Issue 68 of AWS Cloud Security Weekly

(This is just the highlight of Issue 68 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-68 << Subscribe to receive the full version in your inbox weekly for free!!)

What happened in AWS CloudSecurity last week October 22- October 29, 2024?

• EC2 Image Builder now includes support for the Apple macOS operating system, enabling you to use macOS as base images in the image pipelines. Previously, you had to manually build up-to-date macOS images or rely on separate tools. EC2 Image Builder supports the latest x86 and ARM64 macOS images available for EC2 Mac instances and offers automatic updates.
• AWS IAM Identity Center now allows a single identity context to propagate user identities when accessing AWS services. Previously, you needed to use two separate IAM role sessions to call AWS services: one for user-authorized services and another for services that only logged user identities for auditing purposes. With this update, you can now use a single IAM role session with sts:identity_context to call any AWS service. In trusted identity propagation scenarios, AWS services use this identity context to authorize user access directly. For services not in a trusted identity propagation setup, resource access remains authorized via IAM roles. Additionally, AWS services using CloudTrail event version 1.09 or higher now log IAM Identity Center userId in their logs, including within the OnBehalfOf element in Amazon CloudTrail logs.
• AWS Firewall Manager now allows you to centrally create policies for AWS WAF, adding baseline rule sets to existing WAF WebACLs associated with the resources. With these policies, you can add first and last rule groups, or set a centralized logging destination for existing WebACLs, while keeping custom rule sets unchanged. By enabling the “retrofit” option on a Firewall Manager WAF policy, you can centrally define baseline protection that applies to resources protected by WAF and is enforced by the WebACLs already in place. This allows you to quickly deploy standard WAF rules across all web applications, regardless of the timing—whether before, during, or after a security event—without disrupting existing WAF configurations, including those with application-specific rules or integrated into infrastructure-as-code (IaC) pipelines.