#aws, #build, #defend

Walkthrough of the process for configuring a production-grade AWS account structure, including how to manage multiple environments, users, permissions, and audit logging. In addition, this post discusses how to implement a Landing Zone solution that lets spin up new AWS accounts that all implement a security baseline that enforces company policies.

#k8s, #defend

Useful tips to implement SOC 2 compliance for containers and Kubernetes.

#vault, #build

Recommended Patterns for Vault users like Unseal, usage of AppRole, etc.

#terraform, #build

How to use the features built into Terraform Enterprise that help manage infrastructure as code in air gapped networks.

#ci/cd, #defend

Good security practices for using GitHub Actions features.

#azure, #defend

GitHub Advanced Security now supports the ability to analyze code for semantic vulnerabilities from within third-party CI pipelines (previously available exclusively with GitHub Actions). This post walks through a simple implementation of Code Scanning in an Azure DevOps CI pipeline with a node application using the YAML editor.

#gcp, #docker, #defend

How to add inline image scanning to a Google Cloud Build pipeline and how to customize scanning policies to stop the build if a high-risk vulnerability is detected.

#azure, #attack, #defend

Post introducing some Cyber Range options that automatically deploy into Microsoft Azure: Azure HELK, Azure Velociraptor, PurpleCloud.

#aws, #explain

Interesting study on AWS IP allocation. It seems like they have allocated roughly 53 Million IPv4 addresses to existing AWS services, out of the total of all their IPv4 addresses combined (~100 Million). Just over $2.5 billion worth of IPv4 addresses, not bad!.

#aws, #explain

Very well thought post which outlines facts to take into account in case you were wondering of adopting IPv6 within your VPCs.

Reverse-engineer a Dockerfile from a Docker image.

A simple daemon for enhancing available outputs for Falco. It takes a falco's event and forwards it to different outputs.

The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account AWS environments on an ongoing basis. The configuration file enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.

AWS Nitro Enclaves has launched. You can now create secure and highly-isolated enclaves attached to an EC2 instance, with integration with KMS and ACM too.

ACM now supports host-terminated TLS on EC2 via Nitro Enclaves. Use TLS on an EC2 host without the pain of managing the certificate.

The ALB Ingress Controller is now the AWS Load Balancer Controller, and includes support for both Application Load Balancers and Network Load Balancers. The new controller enables you to simplify operations and save costs by sharing an Application Load Balancer across multiple applications in your Kubernetes cluster, as well as using a Network Load Balancer to target pods running on AWS Fargate.

AWS Shield now provides global and per-account event summaries to all AWS customers. These summaries provide you an overview of all events detected by AWS Shield, such as Distributed Denial of Service (DDoS) attacks and other volumetric anomalies, for each of your accounts and for all events detected and mitigated on AWS.

IAM Access Analyzer generates comprehensive findings to help you identify resources that grant public and cross-account access. Now, you can also apply archive rules to existing findings, so you can better manage findings and focus on the findings that need your attention most.

How to use Amazon Cognito custom authentication flow to integrate Duo MFA into a sign-in flow.

Amazon API Gateway now supports disabling the default, auto-generated REST API endpoint. This feature is intended for customers who use custom domain names for REST APIs and want to ensure that all traffic to their API only goes through the custom domain name and not the default endpoint.

Google Cloud Security Talks is a live online event on November 18th, with talks focusing on cloud security topics like the latest Google Cloud security announcements, network security, Confidential Computing, and Security Command Center.

Google introduced a new version of the Cloud Shell Editor, immediately available in preview on ide.cloud.google.com and powered by the Eclipse Theia IDE platform. This new version extends Cloud Shell with an online development environment that includes: Cloud-native development via Cloud Code plugin support, language support for Go/Java/ .Net/Python/NodeJS, and additional features such as integrated source control and support for multiple projects.

Google recently released a new Cloud Key Management Service Deep Dive whitepaper to help you make informed decisions about cloud key management. Discussing Google Cloud’s Key Management Service (Cloud KMS) platform and generally available key management capabilities, this paper can help you understand the options you have to protect your keys and other sensitive information you store in Google Cloud.

Google announced a Cloud IAM integration and the enablement of PostgreSQL Audit Extension (pgAudit), both available in preview for Cloud SQL for PostgreSQL.