Paper outlining the best practices and available services for creating a perimeter around your identities, resources, and networks in AWS.

A walkthrough of security controls for a serverless architecture via a demo application.

An interesting resource which aims to provide a maturity model tailored to AWS.

A walkthrough on how to sign AWS Lambda function code built with GitHub Actions.

Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them.

This article explores a few tools that use AWS logs to help you create least privilege policies. Getting to the right policies can be an ongoing game of whack-a-mole and no tool can generate perfect policies with no effort. They all require you to put thought into your approach and do last-mile tweaking but they can help with the toil.

To reduce debt, reduce image complexity not size.

A thorough examination of Google Cloud Platform's (GCP) storage service, how to access buckets, and how to make sure your buckets are configured as intended.

A reading list for software supply-chain security.

Orca Security issued a security advisory to address hazards in the use of the Microsoft Azure Synapse service. It is believef the tenant separation in this service is insufficiently robust to protect secrets against other tenants.

A tool to bring existing Azure resources under Terraform's management.

A GCP resource scanner that can help determine what level of access certain credentials posses on GCP.

A sidecar app which clones a git repo and keeps it in sync with the upstream.

Move Kubernetes PVCs between Storage Classes and Namespaces.

NitroTPM and Secure Boot are now available to use in all AWS Regions outside of China, including the AWS GovCloud (US) Regions.

You can now designate a member account in AWS Organizations to manage AWS SSO, helping you follow best practices by reducing the need to use your management account to administer AWS SSO.

How the new condition keys can be part of a wider security strategy to create a perimeter around your data.

Three new managed data identifiers have been added to Amazon Macie to expand its capabilities for discovering and identifying the locations of HTTP Basic Authentication Headers, HTTP Cookies, and JSON Web Tokens present in S3.

An overview of the new GuardDuty EKS Protection feature, helping understand, operationalize, and respond to these new findings.

Google Cloud, Project Zero, and AMD collaborated for several months to conduct a detailed review of the technology that powers Confidential Computing.