Super interesting write-up on how Square uses VPC endpoints to access AWS services without giving VPC resources direct Internet connectivity.

Talk from KubeCon EU 2019 which provides useful insights on where to get information about what's happening in your cluster, common mitigation options (such as how to alert, isolate, pause, restart, or kill a container), common types of container attacks, and how to restore services after an incident.

A blog post that advocates for the adoption of gitops and of a pull-based devops pipeline not just for Kubernetes deployments but also around building and pushing container images.

In this post, the Salesforce team walks through the principles of least privilege IAM policies, the general steps that one would use to write them by hand, and how Policy Sentry automates this process.

Ever wonder what that "*" in your AWS IAM Policy Action statement is going to turn in to? After you have input your policy JSON into this service, you will see a list of allowed actions by resource.

Introductory post on how to use kube-hunter in a Kubernetes cluster for the identification of security vulnerabilities that an attacker could exploit, either from outside or inside the network.

Deep dive into key Kubernetes security configurations and recommended best practices you should follow.

By default, Parliament runs only on JSON IAM policies, not Terraform files. This utility parses your Terraform, finds aws_iam_policy_document elements, generates resulting IAM policy document strings, and runs Parliament on them.

1Password open sourced their Go implementation of the Secure Remote Password (SRP) protocol, the same they use in 1Password Teams.

AWS Nitro Enclaves are little "sidecar", isolated VMs, with no network access or storage that you can create and communicate to only from an EC2 Instance (for example for storing secrets and keys).

This project demonstrates a series of best practices for improving the security of containerized applications deployed to Kubernetes Engine, by providing 3 examples of securing applications in GKE.

First Azure-related news in CloudSecList! Microsoft released the Azure security benchmarks documentation, with best practices and guidance on how to secure your cloud solutions on Azure.

Secure default settings that Microsoft manages on organization's behalf to keep customers safe until they are ready to manage their own identity security story.