullvad VPN infrastructure. Not an AWS vuln, but a reminder that your AWS credentials are only as strong as the humans typing them.

• Visualizing AWS Relationships and Attack Paths by pathsec

  A new open-source tool for mapping AWS resource relationships and identifying attack paths. The aws-visualizer ingests resources across regions (EC2, VPCs, subnets, security groups, IAM, Lambda) and renders them as an interactive Cytoscape.js graph where you can filter by region/service and trace relationships. It integrates pathfinding.cloud for IAM privilege escalation analysis. I haven't used it, and I couldn't find a real name for the author, so try it at your own risk.

🥗 AWS security blogs

• 📣 AWS Network Firewall Launch in the AWS European Sovereign Cloud
• 📣 New LZA MCP Server for AI-assisted configuration management
• 📣 AWS Private CA Connector for SCEP now supports AWS PrivateLink
• 📣 AWS Firewall Manager launches in AWS Asia Pacific (New Zealand) Region
• 📣 AWS Builder ID now supports Sign in with GitHub and Amazon
• 📣 Amazon Cognito is now available in Asia Pacific (Taipei) and Asia Pacific (New Zealand) Regions
• 📣 IAM Roles Anywhere now supports post-quantum digital certificates
• Strengthening application security: How Detectify and AWS help enterprises control their attack surface by Parascovia Digori
• Enhancing Security Incident Response with AWS Partners: Program updates and capabilities by Dean Lawrence
• Framework for platform expansion to Europe, Middle East and beyond by Mehmet Bakkaloglu
• Deploy AWS applications and access AWS accounts across multiple Regions with IAM Identity Center by Alex Milanovic
• How to manage the lifecycle of Amazon Machine Images using AMI Lineage for AWS by George'son Tib
• AWS European Sovereign Cloud achieves first compliance milestone: SOC 2 and C5 reports plus seven ISO certifications by Julian Herlinghaus
• Security is a team sport: AWS at RSAC 2026 Conference by Idaliz Seymour
• AWS Security Hub is expanding to unify security operations across multicloud environments by Gee Rittenhouse

🍛 Reddit threads on r/aws

• Shifting security left in laC pipelines
• Zero to AWS Admin in 72 Hours

💸 Sponsor shoutout

Meet Pleri: your AI-powered cloud security teammate. She’s not a chatbot. Pleri proactively finds meaningful security work and fixes issues before they become problems.

Learn more about Pleri and see her in action.

🧁 IAM permission changes

• route53-recovery-control-config
• sdb
• health-agent
• s3
• partnercentral
• datazone
• chime
• cognito-idp
• ram
• es

🍪 API changes

• Amazon API Gateway
• Amazon GameLift Streams
• AWS Glue
• AWS Elemental MediaConvert
• Application Migration Service
• Amazon QuickSight
• AWS DataSync
• Amazon Elastic Container Registry
• Amazon Simple Storage Service
• Amazon Connect Customer Profiles
• Amazon Elastic Kubernetes Service
• Amazon Polly
• Amazon SageMaker Service
• Amazon SimpleDB v2
• Amazon WorkSpaces
• Amazon Bedrock AgentCore Control
• Amazon Connect Cases
• Amazon Lex Model Building V2
• Application Migration Service
• Amazon OpenSearch Service
• Amazon Route 53 Global Resolver

🍹 IAM managed policy changes

Too many to list...

☕ CloudFormation resource changes

• AWS::CleanRoomsML::ConfiguredModelAlgorithm
• AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation

🎮 Amazon Linux vulnerabilities

• CVE-2026-2436: libsoup use-after-free DoS during TLS handshake (6.5)
• CVE-2026-29776: FreeRDP integer underflow in cache bitmap order
• CVE-2026-2920: GStreamer ASF demuxer out-of-bounds write (7.8)
• CVE-2026-2922: GStreamer RealMedia demuxer out-of-bounds write (7.8)
• CVE-2026-1940: GStreamer WAV parser out-of-bounds read
• CVE-2026-3085: GStreamer RTP QDM2 heap buffer overflow (8.8)
• CVE-2026-3084: GStreamer H.266 parser out-of-bounds write (7.8)
• CVE-2026-2921: GStreamer RIFF parser integer overflow (7.8)
• CVE-2026-3086: GStreamer H.266 APS parser stack overflow (7.8)
• CVE-2026-2923: GStreamer DVB subtitle decoder OOB read/write (7.8)
• CVE-2026-3083: GStreamer RTP QDM2 heap buffer overflow (8.0)
• CVE-2026-3081: GStreamer H.266 pic_timing SEI stack overflow (7.8)
• CVE-2026-32746: telnetd LINEMODE SLC buffer overflow (9.8)
• CVE-2026-31958: Tornado multipart/form-data parsing DoS (7.5)
• CVE-2026-3784: curl proxy CONNECT credential reuse
• CVE-2026-31853: ImageMagick SFW decoder overflow on 32-bit
• CVE-2026-3783: curl OAuth2 bearer token leaked on redirect
• CVE-2026-3904: glibc nscd client crash via memcmp race
• CVE-2026-3950: libheif out-of-bounds read in Track::load
• CVE-2026-1965: curl Negotiate auth credential reuse
• CVE-2026-3805: curl SMB use-after-free on second request
• CVE-2026-28686: ImageMagick PCL encoder heap overflow (6.8)
• CVE-2026-23239: Linux kernel espintcp_close() race condition
• CVE-2026-28692: ImageMagick MAT decoder heap over-read
• CVE-2026-26130: ASP.NET Core resource exhaustion DoS (7.5)
• CVE-2026-28689: ImageMagick TOCTOU symlink policy bypass
• CVE-2026-28688: ImageMagick MSL encoder use-after-free
• CVE-2026-28493: ImageMagick SIXEL decoder integer overflow
• CVE-2026-23240: Linux kernel TLS cancel work race condition
• CVE-2026-23868: giflib double-free in GifMakeSavedImage (7.0)
• CVE-2026-3845: Firefox heap buffer overflow in A/V playback (8.8)
• CVE-2026-30937: ImageMagick XWD encoder integer overflow (6.8)
• CVE-2026-31812: Quinn QUIC malformed packet DoS (7.5)
• CVE-2026-26131: .NET incorrect default permissions privesc (7.8)
• CVE-2026-30883: ImageMagick PNG profile heap overflow
• CVE-2026-28687: ImageMagick MSL decoder use-after-free
• CVE-2026-28494: ImageMagick stack buffer overflow via kernel string (7.1)
• CVE-2026-30931: ImageMagick UHDR encoder heap overflow (6.8)
• CVE-2026-26127: .NET out-of-bounds read DoS (7.5)
• CVE-2026-28691: ImageMagick JBIG decoder uninitialized pointer (7.5)
• CVE-2026-30929: ImageMagick MagnifyImage stack overflow (7.7)
• CVE-2026-3847: Firefox memory corruption, presumed exploitable (8.8)
• CVE-2026-30935: ImageMagick bilateral blur heap over-read
• CVE-2026-30936: ImageMagick wavelet-denoise heap write
• CVE-2026-31802: node-tar symlink escape file overwrite (8.1)
• CVE-2026-28693: ImageMagick DIB coder integer overflow (8.1)
• CVE-2026-28690: ImageMagick MNG encoder stack overflow
• CVE-2026-3846: Firefox CSS same-origin policy bypass

📺 AWS security bulletins

No bulletins this week.

🚬 Security documentation changes

• ECS: removed Copilot CLI end-of-support notice
• ECS: removed Copilot CLI end-of-support notice
• IAM: recommending passkeys/security keys for MFA
• IAM: passkeys over other MFA methods
• IAM: deprecated SMS MFA, security key guidance
• IAM: passkeys over hardware TOTP
• IAM: TOTP limitations vs FIDO2
• IAM: prefer role principals over session principals
• Aurora DSQL: service-linked role IAM action fix
• CDK: Mixins for S3 security configs
• CLI: secret management with KMS/Secrets Manager
• CLI: secret config structures for KMS/IAM
• CLI: customer-managed KMS for SMB secrets
• DataZone: deny UpdateNotebookInstanceLifecycleConfig
• DataZone: permissions boundary update
• Inspector: SBOM Generator CVEs and upgrade guidance
• Inspector: SBOM Generator v1.11.2 checksums
• IVS: SDK token exchange and TLS validation
• KMS: mTLS deprecated, migrate to SigV4 by June 15
• KMS: removed mTLS config references
• Neptune: removed old TinkerPop, SigV4 updates
• PCS: agent update to v1.3.2-1
• Private CA: Public/Private connector options
• SageMaker: managed policies replace SageMakerFullAccess
• Storage Gateway: v3.2.3 security improvements
• Storage Gateway: v3.2.2/2.14.2 security improvements
• Systems Manager: custom IAM roles for State Manager
• WAF: CloudWatch logging for DDoS-blocked requests
• WAF: DDoS protection metric clarifications
• Wickr: Secure Shredder docs updated
• ECS: Copilot CLI end-of-support notice
• ECS: bind mount and privileged container warnings
• ECS: Copilot CLI end-of-support notice
• ECS: Copilot CLI end-of-support notice
• CLI: input validation and DICTIONARY_DGA protection
• CLI: input validation and DICTIONARY_DGA protection
• CLI: version update, domain validation, DICTIONARY_DGA
• Config: 48 new managed rules, updated IAM policies
• Config: related rule to acm-certificate-transparent-logging
• Config: related rule to acm-certificate-transparent-logging
• Config: updated related rule references
• Config: related rule to apigateway-domain-name-tls-check
• Config: related rules to HTTPS/TLS checks
• Config: related rule to TLS enforcement
• Config: related rule to multi-region event store
• Config: password expiration and length value ranges
• Config: updated regions and related rules
• Config: new rules for ACM, CloudTrail, EC2, Lambda, S3, IAM
• Config: rules for encryption, logging, access controls
• Config: change-triggered rules for tagging, TLS, IAM