Category: Security, Identity, & Compliance

AWS introduces Attribute-Based Access Control (ABAC) for S3 general purpose buckets, enabling administrators to automatically manage permissions through tag-based policies that match tags between users, roles, and buckets—eliminating the need to constantly update IAM policies as organizations scale.

AWS IAM now enables outbound identity federation, allowing developers to securely authenticate AWS workloads with external services using short-lived JSON Web Tokens instead of storing long-term credentials like API keys and passwords.

AWS Control Tower now offers Control Only Experience, enabling faster governance setup for established multi-account environments by providing access to AWS managed controls without requiring a full landing zone implementation.

Gain control over encryption and comply with regulations using customer-managed keys for AWS IAM Identity Center’s user data and passwords.

To be honest, I’m still recovering from the AWS Summit in New York, doing my best to level up on launches like Amazon Bedrock AgentCore (Preview) and Amazon Simple Storage Service (S3) Vectors. There’s a lot of new stuff to learn! Meanwhile, it’s been an exciting week for AWS builders focused on reliability and observability. […]

Expanded Amazon GuardDuty Extended Threat Detection for EKS clusters uses proprietary correlation algorithms to identify sophisticated multi-stage attack sequences across Kubernetes audit logs, container runtime behaviors, and AWS API activities through a new critical severity finding type: AttackSequence:EKS/CompromisedCluster.

AWS Security Hub has been enhanced with new capabilities that integrate multiple AWS security services to automatically discover resources, evaluate risks, analyze attack paths, and provide AI-assisted recommendations, helping security teams prioritize critical issues and respond to threats at scale with improved visualization and remediation guidance.

Multi-party approval for AWS Backup logically air-gapped vaults enables organizations to recover their backup data even when their AWS account is compromised, by creating approval teams of trusted individuals who can authorize vault sharing with a recovery account through a separate authentication path.