An unofficial list of free resources to learn AWS for absolute beginners. This will be a living document.

A post going through confounding conditions, double and triple negatives, and principals matched and unmatched to explain a more accurate model of how IAM evaluates permissions internally.

Datadog analyzed trends in the implementation of security best practices and took a closer look at various types of misconfigurations that contribute to the most common causes of security breaches.

Tl;dr: if you want someone to admin some IAM in an account but not all the IAM, then you might need one.

This post explains how most vulnerability scanners for containers work, and highlights a few challenges this approach has that can lead to blind spots in your infrastructure.

This is a major improvement for running secure workloads in Kubernetes. Each pod will have access only to a limited subset of the available UIDs and GIDs on the system, thus adding a new security layer to protect from other pods running on the same system.

Continuous validation, no-code provisioning, native OPA support for Terraform Cloud, and other new features are key upgrades to HashiCorp Terraform introduced at HashiConf Global 2022.

A first attempt at grouping security-related roles into macro-functions commonly found in tech companies.

Some ideas on how to effectively identify, remediate and eliminate authorization vulnerabilities at scale in your org, via an example scenario and some SAST rules.

A design proposal for how to do hard multi-tenancy in Kubernetes.

The AWS Secrets Manager team has launched their official GitHub action! Use a GitHub action to retrieve secrets from AWS Secrets Manager and add them as masked Environment variables in your GitHub workflow.

Dissect is a collection of Python libraries and tools to facilitate enterprise-scale incident response and forensics. It supports the analyst from the moment of acquisition of artifacts, to normalisation and processing.

Kubernetes-native Job Queueing. You can also refer to the companion blog post.

Logto helps build sign-in, auth, and user identity within minutes, by providing OIDC-based identity service.

CLI for building OPA policies into OCI images.

Changing AWS Support plan does no longer require the account root user.

AWS has updated the IAM console experience for role trust policies to make it simpler for you to author and validate the policy that controls who can assume a role.

You can now set an EC2 Amazon Machine Image (AMI) to use Instance Metadata Service Version 2 (IMDSv2) by default.

Sensitive Actions Service, a built-in service of the Security Command Center Premium tier that detects when actions are taken in your Google Cloud organization, folders, and projects that could be damaging to your business if they are taken by a malicious actor.

Workforce Identity Federation can help users onboard to Google Cloud using their identity and credentials that currently exist with their external identity provider.

How to use Data Loss Prevention (DLP) to de-identify custom data, through masking, encryption, or other transformations.

Data de-identification technology to help automate the identification and redaction of sensitive data using machine learning.

Policy Analytics provides you with critical insights and analytics to optimize your Azure Firewall rules and strengthen your security posture.

Azure Firewall Basic is a new SKU of Azure Firewall designed to meet the needs of SMBs by providing enterprise-grade protection of their cloud environment at an affordable price point.