SRE Weekly Issue #320 • 📖 [The CloudSecList] Issue 135 • [tl;dr sec] #130 - Project Zero on 0day Trends, ThinkstScapes • Amazon CodeGuru Reviewer - 3 updated methods • AWS Elemental MediaConvert - 11 updated methods • Amazon Relational Database Service - 16 updated methods • Amazon Simple Systems Manager (SSM) - 3 updated methods • New IDC whitepaper released – Trusted Cloud: Overcoming the Tension Between Data Sovereignty and Accelerated Digital Transformation • How to control access to AWS resources based on AWS account, OU, or organization • Extend your pre-commit hooks with AWS CloudFormation Guard • LGPD workbook for AWS customers managing personally identifiable information in Brazil • cloudformation: 1 updated condition • servicecatalog: 1 updated condition • iotwireless: 6 new actions, 1 new resource | 8 updated actions • The OPA AWS CloudFormation Hook • Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL • There's a Spotify Terraform provider 😂 • We have some new best friends in town!! These are powerful condition keys to help you establish an organizational boundary. 👏 🎉 • aws:ResourceOrgID has arrived • It’s happening! <a href="https://twitter.com/hashtag/awslondonsummit" target="_blank">#awslondonsummit</a> • AWS IAM came out with 3 new condition keys that can help you establish a Data Perimeter and prevent exfiltration etc. If you remember the Endgame tool that showed how to blast open resource policies &amp; share things with the world - this will prevent that. 🔥 Great work, AWS team • How to control access to AWS resources based on AWS account, OU, or organization | AWS Security Blog. Going to be a super helpful relay for orgs looking to keep shadow cloud resources out of sensitive places <a href="https://t.co/DYjX89USNE" target="_blank">aws.amazon.com/blogs/security…</a> • If you haven't submitted a talk proposal to fwd:cloudsec, you should! It's a great (if not the best) cloud security conference happening in Boston on July 25th. <a href="https://t.co/pTUaLZNI4n" target="_blank">fwdcloudsec.org/cfp.html</a> Below are a few things I'd *love* to see. 🧵⬇️ • 🧪 <a href="https://twitter.com/datadoghq" target="_blank">@datadoghq</a> Security Labs Repo Information, exploits, and scripts Currently contains PoCs for: * Dirty Pipe container breakout * Spring4Shell * JWT Null Signature Vulnerability By <a href="https://twitter.com/christophetd" target="_blank">@christophetd</a> &amp; <a href="https://twitter.com/andrewkrug" target="_blank">@andrewkrug</a> <a href="https://t.co/jpWxh5tQMx" target="_blank">github.com/DataDog/securi…</a> • AWS breaking changes coming up: April 30: Lambda ARNs are changing in IAM policies when versions or aliases are referenced: <a href="https://t.co/9C1n0L60hY" target="_blank">forum.serverless.com/t/lambda-secur…</a> May 18: GovCloud RDS TLS certs are changing. <a href="https://t.co/4qjuQqjOnH" target="_blank">github.com/SummitRoute/aw…</a> • This was long overdue! 🔑🔑 • AWS's Open Source Problem - by Corey Quinn • Amazon RDS now supports Internet Protocol Version 6 (IPv6) • AWS Step Functions expands support for over 20 new AWS SDK integrations • You have a magic wand, which when waved, let's you change anything about one AWS service. What do you change and why? • Amazon Rekognition introduces Streaming Video Events to provide real-time alerts on live video streams • Kubernetes Goat - Interactive Kubernetes Security Learning Playground 🚀 • KrbRelayUp - local privilege escalation in Windows domain environments where LDAP signing is not enforced • Can anyone recommend what’s the best route or certifications to start off getting in order to get a entry level job in this field w/ no experience but I also have full military benefits if anyone accepts that for certifications…? • AWS Wins Out Over Microsoft For $10B NSA Cloud Contract - CRN • Prowler Pro for AWS security launched by Verica - SC Media