Release Date: 22/09/2019 | Issue: 4
The Cloud Security Reading List is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape,
hand curated by Marco Lancini.

This week's articles


The Service Mesh Era: Architecting, Securing and Managing Microservices with Istio
Google just released a whitepaper explaining why and how you start using a service mesh like Istio. Definitely a must read if you are considering to implement a mesh.


Octant
Do you know the feeling of having a dozen of terminals open (with something like `kubectl get xxx --watch`) while debugging an issue? Well, Octant is a web-based, highly extensible platform to better understand how applications run on a Kubernetes cluster. It offers a combination of introspective tooling, cluster navigation, and object management along with a plugin system to further extend its capabilities. I started using it recently and I personally love it.


Kubernetes Security Lab with Kind and Ansible
This is a project from raesene which aims to make use of Docker (and specifically Kind) to create a lab environment for testing Kubernetes exploits and security tools entirely locally on a single machine, without any requirement for remote resources or Virtual Machines. The project contains already a starter set of playbooks which will bring up clusters with specific misconfigurations that can be exploited, correlated with their own walkthroughs.


Deprecated APIs Removed In 1.16: Here’s What You Need To Know
You might have heard that Kubernetes 1.16 has now been released. If so, you might have also heard that a bunch of old API paths/versions got removed (including security APIs). If (when) you upgrade you should be prepared for these breaking changes: Kubeval should help with catching these, as well as similar breaking changes in the future, in your CI pipelines.


What happens when you push AWS credentials to GitHub
Or what happens if you ignore AWS warning emails... On the plus side, at the end of the article you can find a gist for what to do when you leak your AWS credentials.


If you're not using SSH certificates you're doing SSH wrong
That's a very well written article explaining all the pros of using certificate-based authentication for SSH, and how to set it up for AWS.


How to use AWS Secrets Manager to securely store and rotate SSH key pairs
At the same time (see above), AWS is explaining how to secure, rotate, and use SSH keypairs for inter-cluster communication.


AWS security training from 0xdabbad00
If you are looking for training in the AWS space, you must know that Scott is one of the most knowledgeable experts in the field.

Website
Twitter
Buy me a coffee
View this email in your browser Copyright © 2019-present The Cloud Security Reading List.