This week's articles
The undetectable way of exporting an AWS DynamoDB
This post describes a limitation in the current AWS CloudTrail logging features that limit detection capabilities of possible abuse against AWS DynamoDB, in the event of the user's AWS IAM keys being compromised. In particular, CloudTrail doesn't currently record any scanning/reading of a DynamoDB table through awscli.
SkyWrapper is an open source project which analyzes behaviors of temporary tokens created in a given AWS account. It aims to find suspicious creation forms and uses of temporary tokens, so to detect malicious activity in the account.
A site dedicated to good practices and tooling around Kubernetes RBAC.
AWS Account Controller
Very interesting account controller solution, which creates an AWS SSO application for federated users to create or delete ephemeral/sandbox accounts.
Guard is a Kubernetes Webhook Authentication server. Using guard, you can log into your Kubernetes cluster using various auth providers such as Azure, Google, etc.