This week's articles
Free online course on Rego policy authoring which teaches how to enforce authorization policy across your cloud-native stack.
NIST Special Publication 800-207: Zero Trust Architecture
NIST released their view on Zero-Trust Architecture, with a document containing an abstract definition of zero trust architecture (ZTA), and giving general deployment models and use cases where zero trust could improve an enterprise's overall information technology security posture.
Anatomy of AWS Lambda
Article taking a closer look on the anatomy of the AWS Lambda functions and the processes that are happening below the surface. If you are not super-familiar with Lambda, I highly recommend this post which provides a very well-thought introduction.
Overcoming Terraform state locking issues with ECS tasks
Post explaining how the Simply Business team runs Terraform within AWS ECS tasks to overcome some issues they've encountered with Terraform's state file locking. The solution is to check for the status of running ECS tasks and recently exited tasks. If no tasks related to the same project are found, a Terraform action (plan or apply) can be executed.
Request Affinity with Istio
The Cash App team explaining how the ability to deterministically load balance requests with Istio helped them to greatly improve performance and stability for one of their unusual services.
Abusing AWS Connection Tracking
How to abuse Connection Tracking in AWS to persist connections on a host, even when a more restrictive security group is put in place as a result of incident response.
GitHub Availability Report: July 2020
Lessons learned from an incident resulting in a degraded state of availability for GitHub.com. In this case, a container was configured with an "ImagePullPolicy" of "Always", which instructed Kubernetes to fetch a new container image every time. However, due to a routine DNS maintenance operation that had been completed earlier, clusters were unable to successfully reach the registry resulting in Pods failing to start.
Introducing ebpf.io - Learn everything about eBPF
eBPF is a revolutionary technology that can run sandboxed programs in the Linux kernel without changing kernel source code or loading kernel modules. This new website aims to be a hub for documentation, tutorials, reference guides, and more.