Release Date: 25/10/2020 | Issue: 60
The Cloud Security Reading List is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape,
hand curated by Marco Lancini.

This week's articles


Introducing CloudSecDocs.com
#aws, #gcp, #azure, #k8s, #explain
CloudSecDocs.com is a website collecting technical notes, how-tos, and cheatsheets related to cloud-native technologies (not only security-focused), hand curated by myself.


Enumerate AWS API Permissions Without Logging to CloudTrail
#aws, #attack
Technical writeup for a bug found in the AWS API that allows to enumerate certain permissions for a role without logging to CloudTrail. It affects 645 different API actions across 40 different AWS services. There is also a companion Github repo with tooling.


Detecting abuse in the AWS control plane in an actionable way using Det{R}ails
#aws, #defend
Blog introducing Det{R}ails (CloudTrail in Details), a tool built on top of the ElasticStack which enriches CloudTrail events so to prioritize and identify risk classes.


Secure data in AWS with Key Management Service (KMS)
#aws, #explain
Guide explaining core KMS concepts and showing how to encrypt your data and scale your data access management uniformly across disparate data services.


Best practices for alerting on Kubernetes
#k8s, #defend
A step by step cookbook on best practices for alerting on Kubernetes platform and orchestration, including PromQL alerts examples.


Restrict a Container's Syscalls with Seccomp
#k8s, #defend
Tutorial explaining how to load seccomp profiles into a local Kubernetes cluster, how to apply them to a Pod, and how to begin crafting profiles that give only the necessary privileges to containers.


Consuming Secrets in Your OpenShift Applications Using HashiCorp Vault
#k8s, #build
How to run Vault Enterprise as a shared service outside an OpenShift Kubernetes cluster.

Tools


autocert
Autocert is a kubernetes add-on that automatically injects TLS/HTTPS certificates into your containers. Autocert exists to make it easy to use mTLS (mutual TLS) to improve security within a cluster and to secure communication into, out of, and between kubernetes clusters.


PrismX
Cloud Security Dashboard for AWS - based on ScoutSuite.


ROADtools
ROADtools is a framework to interact with Azure AD. It currently consists of a library (roadlib) and the ROADrecon Azure AD exploration tool.


k8s-security-demos
Demos for several kubernetes security features like Network Policies, Security Context, Pod Security Policies.


admission-webhook-example-with-openfaas
Use OpenFaaS functions as Kubernetes Validating Admission Webhook.

From the cloud providers


AWS Icon  Announcing AWS Budgets Actions
It is now possible to define the action you want to take in your account when a budget exceeds its threshold (actual or forecasted amounts).


AWS Icon  Use AWS PrivateLink to Access AWS Lambda Over Private AWS Network
AWS Lambda now supports AWS PrivateLink which lets you invoke Lambda functions securely from inside your virtual private cloud (VPC) or on-premises data centers without exposing traffic to the public Internet.


AWS Icon  Port forwarding sessions created using Session Manager now support multiple simultaneous connections
Port forwarding sessions created using Session Manager, a capability of AWS Systems Manager, now support multiple simultaneous connections over the session. This improvement reduces the rendering latency and improves load times for applications that load data using multiple concurrent connections, when delivering such applications over a port forwarding session.


AWS Icon  How to automate incident response in the AWS Cloud for EC2 instances
Solution presenting a pre-provisioned architecture for an incident response system that you can use to respond to a suspect EC2 instance.


AWS Icon  Use AWS Firewall Manager to deploy protection at scale in AWS Organizations
Step-by-step instructions to deploy and manage security policies across your AWS Organizations implementation by using Firewall Manager.


Azure Icon  Playbooks & Watchlists Part 2: Automate incident response for Deny-list/Allow-list
How to query an Azure Sentinel Watchlist using Azure Monitor Logs connector, and also how to use the output data.

Website
Twitter
Sponsor Me
View this email in your browser Copyright © 2019-present The Cloud Security Reading List.