A story about AWS CloudFormation potentially exposing credentials to customer AWS accounts.

Walkthrough of a cloud security assessment performed on an organisation which had recently moved their infrastructure from an on-prem to a cloud native solution (AWS).

Interesting post covering the approach the team behind the Selfie2Anime service took to help prevent a bad actor from abusing their APIs.

Goldman Sachs has automated an event-driven cloud response solution that uses AWS native services to successfully collect disk and memory evidence from Amazon EC2 instances. The solution uses AWS security services Amazon GuardDuty and AWS Security Hub. It also leverages a variety of services such as AWS Lambda, AWS Step Functions, and AWS Systems Manager (SSM). This Tech Talk provides an overview of Goldman Sachs' environment and a deep dive on how they built automation for digital forensics using AWS native services.

Blog outlining a solution which helps remediate access misconfigurations by detecting and automatically responding to specific Cloud Logging events in real-time.

Blog describing the idea of "detection as code", a more systematic, flexible and comprehensive approach to threat detection that is somewhat inspired by software development.

Post comparing and evaluating the CLIs of the main cloud providers with an eye on five different areas: API surface and patterns, Authentication, Creating and viewing services, CLI sweeteners, and Utilities.

A new collection of Terraform tutorials that can help you through your Kubernetes adoption journey.

Most valuable lessons the Fugue team learnt in the process of writing a lot of Rego code.

Introductory post for Kubespray, a tool which uses Ansible for deploying multi-node Kubernetes clusters.

How to protect Kubernetes applications' data using Kanister, an extensible open-source framework for application-level data management on Kubernetes.

Amazon's journey creating the AWS Nitro System, an infrastructure platform to offload virtualization functions to dedicated hardware and software.

A tool to detect a set of common Google Kubernetes Engine misconfigurations. Aimed to help security and development teams streamline configuration parts of their processes, and save time looking for generic bugs and vulnerabilities.

Automated Cloud Advisor is a extensible tool that aims at facilitating cost optimization in AWS, by collecting data for resources that are under utilized.

Cloudsplaining v0.2.0 has been released, providing a huge uplift for the UI overall. If you are not familiar, Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

Synator is a Kubernetes Secret and ConfigMap synchroniser (secrets and configs are copied to your desired namespaces).

Amazon Detective now analyzes IAM role sessions so that you can visualize and understand the actions that users and apps have performed using assumed roles.

Post addressing how Amazon GuardDuty can address some common concerns of the SOC regarding the number of security tools and the overhead to integrate and manage them.

AWS is introducing certificate-based mutual Transport Layer Security (TLS) authentication for Amazon API Gateway. This is a new method for client-to-server authentication that can be used with API Gateway's existing authorization options.

AWS Single Sign-On (SSO) is making changes to the sign-in process that will affect some AWS SSO customers. The changes will go into effect globally in early October 2020. This blog post explains how you can prepare for the upcoming changes.

AWS released AWS Perspective, a tool to automatically visualise your Cloud workloads and the relationships within as up-to-date architecture diagrams.

How to use PowerShell to initiate an on-demand synchronization between Azure Active Directory and AWS Single Sign-On (AWS SSO) and avoid the default 40-minute synchronization schedule between both identity providers.

The Kubernetes Ingress API, first introduced in late 2015 as an experimental beta feature, has finally graduated as a stable API and is included in the recent 1.19 release of Kubernetes.

Google added support for regular expressions to GCP Cloud Logging.

Many announcements regarding AKS at MSIgnite, including: Azure Policy GA, Start/Stop clusters, Public preview of confidential compute on AKS, and Azure RBAC for AKS.