CloudSecDocs.com is a website collecting technical notes, how-tos, and cheatsheets related to cloud-native technologies (not only security-focused), hand curated by myself.

Technical writeup for a bug found in the AWS API that allows to enumerate certain permissions for a role without logging to CloudTrail. It affects 645 different API actions across 40 different AWS services. There is also a companion Github repo with tooling.

Blog introducing Det{R}ails (CloudTrail in Details), a tool built on top of the ElasticStack which enriches CloudTrail events so to prioritize and identify risk classes.

Guide explaining core KMS concepts and showing how to encrypt your data and scale your data access management uniformly across disparate data services.

A step by step cookbook on best practices for alerting on Kubernetes platform and orchestration, including PromQL alerts examples.

Tutorial explaining how to load seccomp profiles into a local Kubernetes cluster, how to apply them to a Pod, and how to begin crafting profiles that give only the necessary privileges to containers.

How to run Vault Enterprise as a shared service outside an OpenShift Kubernetes cluster.

Autocert is a kubernetes add-on that automatically injects TLS/HTTPS certificates into your containers. Autocert exists to make it easy to use mTLS (mutual TLS) to improve security within a cluster and to secure communication into, out of, and between kubernetes clusters.

Cloud Security Dashboard for AWS - based on ScoutSuite.

ROADtools is a framework to interact with Azure AD. It currently consists of a library (roadlib) and the ROADrecon Azure AD exploration tool.

Demos for several kubernetes security features like Network Policies, Security Context, Pod Security Policies.

Use OpenFaaS functions as Kubernetes Validating Admission Webhook.

It is now possible to define the action you want to take in your account when a budget exceeds its threshold (actual or forecasted amounts).

AWS Lambda now supports AWS PrivateLink which lets you invoke Lambda functions securely from inside your virtual private cloud (VPC) or on-premises data centers without exposing traffic to the public Internet.

Port forwarding sessions created using Session Manager, a capability of AWS Systems Manager, now support multiple simultaneous connections over the session. This improvement reduces the rendering latency and improves load times for applications that load data using multiple concurrent connections, when delivering such applications over a port forwarding session.

Solution presenting a pre-provisioned architecture for an incident response system that you can use to respond to a suspect EC2 instance.

Step-by-step instructions to deploy and manage security policies across your AWS Organizations implementation by using Firewall Manager.

How to query an Azure Sentinel Watchlist using Azure Monitor Logs connector, and also how to use the output data.