Issue 71 of AWS Cloud Security Weekly

(This is just the highlight of Issue 70 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-70 << Subscribe to receive the full version in your inbox weekly for free!!)

What happened in AWS CloudSecurity last week November 12 - November 19, 2024?

• AWS introduced Resource Control Policies (RCPs) in AWS Organizations which allows centrally defining a data perimeter across AWS environment. With RCPs, you can efficiently restrict external access to your AWS resources at scale. For now, RCPs support Amazon S3, STS, KMS, SQS & AWS Secrets Manager.
• AWS Identity and Access Management (IAM) Access Analyzer's unused access findings now allows excluding specific accounts, roles, or users from the analysis, saving costs and allowing more narrowed scope.
• AWS Identity and Access Management (IAM) introduced new capability that enables you to centrally manage root credentials from the AWS Organizations Management account. Administrators can now remove unnecessary root credentials for member accounts & use temporary credentials to perform specific privileged actions.
• AWS introduced Amazon Route 53 Resolver DNS Firewall Advanced, an enhanced set of capabilities that enables you to monitor and block suspicious DNS traffic linked to advanced DNS threats, such as DNS tunneling and Domain Generation Algorithms (DGAs). Route 53 Resolver DNS Firewall already helped block DNS queries for domains with low reputations or those suspected of being malicious, while allowing queries for trusted domains. With DNS Firewall Advanced, you can now implement additional protections that monitor and block DNS traffic in real-time based on anomalies detected in the domain names being queried from your VPCs.
• The AWS Command Line Interface (AWS CLI) v2 now supports OAuth 2.0 authorization code flows with the Proof Key for Code Exchange (PKCE) standard, which is a secure method for obtaining credentials to execute AWS CLI commands.
• Important changes to CloudTrail events for AWS IAM Identity Center (AWS SSO): Starting January 13, 2025, IAM Identity Center will no longer include the userName and principalId fields in the user identity element of CloudTrail events. These fields will be removed from events triggered when users sign in to IAM Identity Center, use the AWS access portal, or access AWS accounts via the AWS CLI. Instead, IAM Identity Center will provide the userId and the Identity Store Amazon Resource Name (ARN) fields, which will replace the userName and principalId fields, simplifying the identification process.