A hands-on walk-through of the the easiest way to set up and govern a secure, compliant, multi-account AWS environment based on best practices.

How to leverage a nightly ECS container with an attached EFS (which itself is backed up via AWS Backup) for backing up your personal Gmail and GDrive automatically.

Deep dive into how to use ACLs and templating policies as guardrails, with concrete policy examples.

Learn how the domain model works in HashiCorp Boundary and how it approaches IAM.

How to use Azure Monitor for containers to automatically transfer container logs to a Log Analytics workspace.

Walkthrough of the process of automating the issuance and renewal of certificates provided by Let's Encrypt for Kubernetes Ingress using the cert-manager add-on.

How to use Vault to store secrets and integrate the ability to retrieve secrets from Vault with Jupyter Notebooks to assist in automating security operations.

Single-purpose website for tracking the progress of rootless container support in various projects.

A MITRE ATT&CK Navigator export for AWS GuardDuty Findings.

A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources.

Repository providing a security policies library that is used for securing Kubernetes clusters configurations. The security policies are created based on CIS Kubernetes benchmark and rules defined in Kubesec.io.

cloudquery transforms your cloud infrastructure into queryable SQL tables for easy monitoring, governance and security.

IAMFinder enumerates and finds users and IAM roles in a target AWS account. See relevant blog post.

With Code Signing for Lambda, administrators can configure Lambda functions to only accept signed code on deployment. When developers deploy signed code to such functions, Lambda checks the signatures to ensure the code is not altered or tampered. It is also already supported by Terraform.

How to use the new VPC flow feature in Detective to investigate findings from Amazon GuardDuty.

How to set up centralized monitoring for Shield Advanced–protected resources across multiple AWS accounts by using Firewall Manager and Security Hub. This enables you to manage resources that are out of compliance from your security policy and to view DDoS events that are detected across multiple accounts in a single view.

How to create an AWS Lambda function to automatically update Amazon VPC security groups with CloudFront service IP ranges to permit only CloudFront to access the origin.

AWS Security Hub is now integrated with AWS Organizations, making it possible to delegate any account in an organization as the Security Hub administrator and centrally view security findings from up to 5,000 AWS accounts.

How to automate the cross-account response and remediation lifecycle from executing the remediation action to resolving the findings in Security Hub and notifying users of the remediation via SNS.

AWS discussing their guiding principles for Zero Trust, and how they have woven these principles into the fabric of the AWS cloud.

With the Cloud Balancing integration for serverless platforms, you can now fine tune lower levels of your networking stack. This article explains the use cases for this type of set up and builds an HTTPS load balancer for Cloud Run from the ground up using Terraform.