Release Date: 22/09/2019 | Issue: 4
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

This week's articles

The Service Mesh Era: Architecting, Securing and Managing Microservices with Istio
Google just released a whitepaper explaining why and how you start using a service mesh like Istio. Definitely a must read if you are considering to implement a mesh.

Do you know the feeling of having a dozen of terminals open (with something like `kubectl get xxx --watch`) while debugging an issue? Well, Octant is a web-based, highly extensible platform to better understand how applications run on a Kubernetes cluster. It offers a combination of introspective tooling, cluster navigation, and object management along with a plugin system to further extend its capabilities. I started using it recently and I personally love it.

Kubernetes Security Lab with Kind and Ansible
This is a project from raesene which aims to make use of Docker (and specifically Kind) to create a lab environment for testing Kubernetes exploits and security tools entirely locally on a single machine, without any requirement for remote resources or Virtual Machines. The project contains already a starter set of playbooks which will bring up clusters with specific misconfigurations that can be exploited, correlated with their own walkthroughs.

Deprecated APIs Removed In 1.16: Here’s What You Need To Know
You might have heard that Kubernetes 1.16 has now been released. If so, you might have also heard that a bunch of old API paths/versions got removed (including security APIs). If (when) you upgrade you should be prepared for these breaking changes: Kubeval should help with catching these, as well as similar breaking changes in the future, in your CI pipelines.

What happens when you push AWS credentials to GitHub
Or what happens if you ignore AWS warning emails... On the plus side, at the end of the article you can find a gist for what to do when you leak your AWS credentials.

If you're not using SSH certificates you're doing SSH wrong
That's a very well written article explaining all the pros of using certificate-based authentication for SSH, and how to set it up for AWS.

How to use AWS Secrets Manager to securely store and rotate SSH key pairs
At the same time (see above), AWS is explaining how to secure, rotate, and use SSH keypairs for inter-cluster communication.

AWS security training from 0xdabbad00
If you are looking for training in the AWS space, you must know that Scott is one of the most knowledgeable experts in the field.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present, CloudSecList by Marco Lancini.