Release Date: 31/03/2024 | Issue: 231
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

How did a top tier global financial services institution solve their Kubernetes authentication, RBAC, and multi-tenancy challenges?
  • Satisfied security and compliance requirements
  • Provide a great experience for developers
  • Secure support for dashboards and UIs
  • Decrease load on cluster support staff
  • 100% Open Source
Find out how in our case study (no registration required)

This week's articles


How Twilio Segment proactively protects customer's API tokens
How the Segment Team built solutions to protect customers from committed and orphaned secrets.   #ci/cd   #defend


Ultimate guide to secrets in Lambda
This post compares Systems Manager, Secrets Manager, Key Management Service, and environment variables for handling your secrets in Lambda.   #aws   #explain


Data Engineering For Cybersecurity, Part I: Understanding Security Data
Post diving into the growing complexities of managing cybersecurity data and the growing importance of data engineering in bolstering security posture, operations and compliance.   #monitor   #strategy


How to Build a Cloud Native Data Security Program
A guide on how to achieve cloud & application security data protection and maturity in a cloud native way.   #strategy


DynamoDB now supports resource-based policies. But is that a good idea?
While it simplifies cross-account access to DynamoDB tables, eliminating the need to assume IAM roles. It still begs the question: Is cross-account data access even a good idea?.   #aws   #explain   #iam


Using Tailscale for persistence
The idea here is to see how someone could use Tailscale as part of getting persistence on a compromised system (for example a Kubernetes cluster) to keep access in a relatively stealthy fashion.   #attack   #containers   #kubernetes


ConvertKit spent over $1.8 million on AWS in 2023
An interesting breakdown of the 2023 ConvertKit AWS bill.   #strategy

Sponsor

Discover what your CNAPP is missing
Interested in seeing what Lacework could find in your cloud environment? Join us for a 30-min tour on April 2nd and learn how Lacework combines risk and threat data to give teams the context necessary to take faster and more decisive action.
Register now

Tools


access
Access, a centralized portal for employees to transparently discover, request, and manage their access for all internal systems needed to do their jobs. You can also refer to the companion blog post.


azurenum
Enumerate Microsoft Entra ID (Azure AD) fast.


cloud-active-defense
Add a layer of active defense to your cloud applications.


terraform-aws-ca
Terraform module for serverless certificate authority on AWS. You can also refer to the companion blog post.


SharpConflux
A .NET application built to facilitate Confluence exploration. You can also refer to the companion blog post.

CloudSecDocs


Engineering Decisions
A revamped page that collects writeups about documentation, security, infrastructure, development environments & CI, and software engineering.

From the cloud providers


#AWS   Use Amazon Verified Permissions for fine-grained authorization at scale
How you can apply 2 techniques (bulk authorization and response caching) when listing authorized resources and actions and loading multiple components on webpages.


#AWS   Set IMDSv2 as default for all new instance launches in your account
You can now set all new Amazon EC2 instance launches in your account to use Instance Metadata Service Version 2 (IMDSv2) by default.


#AZURE   Generally Available: Free managed certificates on Azure Container Apps
Azure Container Apps now provides a free managed certificate for your custom domain.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini