SRE Weekly Issue #337 • 📖 [The CloudSecList] Issue 153 • [tl;dr sec] #148 - OWASP Kubernetes Top 10, GraphQL Batching Attacks • AWS Control Tower - 4 new methods • AWS SSO Identity Store - 15 new 4 updated methods • Amazon Interactive Video Service - 3 updated methods • Amazon SageMaker Service - 2 updated methods • Scaling cross-account AWS KMS–encrypted Amazon S3 bucket access using ABAC • How to automate updates for your domain list in Route 53 Resolver DNS Firewall • Announcing new AWS IAM Identity Center APIs to manage users and groups at scale • How to let builders create IAM resources while improving security and agility for your organization • events: 1 new resource | 11 updated actions, 1 updated resource • controltower: 4 new actions • identitystore: 5 updated actions • Crawl, walk, run: Operationalizing your IaC security program - Bridgecrew Blog • GitHub - devops-kung-fu/bomber: Scans SBoMs for security vulnerabilities • 🗒️ A Guide On Implementing An Effective SAST Workflow <a href="https://twitter.com/anshuman_bh" target="_blank">@anshuman_bh</a> on setting up a dev-friendly SAST workflow for free using open source tools: Semgrep and <a href="https://twitter.com/owasp" target="_blank">@owasp</a>'s <a href="https://twitter.com/defectdojo" target="_blank">@defectdojo</a> <a href="https://t.co/jUrSIxGSol" target="_blank">anshumanbhartiya.com/posts/sast-wor…</a> • Control Tower just got APIs too like SSO. Great to see this happen, but every announcement about Control Tower and SSO are things I expected they would have had by now and scares me about what basic things they still don't have. <a href="https://t.co/cyb1s6B0dY" target="_blank">twitter.com/publiccloudbot…</a> • I've been making some very important transactions on my new business credit card. • 5-and-a-half years after launch, and we now have <a href="https://twitter.com/hashtag/AWS" target="_blank">#AWS</a> CloudFormation support for Amazon Connect so I can deprecate this yucky thing. Better late than never I guess 🤷‍♂️ <a href="https://t.co/OYvHylNFFm" target="_blank">aws.amazon.com/about-aws/what…</a> • This didn't have APIs before? AWS expected businesses to click around in the web console to manage identities? Meaning no way to have approval flows? Looks like previously using ansible for browser automation was the solution? <a href="https://t.co/LvWXudFD0K" target="_blank">github.com/aws/aws-sdk/is…</a> 🤮 • ☁️ <a href="https://twitter.com/wiz_io" target="_blank">@wiz_io</a> worked with Azure to get middleware agents new auto-patching capabilities So now you don't have to manually patch critical vulns in software Azure installed for you that you may not know you have <a href="https://t.co/CXLEnKNzY7" target="_blank">wiz.io/blog/auto-patc…</a> • "I just knew in my heart that I really, really didn't want to use Terraform." - <a href="https://twitter.com/__steele" target="_blank">@__steele</a>, writing a love letter to CloudFormation today • <a href="https://twitter.com/hashtag/awswishlist" target="_blank">#awswishlist</a> fulfilled 🥹 Thank you soo much to the Step Functions crew - you have made my day! <a href="https://t.co/4beNXXElqv" target="_blank">aws.amazon.com/about-aws/what…</a> • People are going to love bringing up this tweet when we inevitably will have no choice but to use Kubernetes • Come join my excellent team in Seattle, WA! We love making new friends. • AWS IP Ranges increase of 4,718,592 IPs • Announcing new AWS IAM Identity Center APIs to manage users and groups at scale • Since S3 charges by request, couldn't a malicious hacker cause a huge AWS bill just by spamming requests? • Just another reminder of the importance of not hard coding credentials • Find Risky Security Groups Fast in AWS! | by Ash Moran | Sep, 2022 - Medium • Aqua Security becomes AWS Security Competency partner - iTWire