Release Date: 27/09/2020 | Issue: 56
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

This week's articles

Cataclysms in the Cloud Formations   #aws, #attack
A story about AWS CloudFormation potentially exposing credentials to customer AWS accounts.

Security Architecture Review Of A Cloud Native Environment   #aws, #defend
Walkthrough of a cloud security assessment performed on an organisation which had recently moved their infrastructure from an on-prem to a cloud native solution (AWS).

Fighting API Abusers   #aws, #defend
Interesting post covering the approach the team behind the Selfie2Anime service took to help prevent a bad actor from abusing their APIs.

AWS Digital Forensics Automation at Goldman Sachs   #aws, #defend
Goldman Sachs has automated an event-driven cloud response solution that uses AWS native services to successfully collect disk and memory evidence from Amazon EC2 instances. The solution uses AWS security services Amazon GuardDuty and AWS Security Hub. It also leverages a variety of services such as AWS Lambda, AWS Step Functions, and AWS Systems Manager (SSM). This Tech Talk provides an overview of Goldman Sachs' environment and a deep dive on how they built automation for digital forensics using AWS native services.

Automating Response to Security Events on Google Cloud Platform   #gcp, #defend
Blog outlining a solution which helps remediate access misconfigurations by detecting and automatically responding to specific Cloud Logging events in real-time.

Can We Have "Detection as Code"?   #defend
Blog describing the idea of "detection as code", a more systematic, flexible and comprehensive approach to threat detection that is somewhat inspired by software development.

Let's compare the CLI experiences offered by AWS, Microsoft Azure, and Google Cloud Platform   #aws, #gcp, #azure, #build
Post comparing and evaluating the CLIs of the main cloud providers with an eye on five different areas: API surface and patterns, Authentication, Creating and viewing services, CLI sweeteners, and Utilities.

New Terraform Tutorials on Provisioning and Managing Kubernetes Clusters   #k8s, #hashicorp, #explain
A new collection of Terraform tutorials that can help you through your Kubernetes adoption journey.

5 tips for using the Rego language for Open Policy Agent (OPA)   #opa, #build
Most valuable lessons the Fugue team learnt in the process of writing a lot of Rego code.

An introduction to Kubespray   #k8s, #build
Introductory post for Kubespray, a tool which uses Ansible for deploying multi-node Kubernetes clusters.

Protecting Kubernetes applications data using Kanister   #k8s, #build
How to protect Kubernetes applications' data using Kanister, an extensible open-source framework for application-level data management on Kubernetes.

Reinventing virtualization with the AWS Nitro System   #aws, #explain
Amazon's journey creating the AWS Nitro System, an infrastructure platform to offload virtualization functions to dedicated hardware and software.


A tool to detect a set of common Google Kubernetes Engine misconfigurations. Aimed to help security and development teams streamline configuration parts of their processes, and save time looking for generic bugs and vulnerabilities.

Automated Cloud Advisor is a extensible tool that aims at facilitating cost optimization in AWS, by collecting data for resources that are under utilized.

Cloudsplaining v0.2.0
Cloudsplaining v0.2.0 has been released, providing a huge uplift for the UI overall. If you are not familiar, Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

Synator is a Kubernetes Secret and ConfigMap synchroniser (secrets and configs are copied to your desired namespaces).

From the cloud providers

AWS Icon  Amazon Detective introduces IAM Role Session Analysis
Amazon Detective now analyzes IAM role sessions so that you can visualize and understand the actions that users and apps have performed using assumed roles.

AWS Icon  How Security Operation Centers can use Amazon GuardDuty to detect malicious behavior
Post addressing how Amazon GuardDuty can address some common concerns of the SOC regarding the number of security tools and the overhead to integrate and manage them.

AWS Icon  Introducing mutual TLS authentication for Amazon API Gateway
AWS is introducing certificate-based mutual Transport Layer Security (TLS) authentication for Amazon API Gateway. This is a new method for client-to-server authentication that can be used with API Gateway's existing authorization options.

AWS Icon  Get ready for upcoming changes in the AWS Single Sign-On user sign-in process
AWS Single Sign-On (SSO) is making changes to the sign-in process that will affect some AWS SSO customers. The changes will go into effect globally in early October 2020. This blog post explains how you can prepare for the upcoming changes.

AWS Icon  AWS Perspective
AWS released AWS Perspective, a tool to automatically visualise your Cloud workloads and the relationships within as up-to-date architecture diagrams.

AWS Icon  On-Demand SCIM provisioning of Azure AD to AWS SSO with PowerShell
How to use PowerShell to initiate an on-demand synchronization between Azure Active Directory and AWS Single Sign-On (AWS SSO) and avoid the default 40-minute synchronization schedule between both identity providers.

GCP Icon  Kubernetes Ingress Goes GA
The Kubernetes Ingress API, first introduced in late 2015 as an experimental beta feature, has finally graduated as a stable API and is included in the recent 1.19 release of Kubernetes.

GCP Icon  Tips and tricks for using new RegEx support in Cloud Logging
Google added support for regular expressions to GCP Cloud Logging.

Azure Icon  Enterprise grade Kubernetes on Azure
Many announcements regarding AKS at MSIgnite, including: Azure Policy GA, Start/Stop clusters, Public preview of confidential compute on AKS, and Azure RBAC for AKS.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.