CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
The re:Invent edition As you **might** have heard, AWS re:Invent happened this past week. As a consequence, this issue of CloudSecList will be focused on the recent announcements that came out of it.
Sponsor
Gaining Full Visibility into the Security of Multi-Cloud Environments Cloud security requires complete knowledge of your environment—and denying your adversaries discovery of that knowledge. Learn how Red Ventures (CNET; ZDNet; Bankrate) used Fugue to gain immediate and full visibility into the security posture of their environment that spans multiple clouds and hundreds of accounts. This session will cover using Open Policy Agent, the open source standard for policy as code, for cloud security from infrastructure as code through the runtime. Register Here
This workshop takes you through some of the best practices and available AWS services and features for creating a boundary around your resources in AWS.
This workshop explores how to codify a set of rules that make up a policy, use a DevSecOps workflow to quickly address policy issues, and redeploy a policy compliant workload.
You can now use AWS Control Tower to deploy data residency preventive and detective controls, referred to as guardrails. These guardrails will prevent provisioning resources in unwanted AWS Regions by restricting access to AWS APIs through service control policies (SCPs) built and managed by AWS Control Tower.
The new Amazon Inspector is a vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure.
AWS announced the public preview of AWS Backup for Amazon S3. You can now create a single policy in AWS Backup to automate the protection of application data stored in S3.
Amazon VPC IP Address Manager (IPAM) is a new feature that makes it easier for you to plan, track, and monitor IP addresses for your AWS workloads. With IPAM's automated workflows, network administrators can more efficiently manage IP addresses.
You can now provide one-click login access to Amazon EC2 Windows instances using identities from AWS SSO, or AWS SSO supported identity providers such as Okta, Ping & OneLogin.
The security foundations blueprint automation repo contains Terraform code that implements the best practices discussed in the security foundations guide.
Microsoft announced the public preview of a Microsoft managed service that lets you use AKV as secrets management solution for Azure Arc enabled Kubernetes cluster.
Microsoft announced the public preview of Microsoft Azure Active Directory (Azure AD) custom security attributes and user attributes in ABAC (Attribute Based Access Control).
Thanks for reading!
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌