Release Date: 27/10/2024 | Issue: 261
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Security or user experience. Why not both?
Managing security without compromising user experience is tough. Strong security is non-negotiable, but poor user experience can be damaging…In our guide, we break down how you can build an authorization system that protects your organization while keeping things smooth for users. We cover security metrics and considerations that provide actionable feedback to fine-tune your authorization, ensuring a balance between future scale, user experience, and compliance.
Check out the guide here

This week's articles


Security Logging in Cloud Environments - AWS
I've refreshed my article which covers how to design a state of the art multi-account security logging platform in AWS: removed stale links and legacy advice on MFA delete, added API Gateway access logs, and added a "Tracking Misconfigurations" section.   #aws   #design   #monitor


Delegating security remediation to employees via Slack
There is a growing trend of delegating security remediation tasks to employees directly through Slack, rather than relying solely on the security team.   #defend   #strategy


Inside a container registry: The mechanics of push and pull
Have you ever thought about how an image is actually pushed or pulled from a registry?   #containers   #explain


AWS IAM Policy Condition Operators Explained
There are 27 basic condition operators you can use in an AWS IAM policy. Then you can add "ForAllValues" or "ForAnyValue" to the beginning and "IfExists" to the end of almost all of them.   #aws   #explain   #iam


Terraform Stacks - An Introduction
This article explores Terraform Stacks, a new feature in Terraform Cloud that allows you to manage multiple environments and deployments of Terraform configurations.   #hashicorp   #iac   #terraform


CSI Forensics: Unraveling Kubernetes Crime Scenes
Post revisiting the Kubernetes feature known as k8s checkpoint, demonstrating how it can be automated using Falco components, allowing to create container snapshots that are invaluable for Digital Forensics and Incident Response (DFIR) analysis.   #defend   #kubernetes   #monitor

Level Up Your Cloud Security Career

Ready to boost your Cloud Security career? 📙 The CloudSec Engineer gives you actionable, no-nonsense advice from my own personal experience.
Whether you’re breaking into the field, moving to senior levels, or eyeing leadership roles, you’ll find practical tips to guide your path. Get the knowledge you need—plus bonus tools to organize your learning, interviews, and more.
Learn more

Tools


git-remote-s3
This library enables to use Amazon S3 as a git remote and LFS server.


cloudtail
A tool designed to simplify the long-term retention and searchability of cloud logs from cloud platforms like AWS and Azure. You can also refer to the companion blog post.


gcpdocs
This tool allows you to be able to retrieve all documentation for GCP providing you with a local copy you can archive, search, and diff for security research.


servicelens
ServiceLens is a Python tool for analyzing services linked to Microsoft 365 domains. It scans DNS records like SPF and DMARC to identify services, categorizing them into Email, Cloud, Security, and more.


gcp-ctf-workshop
This CTF setup will create a misconfigured GCP project that is vulnerable to the internet.


terraform-aws-secret
Terraform module for a secret with owner/writer/reader roles. You can also refer to the companion blog post.


PurpleCloud
Terraform code generator to create different Azure security labs.

From the cloud providers


#AWS   How to build a Security Guardians program to distribute security ownership
Post outlining the steps to follow to build your own Security Guardians program for your organization.


#AWS   How to use interface VPC endpoints to meet your security objectives
Four security objectives that VPC endpoints help you achieve.


#AWS   How to use the Amazon Detective API to investigate GuardDuty security findings and enrich data in Security Hub
How to integrate Amazon Detective with AWS Security Hub, giving you better visibility into threat indicators and investigative data directly from Security Hub, which provides you with a centralized view of your overall security posture across your AWS accounts.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini