(This is just the summary of Issue 41 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-41 << Subscribe for FREE to receive the full version in your inbox weekly).

What happened in AWS CloudSecurity & CyberSecurity last week April 15-April 22, 2024?

• AWS IAM Identity Center administrators can now set session durations for Amazon CodeWhisperer independently from other IAM Identity Center-integrated applications and the AWS access portal. This allows users of Amazon CodeWhisperer to work in their integrated development environments (IDEs) for up to 90 days without the need to re-authenticate. Previously, the session durations for CodeWhisperer in the IDE had to match those of other IAM Identity Center-integrated applications and the AWS access portal, typically ranging from 15 minutes to 90 days.
• AWS Identity and Access Management (IAM) Roles Anywhere now lets you set up mapping rules to define which information is extracted from your X.509 end-entity certificates. These mapped details, known as attributes, are used as session tags in IAM policy conditions to allow or deny permissions. Attributes can be extracted from the subject, issuer, or subject alternative name (SAN) fields in the X.509 certificate. By default, all relative distinguished names (RDNs) from the certificate's subject and issuer are mapped, along with the first value of the domain name system (DNS), directory name (DN), and uniform resource identifier (URI) from the certificate's SAN. This new feature allows you to create a custom set of mapping rules and select only a subset of these certificate attributes that suit your business needs. This customization reduces the size and complexity of the tags used in authorization policies. The mapped attributes are linked to your profile. You can define these mapping rules using the put-attribute-mapping or delete-attribute-mapping APIs via the IAM Roles Anywhere console, AWS SDKs, or AWS CLI.

Trending on the news & advisories (Subscribe to the newsletter for details):

• SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue.
• PuTTY SSH client flaw allows recovery of cryptographic private keys. Link.
• Orca- LeakyCLI: AWS and Google Cloud Command-Line Tools Can Expose Sensitive Credentials in Build Logs.
• Lacework, last valued at $8.3B, is in talks to sell for just $150M to $200M, say sources.
• UnitedHealth to take up to $1.6 billion hit this year from Change hack.
• MITRE Response to Cyber Attack in One of Its R&D Networks.
• CISA Announces Winners of the 5th Annual President’s Cup Cybersecurity Competition. Link.