0xdabbad00/gist:470d535522d4bc8233aa304c196c4a13

## gistfile1.txt
[{
      "version": "1",
      "type": "UPDATED_FINDINGS",
      "featureDetails": [{
        "featureDescription": "Changes to Amazon GuardDuty finding type 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration'. We are notifying you of a change to the name and behavior of the Amazon GuardDuty finding 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration' that will take effect on September 6, 2021. We are making these changes to improve the accuracy of this finding type, and in preparation for the upcoming release of a new Amazon GuardDuty finding type. These changes will take affect in all Amazon GuardDuty supported AWS regions. The finding type name 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration' will be replaced with the name 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS'. The renamed finding type 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS' will improve the accuracy of the existing finding type by learning the remote networks that instance credentials associated with your AWS account are used from. Once GuardDuty learns the expected behavior, it will only generate an alert if the remote network the EC2 instance credentials are used from is unusual for your account. If you have set up any downstream automation using the existing finding name, you should add similar automation based on the new finding name ahead of the changes on September 6, 2021. This update will also be sent via email to GuardDuty administrator accounts. If you have any questions about this upcoming change, please reach out to AWS Support, https://console.aws.amazon.com/support/home#/",
        "featureLink": "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-instancecredentialexfiltration"
      }]
    },
    {
      "version": "1",
      "type": "NEW_FEATURE",
      "featureDetails": [{
        "featureDescription": "Changes to Amazon GuardDuty Service Linked Role (SLR). We are notifying you of changes to the Amazon GuardDuty SLR. These changes are have been made in preparation for the upcoming release of a new Amazon GuardDuty finding type. The following new permissions have been added to the Amazon GuardDuty SLR: ec2:DescribeVpcEndpoints, ec2:DescribeSubnets, ec2:DescribeVpcPeeringConnections, ec2:DescribeTransitGatewayAttachments. This update will also be sent via email to GuardDuty administrator accounts. If you have any questions about this upcoming change, please reach out to AWS Support, https: //console.aws.amazon.com/support/home#/",
        "featureLink": "https://docs.aws.amazon.com/guardduty/latest/ug/using-service-linked-roles.html"
      }]
    }]
	[{
	"version": "1",
	"type": "UPDATED_FINDINGS",
	"featureDetails": [{
	"featureDescription": "Changes to Amazon GuardDuty finding type 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration'. We are notifying you of a change to the name and behavior of the Amazon GuardDuty finding 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration' that will take effect on September 6, 2021. We are making these changes to improve the accuracy of this finding type, and in preparation for the upcoming release of a new Amazon GuardDuty finding type. These changes will take affect in all Amazon GuardDuty supported AWS regions. The finding type name 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration' will be replaced with the name 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS'. The renamed finding type 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS' will improve the accuracy of the existing finding type by learning the remote networks that instance credentials associated with your AWS account are used from. Once GuardDuty learns the expected behavior, it will only generate an alert if the remote network the EC2 instance credentials are used from is unusual for your account. If you have set up any downstream automation using the existing finding name, you should add similar automation based on the new finding name ahead of the changes on September 6, 2021. This update will also be sent via email to GuardDuty administrator accounts. If you have any questions about this upcoming change, please reach out to AWS Support, https://console.aws.amazon.com/support/home#/",
	"featureLink": "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-instancecredentialexfiltration"
	}]
	},
	{
	"version": "1",
	"type": "NEW_FEATURE",
	"featureDetails": [{
	"featureDescription": "Changes to Amazon GuardDuty Service Linked Role (SLR). We are notifying you of changes to the Amazon GuardDuty SLR. These changes are have been made in preparation for the upcoming release of a new Amazon GuardDuty finding type. The following new permissions have been added to the Amazon GuardDuty SLR: ec2:DescribeVpcEndpoints, ec2:DescribeSubnets, ec2:DescribeVpcPeeringConnections, ec2:DescribeTransitGatewayAttachments. This update will also be sent via email to GuardDuty administrator accounts. If you have any questions about this upcoming change, please reach out to AWS Support, https: //console.aws.amazon.com/support/home#/",
	"featureLink": "https://docs.aws.amazon.com/guardduty/latest/ug/using-service-linked-roles.html"
	}]
	}]