A tale from Troy Hunt of firewalls, APIs and sifting through layers and layers of different services to sniff out the root cause of something that seemed very benign, but actually turned out to be highly impactful.

How Amazon continuously release changes to production by practicing trunk-based development, by using CI/CD pipelines to manage deployment artifacts and coordinate releases across multiple production environments, and by practicing proactive and automatic rollbacks.

Post discussing lateral movement risks from the cloud to Kubernetes: it explains attacker TTPs, and outlines best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.

A guide to defining and maturing a truly resilient Application and Cloud Security program through automation and data.

Understand the security ramifications of doing Kubernetes with a managed service provider or DIY.

A look at how containers work as Linux processes and what that means for security.

You can now pass an IAM role to every EC2 instance in your account + region.

Secrets in Kubernetes are used to store sensitive information. This blog post will show how to secure Kubernetes secrets using Hashicorp vault.

Looking back on publicly disclosed cloud breaches of 2022, and what we can learn from them.

A binary written in Go to systematically manage external modules from Github for use in Terraform.

Rbac-tool simplifies querying and creating Kubernetes RBAC policies.

A GitHub Action step that fetches outputs from a Terraform Cloud workspace.

Example of accessing Amazon API Gateway with Amazon Cognito User Pools and Okta OpenID Connect Federation.

Creation of Continuous Integration pipelines dynamically using an AWS Step Function based approach to create standardised pipelines for an organisation.

Post comparing general-purpose mode CAs to short-lived mode CAs.

Two-part blog post providing recommendations for using IAM APIs, and sharing useful details on how IAM works.

This post provides an overview of each type of Amazon EKS control plane log type, and discusses the value provided by them. In addition, the post explores ways to obtain insights from these logs while optimizing on cost.

A sketchnote on GCP IAM.

How to protect your Cloud Run deployments by implementing least privilege access for Cloud Run services and service consumers.

Azure NetApp Files volumes now support encryption with customer-managed keys (CMK), using Azure Key Vault for key storage, to enable an extra layer of security for data at rest.