The TokenRequest API in Kubernetes can be misused to create backdoors in clusters. This blog looks the how to secure and audit its use.

These links have no additional authentication and are publicly accessible.

Starting with 1.25, Kubernetes' container image registry has changed from k8s.gcr.io to registry.k8s.io. This new registry spreads the load across multiple Cloud Providers & Regions, functioning as a sort of CDN for Kubernetes container images.

An experimental prototype OCI registry on Cloudflare Workers.

Forecastle is a control panel which dynamically discovers and provides a launchpad to access applications deployed on Kubernetes.

Colorize your kubectl output.

A collection of plugins for kubectl integration.

Amazon Verified Permissions provides developers with a centralized fine-grained permissions management and authorization system for custom applications.

Amazon Inspector is available starting today for functions and layers written in Java, NodeJS, and Python.

In the event that connectivity between a client and a bucket in a particular Region is lost, the Multi-Region Access Point will automatically route all traffic to the closest bucket (synchronized via S3 Replication) in another Region.

Automated data discovery automates the continual discovery of sensitive data and potential data security risks across your entire set of buckets aggregated at AWS Organizations level.

AWS Config rules have been extended to support proactive mode so that they can be run at any time before provisioning and save time spent to implement custom pre-deployment validations.

You can use it to apply managed preventative, detective, and proactive controls to accounts and OUs by service, control objective, or compliance framework. AWS Control Tower does the mapping between them on your behalf, saving time and effort.

A new set of capabilities for Amazon CloudWatch Logs that leverage pattern matching and machine learning (ML) to detect and protect sensitive log data in transit.

ECS Service Connect provides an easy network setup and seamless service communication deployed across multiple ECS clusters and virtual private clouds (VPCs). You can add a layer of resilience to your ECS service communication and get traffic insights with no changes to your application code.

It's now possible to grant access to your Amazon Simple Queue Service queues based on their tags.

Store and use your encryption keys on premises or outside of the AWS Cloud.

It is now possible to delegate the management of your Organizations policies, enabling you to govern your AWS organization and member accounts with increased agility and decentralization.

With VPC Lattice, you can define policies for traffic management, network access, and monitoring so you can connect applications in a simple and consistent way across AWS compute services.

A purpose-built service that automatically centralizes an organization's security data from cloud and on-premises sources into a purpose-built data lake stored in your account.

Amazon GuardDuty RDS Protection profiles and monitors access activity to existing and new databases in your account, and uses tailored machine learning models to accurately detect suspicious logins to Aurora databases.

A new secure connectivity service that allows enterprises to enable local or remote secure access for their corporate applications without requiring a VPN.

The new website Learn Kubernetes with Google brings together under one roof the guidance of Kubernetes experts, both from Google and across the industry, to communicate the latest trends in building your Kubernetes infrastructure.

Embassies have been foreign safe havens for generations. The concept has been extended to data in the digital world, made possible by the flexible, distributed nature of the cloud. Here's how it works.

Explore the end to end flow of detecting fraudulent payments with a low-latency and horizontally scalable system powered by tools like Bigtable.