This week's articles
Isolated networks on AWS
It is possible on AWS to have an isolated network where you cannot communicate in or out except through limited, controlled pathways. Setting something like this up has some gotchas. This post provides a CDK app to help you experiment and see these issues for yourself, with discussions of the gotchas, their mitigations, and limitations of those mitigations.
Attack matrix for Kubernetes
Microsoft created the first Kubernetes attack matrix: an ATT&CK-like matrix comprising the major techniques that are relevant to container orchestration security, with focus on Kubernetes.
The Need for A Cloud Native Tunnel
is a Cloud Native Tunnel written in Go, which creates a tunnel between two networks using a websocket and optional TLS for encryption. The main use-case for inlets is to expose a private API or service on the Internet, or to gain incoming network access (ingress) to a private network.
How to detect outdated Kubernetes APIs
is a set of Open Policy Agent (OPA) policies that allow you to check your repository for deprecated API versions. These policies offer a way to provide warnings and errors when something is in the process of being or has already been deprecated.
AWS Phishing Emails
This post describes a very sophisticated phising attack that appeared that have originated from AWS, and concludes with mitigations against phishing attempts to compromise your AWS accounts.
HashiCorp Joins the CNCF
To further HashiCorp product integrations with the Cloud Native Computing Foundation (CNCF) projects and to work more closely with the broad community of cloud engineers, HashiCorp joined the CNCF.