This week's articles
How to configure a production-grade AWS account structure using Gruntwork AWS Landing Zone
#aws, #build, #defend
Walkthrough of the process for configuring a production-grade AWS account structure, including how to manage multiple environments, users, permissions, and audit logging. In addition, this post discusses how to implement a Landing Zone solution that lets spin up new AWS accounts that all implement a security baseline that enforces company policies.
Image scanning for Google Cloud Build
#gcp, #docker, #defend
How to add inline image scanning to a Google Cloud Build pipeline and how to customize scanning policies to stop the build if a high-risk vulnerability is detected.
AWS and their Billions in IPv4 addresses
#aws, #explain
Interesting study on AWS IP allocation. It seems like they have allocated roughly 53 Million IPv4 addresses to existing AWS services, out of the total of all their IPv4 addresses combined (~100 Million). Just over $2.5 billion worth of IPv4 addresses, not bad!.
Getting started with IPv6 on AWS
#aws, #explain
Very well thought post which outlines facts to take into account in case you were wondering of adopting IPv6 within your VPCs.
|
|
Tools
dfimage
Reverse-engineer a Dockerfile from a Docker image.
falcosidekick
A simple daemon for enhancing available outputs for Falco. It takes a falco's event and forwards it to different outputs.
aws-secure-environment-accelerator
The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account AWS environments on an ongoing basis. The configuration file enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
|
|
From the cloud providers
Introducing the AWS Load Balancer Controller
The ALB Ingress Controller is now the AWS Load Balancer Controller, and includes support for both Application Load Balancers and Network Load Balancers. The new controller enables you to simplify operations and save costs by sharing an Application Load Balancer across multiple applications in your Kubernetes cluster, as well as using a Network Load Balancer to target pods running on AWS Fargate.
Streamline existing IAM Access Analyzer findings using archive rules
IAM Access Analyzer generates comprehensive findings to help you identify resources that grant public and cross-account access. Now, you can also apply archive rules to existing findings, so you can better manage findings and focus on the findings that need your attention most.
Amazon API Gateway now supports disabling the default REST API endpoint
Amazon API Gateway now supports disabling the default, auto-generated REST API endpoint. This feature is intended for customers who use custom domain names for REST APIs and want to ensure that all traffic to their API only goes through the custom domain name and not the default endpoint.
New Cloud Shell Editor: Get your first cloud-native app running in minutes
Google introduced a new version of the Cloud Shell Editor, immediately available in preview on ide.cloud.google.com and powered by the Eclipse Theia IDE platform. This new version extends Cloud Shell with an online development environment that includes: Cloud-native development via Cloud Code plugin support, language support for Go/Java/ .Net/Python/NodeJS, and additional features such as integrated source control and support for multiple projects.
Cloud Key Management Service deep dive
Google recently released a new Cloud Key Management Service Deep Dive whitepaper to help you make informed decisions about cloud key management. Discussing Google Cloud’s Key Management Service (Cloud KMS) platform and generally available key management capabilities, this paper can help you understand the options you have to protect your keys and other sensitive information you store in Google Cloud.
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌 If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|