Free AWS Security Whitepaper
    Toc Consulting Logo
    WEEK 102026-03-03 - 2026-03-09
    1 high1 medium2 info

    Week 10 - Mar 3-9, 2026

    Amazon Bedrock AgentCore Policy GA uses Cedar for natural-language agent controls. AWS simplifies IAM role creation with inline panels. DESC 2026 certification audit completed for Middle East (UAE).

    Highlights

    $ tail -f /var/log/aws-security.log

    Amazon Bedrock AgentCore Policy GA - Cedar-Based Agent Controls

    FEATURE LAUNCH

    Centralized, fine-grained controls for agent-to-tool interactions are now generally available. Policies are authored in natural language and converted to Cedar (the open-source authorization language by AWS). Operates outside agent code, enabling security teams to constrain AI agent behavior without modifying application logic. Available in 13 AWS Regions.

    BedrockCedar
    AWS What's NewAWS News BlogThe New Stack

    AWS Simplifies IAM Role Creation in Service Workflows

    SERVICE UPDATE

    New inline panel for creating and customizing IAM roles directly within service workflows (EC2, Lambda, EKS, ECS, Glue, CloudFormation, etc.) without switching to the IAM console. Reduces context-switching and helps developers create roles with appropriate permissions from within their service context.

    IAM
    AWS What's New
    SECURITY CARD: IAM Security Card

    AWS Completes DESC 2026 Certification Audit (UAE)

    COMPLIANCE

    AWS renewed Tier 1 CSP certification from Dubai Electronic Security Centre for the Middle East (UAE) Region. Valid to January 22, 2027. Now covers 108 services (10% increase from previous year). Validated by BSI.

    Compliance
    AWS Security Blog

    February AWS Permissions Recap: GenAI Supply Chain Risk

    THREAT INTEL

    Security Boulevard analysis showed February's AWS permission expansion pivoted from core infrastructure to GenAI supply chain, with new fine-tuning capabilities in the Bedrock ecosystem shifting risk from data access to model behavior influence. Worth reviewing if you manage IAM policies for ML teams.

    IAMBedrock
    Security Boulevard

    Key Takeaway

    $ cat WEEKLY_SUMMARY.md

    Bedrock AgentCore Policy is a significant security primitive for the AI agent era. Instead of trusting agents to behave, you define constraints in Cedar that operate outside the agent's code. This is defense in depth applied to AI - the agent cannot circumvent policies it does not control.

    BedrockAgentCoreCedarIAMDESCComplianceGenAI
    Previous
    Week 9 - Feb 24 - Mar 2, 2026
    Next
    Week 11 - Mar 10-15, 2026

    Need Custom Security Briefings?

    These weekly digests are a starting point. Contact us for tailored threat briefings, security assessments, and architectural guidance for your AWS environment.

    All DigestsGet in Touch