Release Date: 23/01/2022 | Issue: 121
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

The State of Cloud Native Security Report 2022
Prisma Cloud by Palo Alto Networks surveyed over 3,000 security and DevOps leaders about their cloud adoption strategies, budgets, experiences, and plans. The results are dissected in this yearly report, where readers can learn about the practices, tools, and technologies used to implement and secure cloud workloads.
Download your copy of the report today for the latest cloud adoption and security trends for 2022 and beyond!

This week's articles


Securing GitHub organizations
If your security team is concerned about supply chain risk, it's a good idea to look at your GitHub settings. GitHub describes several security features and best practices in their documentation for account security and organization security, but this post goes beyond the documentation. It's a step-by-step process for securing your GitHub organization.   #ci/cd   #defend   #supply-chain


Vulnerable AWS Lambda function - Initial access in cloud attacks
How a vulnerable AWS Lambda function could be used by attackers, and some best practices to mitigate these attacks.   #attack   #aws


10 real-world stories of how we've compromised CI/CD pipelines
Some of war stories from NCC about what they have observed and been able to demonstrate on CI/CD pipeline security assessments, clearly showing why there is the saying, "they are execution engines"   #attack   #ci/cd


Creating your first GCP Organization
A walk-through for anyone who hasn't yet created their first Google Identity domain for experimentation in GCP.   #explain   #gcp


Tracing the path of network traffic in Kubernetes
Learn how packets flow inside and outside a Kubernetes cluster. Starting from the initial web request and down to the container hosting the application.   #explain   #kubernetes


GitHub Actions - Update on OIDC based deployments to AWS
If you use OIDC to deploy from Github Action to AWS, update the trusted thumbprint!   #aws   #build   #ci/cd


Terraform Dynamic IAM Policy Construction
An intuitive, easy way to build IAM policy docs in a "constructor" pattern using Terraform.   #explain   #iam   #terraform

Tools


citizen
A Private Terraform Module Registry.


aws-root-account
Terraform for the UK Ministry of Justice AWS root account.


lobster-pot
Scans every git push to your Github organisations to find unwanted secrets.


RAUDI
A repo to automatically generate and keep updated a series of Docker images through GitHub Actions.

From the cloud providers


#AWS   Top 10 security best practices for securing backups in AWS
Implement a backup strategy, Incorporate backup in DR and BCP, Automate backup operations, Implement access control mechanisms, Encrypt backup data and vault, and more.


#AWS   Continuous compliance monitoring using custom audit controls and frameworks with AWS Audit Manager
How to leverage AWS Audit Manager to create a tailored audit framework to continuously evaluate your organization's AWS infrastructure against the relevant industry compliance requirements your organization needs to adhere to.


#AWS   AWS Trusted Advisor now integrates with AWS Security Hub
AWS Trusted Advisor adds 111 checks automatically ingested from AWS Security Hub's Foundational Security Best Practices.


#GCP   Cloud HSM architecture
Whitepaper providing an overview of Google's Cloud HSM architecture.


#AZURE   Announcing Azure Active Directory (Azure AD) workload identity for Kubernetes
Microsoft announced an open-source project called Azure AD workload identity for Kubernetes. It leverages the public preview capability of Azure AD workload identity federation. With this project, developers can use native Kubernetes concepts of service accounts and federation to access Azure AD protected resources, such as Azure and Microsoft Graph, without needing secrets.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini