Issue #85
Monday · September 26, 2022
π₯ AWS security blogs
- Announcing an update to IAM role trust policy behavior β AWS Identity and Access Management (IAM) is changing an aspect of how role trust policy evaluation behaves when a role assumes itself. Previously, roles implicitly trusted themselves from a role trust policy perspective if they had identity-based permissions to assume themselves. After receiving and considering feedback from customers on this β¦
- AWS achieves its second ISMAP authorization in Japan β Earning and maintaining customer trust is an ongoing commitment at Amazon Web Services (AWS). Our customersβ security requirements drive the scope and portfolio of the compliance reports, attestations, and certifications we pursue. Weβre excited to announce that AWS has achieved authorization under the Information System Security Management and Assessment Program β¦
- Sign Amazon SNS messages with SHA256 hashing for HTTP subscriptions β Amazon Simple Notification Service (Amazon SNS) now supports message signatures based on Secure Hash Algorithm 256 (SHA256) hashing. Amazon SNS signs the messages that are delivered from your Amazon SNS topic so that subscribed HTTP endpoints can verify the authenticity of the messages. In this blog post, we will show β¦
π Reddit threads on r/aws
π Newsletters
π Top Links from Security Folks
- Announcing an update to IAM role trust policy behavior | Amazon Web Services β AWS Identity and Access Management (IAM) is changing an aspect of how role trust policy evaluation behaves when a role assumes itself. Previously, roles implicitly β¦
π "AWS Security" on Google News
π§ IAM permission changes
- iotfleetwise: 5 new actions, 3 new conditions | 8 updated actions, 6 updated resources β 5 new actions: GetLoggingOptions (Grants permission to get the logging options for the AWS account), ListTagsForResource (Grants permission to list tags for a resource), PutLoggingOptions (Grants permission to put the logging options for the AWS account), TagResource (Grants permission to add tags to a resource), UntagResource (Grants permission to remove β¦
- ssm: 5 updated actions, 1 updated resource β 5 updated actions: UpdateInstanceInformation (resources), AddTagsToResource (resources), CreateAssociation (conditions), ListTagsForResource (resources), RemoveTagsFromResource (resources); 1 updated resource: association (conditions)
- comprehend: 2 new actions | 2 updated actions β 2 new actions: BatchDetectTargetedSentiment (Grants permission to detect the sentiments associated with specific entities (such as brands or products) within the given list of text documents), DetectTargetedSentiment (Grants permission to detect the sentiments associated with specific entities (such as brands or products) in a document); 2 updated actions: TagResource (resources), β¦
πͺ API changes
- AWS App Runner - 6 updated methods β AWS App Runner adds a Node.js 16 runtime.
- Amazon Elastic Compute Cloud - 3 updated methods β Letting external AWS customers provide ImageId as a Launch Template override in FleetLaunchTemplateOverridesRequest
- Amazon Lightsail - 1 new 88 updated methods β This release adds Instance Metadata Service (IMDS) support for Lightsail instances.
- Amazon Lex Model Building V2 - 7 updated methods β This release introduces additional optional parameters promptAttemptsSpecification to PromptSpecification, which enables the users to configure interrupt setting and Audio, DTMF and Text input configuration for the initial and retry prompt played by the Bot
