Release Date: 26/02/2023 | Issue: 176
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Wiz’s 2023 State of the Cloud Report
Wiz’s State of the Cloud 2023 report provides analysis of trends in cloud usage such as multi-cloud, use of managed services and more. The report highlights notable cloud risks based on our scanning of over 200,000 cloud accounts, including more than 30% of the Fortune 100 environments. For instance, our data shows that 47% of companies have at least one database or storage bucket publicly exposed to the internet, and an attacker can discover and access an exposed bucket in less than 13 hours.
Download the Report

This week's articles


Down the Cloudflare / Stripe / OWASP Rabbit Hole: A Tale of 6 Rabbits Deep
A tale from Troy Hunt of firewalls, APIs and sifting through layers and layers of different services to sniff out the root cause of something that seemed very benign, but actually turned out to be highly impactful.   #build   #cloudflare


My CI/CD pipeline is my release captain
How Amazon continuously release changes to production by practicing trunk-based development, by using CI/CD pipelines to manage deployment artifacts and coordinate releases across multiple production environments, and by practicing proactive and automatic rollbacks.   #aws   #build   #ci/cd   #strategy


Lateral movement risks in the cloud: from compromised cloud resource to Kubernetes cluster takeover
Post discussing lateral movement risks from the cloud to Kubernetes: it explains attacker TTPs, and outlines best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.   #attack   #defend   #kubernetes


How to Achieve Application & Cloud Security Resilience
A guide to defining and maturing a truly resilient Application and Cloud Security program through automation and data.   #strategy


To DIY or Not to DIY; Key Kubernetes Security Considerations
Understand the security ramifications of doing Kubernetes with a managed service provider or DIY.   #defend   #kubernetes


Container security fundamentals: Exploring containers as processes
A look at how containers work as Linux processes and what that means for security.   #containers   #defend


A role for all your EC2 instances
You can now pass an IAM role to every EC2 instance in your account + region.   #aws   #build


Securing Kubernetes Secrets with HashiCorp Vault
Secrets in Kubernetes are used to store sensitive information. This blog post will show how to secure Kubernetes secrets using Hashicorp vault.   #build   #kubernetes   #vault


A retrospective on public cloud breaches of 2022
Looking back on publicly disclosed cloud breaches of 2022, and what we can learn from them.   #attack   #defend

Sponsor

Wiz: Your new partner in cloud security
It’s time for you to see the Wiz cloud security platform in action. Observe up close why more than 30% of Fortune 100 companies trust us to protect their cloud and simplify their cloud journey. This 10-min demo illustrates how Wiz seamlessly integrates with your full cloud environment, providing full visibility of all your layers and a complete view of true risk.
See the power of the Wiz platform

Tools


terrafile
A binary written in Go to systematically manage external modules from Github for use in Terraform.


rbac-tool
Rbac-tool simplifies querying and creating Kubernetes RBAC policies.


terraform-cloud-outputs-action
A GitHub Action step that fetches outputs from a Terraform Cloud workspace.


aws-cognito-okta-federation
Example of accessing Amazon API Gateway with Amazon Cognito User Pools and Okta OpenID Connect Federation.


automated-ci-pipeline-creation
Creation of Continuous Integration pipelines dynamically using an AWS Step Function based approach to create standardised pipelines for an organisation.

From the cloud providers


#AWS   How to use AWS Private Certificate Authority short-lived certificate mode
Post comparing general-purpose mode CAs to short-lived mode CAs.


#AWS   How to monitor and query IAM resources at scale
Two-part blog post providing recommendations for using IAM APIs, and sharing useful details on how IAM works.


#AWS   Understanding and Cost Optimizing Amazon EKS Control Plane Logs
This post provides an overview of each type of Amazon EKS control plane log type, and discusses the value provided by them. In addition, the post explores ways to obtain insights from these logs while optimizing on cost.


#GCP   Cloud IAM Google Cloud
A sketchnote on GCP IAM.


#GCP   Securing Cloud Run Deployments with Least Privilege Access
How to protect your Cloud Run deployments by implementing least privilege access for Cloud Run services and service consumers.


#AZURE   Public Preview: Customer-managed keys for Azure NetApp Files volume encryption
Azure NetApp Files volumes now support encryption with customer-managed keys (CMK), using Azure Key Vault for key storage, to enable an extra layer of security for data at rest.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini