Policies

Update from: 2021-12-23 Official Security bulletin from AWS AWSSupportServiceRolePolicy Informational Update https://aws.amazon.com/security/security-bulletins/AWS-2021-007/ You will find below details about the security incident that led to this unattended access for millions of AWS customers. On 22nd December 2021, AWS deployed a new version (v20) of AWSSupportServiceRolePolicy, used by a mandatory role AWSServiceRoleForSupport for AWS Support access to all AWS Accounts. In this policy, they added the action s3:getObject, which gives AWS Support teams access to all customer Amazon S3 data. ...

This article was originally posted in September 2019. Updated in February 2020. Disclaimer Thanks to @0xdabbad00 from SummitRoute for the original idea and jq parsing. Purpose When your production workloads rely on AWS IAM Managed Policies (don’t do this), you will need to be notified when changes occur behind the scenes. It’s also interesting to monitor new AWS service releases ahead of the announcements to get spoiled. This pet project automates the retrieval (every 4 hours) of new AWS Managed IAM Policies to make it easier to monitor and get alerted when changes occur (by AWS), using the “Watch” feature on GitHub, RSS or a dedicated Twitter Account. ...