The Cloud Security Championship organized by Wiz has launched its first challenge. Over the next 12 months, they will be publishing different challenges, each prepared by one of their researchers.
This first challenge is called Perimeter Leak and tells us that we must find a secret in an S3 bucket.
aws-root-manager: Manage AWS root access in your organizationIn AWS, managing root credentials has always been a friction point for organization administrators. Every time a new account was created, we had to configure MFA for root access following best practices and the maturity model. However, enabling MFA is a manual step, and with AWS Organizations, this problem scaled. We could ignore it, apply an SCP to block actions performed with the root user, and deal with the failed check reported by all security tools.
In 2023, AWS announced that MFA would become mandatory, and the time is near. On March 24, 2025, registering an MFA will be required when using the root user.
To address this issue, on November 15, 2024, AWS announced a new feature that allows centralized root access management within an organization without having to manually intervene in each account. However, if we have a large number of accounts, performing the actions one by one is not the most convenient approach.
To simplify this management, we have created aws-root-manager , a tool that efficiently and automatically manages the state of root credentials across all accounts in an organization.
Did you think we had forgotten about the IAM series? Well, you were right. Sorry for the delay, but here we are again.
Today, we are going to talk about Amazon Simple Notification Service (SNS).
Info
Remember that if you want to try the examples we are presenting, check out our repo .
We have prepared the different scenarios in Terraform .