AWS deep-dive

Weekly digests and topic deep-dives across IAM, security, what's-new, and the AWS toolchain. Auto-collected from public RSS and GitHub release feeds; scored by freshness, keyword match, source weight, and severity.

iam

178 items

latest: weekly/2026-W20

security

56 items

latest: daily/2026-05-17

whats-new

170 items

latest: daily/2026-05-17

releases

117 items

latest: daily/2026-05-17

items per ISO week · all tracks

16 weeks

pipeline

1. collect RSS + GH releases
2. normalize, dedupe by URL hash
3. score (freshness · kw · source · severity)
4. emit daily + weekly Markdown
5. Astro rebuilds this site on push

top items across all tracks

v2.254.0 [releases] github:aws/aws-cdk 2026-05-13 score 10.54

### ⚠ BREAKING CHANGES * ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed: aws-elasticache: AWS::ElastiCache::CacheCluster: Id attribute removed. aws-sagemaker: AWS::SageMaker::Model: Id attribute removed. aws-vpclattice: AWS::VpcLatt
v2.241.0 [releases] github:aws/aws-cdk 2026-03-02 score 10.01

### ⚠ BREAKING CHANGES * ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed: aws-codedeploy: AWS::CodeDeploy::DeploymentGroup: Id attribute removed. ### Features * update L1 CloudFormation resource definitions ([#37103](https://github
v2.251.0 [releases] github:aws/aws-cdk 2026-04-24 score 9.40

### ⚠ BREAKING CHANGES * ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed: aws-elasticloadbalancing: AWS::ElasticLoadBalancing::LoadBalancer: SourceSecurityGroup attribute removed. aws-elasticloadbalancing: AWS::ElasticLoadBalancing::
v2.250.0 [releases] github:aws/aws-cdk 2026-04-14 score 9.19

### ⚠ BREAKING CHANGES * ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed: aws-emr: AWS::EMR::Cluster: MonitoringConfiguration property removed. aws-emr: AWS::EMR::Cluster: CloudWatchLogConfiguration type removed. aws-emr: AWS::EMR::C
v2.249.0 [releases] github:aws/aws-cdk 2026-04-13 score 9.18

### ⚠ BREAKING CHANGES * L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed: aws-appstream: AWS::AppStream::Stack: Id attribute removed. aws-appsync: AWS::AppSync::GraphQLApi: LogConfig.CloudWatchLogsRoleArn property is now required. aws-a
Fragnesia Local Privilege Escalation report via ESP-in-TCP in the Linux Kernel [security] rss:aws-security-bulletins 2026-05-14 score 9.15

Bulletin ID: 2026-029-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 05/13/2026 18:45 PM PDT This is an ongoing issue. Information is subject to change. Please refer to our Security Bulletin (ID: 2026-030-AWS) for the most updated patching information. Description: Amazon is aware of CVE-2026-46300, a report of an additional privilege escalation issue in the Linux kernel related to the DirtyFrag, copy.fail class of issues (CVE-2026-43284). The proof of concept uses
v2.247.0 [releases] github:aws/aws-cdk 2026-04-02 score 9.08

### ⚠ BREAKING CHANGES * ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed: aws-bedrockagentcore: AWS::BedrockAgentCore::OnlineEvaluationConfig: ExecutionStatus attribute removed. aws-appstream: AWS::AppStream::ImageBuilder: Name prope
v2.242.0 [releases] github:aws/aws-cdk 2026-03-10 score 9.02

### ⚠ BREAKING CHANGES * ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed: - **aws-ssm**: AWS::SSM::MaintenanceWindow: Id attribute removed. ### Features * **core:** support `PropertyMergeStrategy` to merge arbitrary CFN property
CVE-2026-31431 [security] rss:aws-security-bulletins 2026-05-07 score 8.45

Bulletin ID: 2026-026-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/05/06 17:30 PM PDT Description: Amazon is aware of an issue in the Linux kernel (CVE-2026-31431) that could potentially allow an authenticated local user to escalate privileges. With the exception of the services listed below, AWS customers are not affected. See below for specific guidance on affected services. As a best practice, AWS recommends that you apply all security patches and softwar
Issues in tough library and tuftool CLI utility [security] rss:aws-security-bulletins 2026-04-24 score 7.89

Bulletin ID: 2026-019-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/24 13:30 AM PDT Description: Multiple security issues have been identified in the tough library and tuftool CLI utility. tough is a Rust library used for generating, signing, and managing TUF (The Update Framework) repositories, and tuftool is the command-line interface for repository management Operations. The following issues have been identified: - CVE-2026-6966 - CVE-2026-6967 - CVE-20
CVE-2026-6550 - Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python [security] rss:aws-security-bulletins 2026-04-20 score 7.80

Bulletin ID: 2026-017-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/20 12:45 PM PDT Description: AWS Encryption SDK (ESDK) for Python is a client-side encryption library. We identified CVE-2026-6550, which describes an issue with a key commitment policy bypass via shared key cache. Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local t
CVE-2026-8686 - Heap out-of-bounds read in coreMQTT MQTT5 property parsing [security] rss:aws-security-bulletins 2026-05-15 score 7.76

Bulletin ID: 2026-032-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 05/15/2026 11:45 AM PDT Description: coreMQTT is a lightweight MQTT client library for embedded devices. We identified CVE-2026-8686, an issue where missing bounds validation in the MQTT v5.0 SUBACK and UNSUBACK property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service (crash via heap out-of-bounds read) by sending a crafted packet. Impacted versions: v5.0.0 Pleas