(This is just the highlight of Issue 70 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-70 << Subscribe to receive the full version in your inbox weekly for free!!)

What happened in AWS CloudSecurity last week November 05 - November 12, 2024?

• AWS Security Hub has released 7 new security controls, increasing the total number of controls offered to 437.
• Starting October 25, 2024, all requests blocked by AWS WAF on Amazon CloudFront will be free of charge. This means you won’t be billed for request or data transfer fees for any requests that AWS WAF blocks. No changes to applications are required, and this update automatically applies to all CloudFront distributions using AWS WAF.
• Amazon Verified Permissions has introduced a new API batchGetPolicies, allowing you to retrieve multiple policies with a single API call. This is especially useful for populating a list of policies that apply to a specific principal or resource.
• AWS IAM now offers support for AWS PrivateLink in the AWS GovCloud (US) Regions, allowing you to establish a private connection between your Virtual Private Cloud (VPC) and IAM and reducing reliance on public internet connectivity.
• (Finally!!) AWS IAM Identity Center (SSO) now supports permission set search, allowing you to filter permission sets by their names (ie using any substring search).
• Amazon EC2 now offers Microsoft Windows Server 2025 with License Included (LI) Amazon Machine Images (AMIs).
• Amazon QuickSight is supports Client Credentials flow-based OAuth via API/CLI for connecting to Snowflake & Starburst data sources.
• AWS Lambda now supports native capture of application logs in a JSON structured format for Lambda functions running on the .NET managed runtime. The JSON format organizes logs as key-value pairs, making it easier to search, filter, and analyze large volumes of logs. This enhancement helps you efficiently troubleshoot issues and gain insights into the performance of your Lambda functions.