AWS Security Digest #260 -

The Copy Fail vulnerability (CVE‑2026‑31431) exploits a tiny Python script to gain root on a wide range of Linux kernels released over the last eight years. Because the exploit leaves no trace on disk, traditional file‑integrity tools often miss it, making rapid mitigation critical. AWS responded with security bulletin 2026‑026 and rolled out five AL2023 live‑patches that can be applied without reboot, buying customers time while they schedule full kernel updates. This approach underscores the growing importance of live‑patch technology in cloud environments where uptime is paramount.

Concurrently, AWS announced a sweeping increase in IAM quotas, lifting the cap on roles, instance profiles and customer‑managed policies from 5,000 to 10,000 per account. More strikingly, the limit for OIDC identity providers jumped seven‑fold to 700. The expansion suggests a strategic shift toward federated authentication, reducing reliance on long‑lived access keys that are prone to leakage. Enterprises can now scale OIDC‑based workloads—such as containerized micro‑services or AI agents—without hitting provider limits, facilitating tighter security postures through short‑lived tokens and centralized identity governance.

For organizations running large, heterogeneous EC2 fleets, the dual announcements carry actionable implications. Managed services like Bottlerocket and EKS managed node groups receive streamlined update paths, but self‑managed instances remain vulnerable until operators manually apply the live‑patches or reboot. Proactive patch management, combined with the newly available IAM capacity, enables firms to adopt more granular, least‑privilege policies and to transition legacy workloads to OIDC‑backed access models, ultimately strengthening their overall cloud security architecture.