From the cloud providers
Identify the identity responsible for the actions performed using IAM roles
IAM now makes it easier to identify who is responsible for an AWS action performed by an IAM role when viewing AWS CloudTrail logs. Adding the new service-specific condition, "sts:RoleSessionName", in an IAM policy, enables you to define the role session name that must be set when an IAM principal (user or role) or application assumes the IAM role. AWS adds the role session name to the AWS CloudTrail log when the IAM role performs an action, making it easy to determine who performed the action.
Security blueprint: PCI on GKE
The first in a series of GCP Security Blueprints. The first one covers PCI on GKE, and contains a set of Terraform configurations and scripts that demonstrate how to bootstrap a PCI environment in Google Cloud. This blueprint enables you to quickly and easily deploy workloads on GKE that align with PCI DSS in a repeatable, supported, and secure way.