In depth look at AWS Access Keys inside a Lambda function, from how they are populated into the function's execution context, how long they last, how to exfiltrate and use them, and how to detect a compromised access key.

Blog post analysing challenges and potential solutions for cross-cloud access.

Exploratory post focused on assessing vulnerabilities of container images for outdated operating system packages.

Post from the Azure Security Center (ASC) which reveals a new campaign targeting Kubeflow, a machine learning toolkit for Kubernetes.

Article comparing six static tools to validate and score Kubernetes YAML files for best practices and compliance.

Interesting chart created by Scott Piper, which shows the counts of APIs by AWS service, grouped by categories from the web console.

Cause and resolution for five common AWS IAM errors.

Walk through of what's new in the new Ingress specification, what it means for applications, and how to upgrade to an ingress controller that supports this new specification.

Part 1 of 11 in a series of sketchnotes which aims to spread knowledge about Kubernetes and Istio.

How to implement LDAP authentication for Kubernetes with the Webhook Token authentication plugin. The article also includes a tutorial taking you from zero to the complete system with step-by-step instructions.

Other step by step walkthrough on how to setup common services in a Kubernetes cluster using a GitOps workflow.

A tutorial for setting up a basic CI/CD pipeline for serverless applications with SAM, CircleCI, and GitHub.

A set of tools to check AWS CloudFormation templates for policy compliance using a simple, policy-as-code, declarative syntax.

Azure Key Vault provider for Secret Store CSI driver allows to get secret contents stored in Azure Key Vault instance and use the Secret Store CSI driver interface to mount them into Kubernetes pods.

Aardvark is a multi-account AWS IAM Access Advisor API.

Rode provides the collection, attestation and enforcement of policies in your software supply chain.

Tool that evaluates Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security misconfigurations and compliance violations prior to deployment using Open Policy Agent/Rego.

AWS released new recommendations to support decision makers in any sector considering or planning for secure cloud adoption. Accreditation Models for Secure Cloud Adoption provides best practices with respect to cloud accreditation to help organizations capitalize on the security benefits of commercial cloud computing.

AWS Backup offers a centralized, managed service to back up data across AWS services in the cloud and on premises using AWS Storage Gateway.

How to use the Okta Universal Directory with AWS SSO and provision Okta users and groups into AWS SSO.

Repeatable and automated solution for deploying a unified identity management structure across all of your AWS environments.

Integrated with AWS CDK, OPA can help realize Policy-as-Code capabilities that tests the changes before AWS CDK makes changes in your AWS environment.

Google announced a new notification channel type for Cloud Monitoring via Cloud Pub/Sub. Now in beta, this integration lets you create automated and programmatic workflows in response to alerts.

HashiCorp and Microsoft announced the release of Azure DevOps Provider 0.0.1 for Terraform. With this provider, you will be able to manage Azure DevOps resources like projects, CI/CD pipelines, and build policies through Terraform.