Release Date: 15/05/2022 | Issue: 137
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

New eBook: Reinventing Cybersecurity from JupiterOne Press
In this collection of stories, 19 cybersecurity experts offer a unique look at the industry that addresses the technical, interpersonal, and strategic aspects of their work. Whether you’re new to the security industry or a long time veteran, these stories are sure to inspire as they reveal the new age of building career pipelines and developing the craft of cybersecurity.
Download your copy today

This week's articles

Building a Data Perimeter on AWS   #aws, #defend, #design
Paper outlining the best practices and available services for creating a perimeter around your identities, resources, and networks in AWS.

Security reference architecture for a serverless application   #aws, #defend, #design
A walkthrough of security controls for a serverless architecture via a demo application.

Complete AWS Security Maturity Model   #aws, #design
An interesting resource which aims to provide a maturity model tailored to AWS.

GitHub Actions signing Lambda code   #aws, #build, #ci/cd
A walkthrough on how to sign AWS Lambda function code built with GitHub Actions.

Securing AWS Lambda function URLs   #aws, #defend
Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them.

Tools That Use AWS Logs to Help with Least Privilege   #aws, #build
This article explores a few tools that use AWS logs to help you create least privilege policies. Getting to the right policies can be an ongoing game of whack-a-mole and no tool can generate perfect policies with no effort. They all require you to put thought into your approach and do last-mile tweaking but they can help with the toil.

Image sizes miss the point   #build, #containers
To reduce debt, reduce image complexity not size.

How many of your GCP buckets are publicly accessible? It might be more than you think...   #defend, #gcp
A thorough examination of Google Cloud Platform's (GCP) storage service, how to access buckets, and how to make sure your buckets are configured as intended.

A reading list for software supply-chain security.

Azure Synapse Security Advisory - Orca Security   #attack, #azure
Orca Security issued a security advisory to address hazards in the use of the Microsoft Azure Synapse service. It is believef the tenant separation in this service is insufficiently robust to protect secrets against other tenants.


A tool to bring existing Azure resources under Terraform's management.

A GCP resource scanner that can help determine what level of access certain credentials posses on GCP.

A sidecar app which clones a git repo and keeps it in sync with the upstream.

Move Kubernetes PVCs between Storage Classes and Namespaces.


FIND, FOCUS, and FIX the Cloud Threats that Matter
Industry experts from Accenture, AWS, Expel, Snyk, and Sysdig will join SANS experts on June 14 at 2pm ET for an insightful exchange of cloud native security best practices, tips and recommendations.
Register Now

From the cloud providers

AWS Icon  Amazon EC2 Now Supports NitroTPM and UEFI Secure Boot
NitroTPM and Secure Boot are now available to use in all AWS Regions outside of China, including the AWS GovCloud (US) Regions.

AWS Icon  Administer AWS Single Sign-On from a delegated member account in your organization
You can now designate a member account in AWS Organizations to manage AWS SSO, helping you follow best practices by reducing the need to use your management account to administer AWS SSO.

AWS Icon  Establishing a data perimeter on AWS
How the new condition keys can be part of a wider security strategy to create a perimeter around your data.

AWS Icon  Amazon Macie adds support for discovering more types of sensitive data
Three new managed data identifiers have been added to Amazon Macie to expand its capabilities for discovering and identifying the locations of HTTP Basic Authentication Headers, HTTP Cookies, and JSON Web Tokens present in S3.

AWS Icon  How to use new Amazon GuardDuty EKS Protection findings
An overview of the new GuardDuty EKS Protection feature, helping understand, operationalize, and respond to these new findings.

GCP Icon  Security through collaboration: Building a more secure future with Confidential Computing
Google Cloud, Project Zero, and AMD collaborated for several months to conduct a detailed review of the technology that powers Confidential Computing.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present, CloudSecList by Marco Lancini.