Release Date: 07/02/2021 | Issue: 73
The Cloud Security Reading List is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape,
hand curated by Marco Lancini.

This week's articles


Cloud Security Table Top Exercises
#aws, #monitor, #defend
Really interesting table top exercises designed to start a conversation. Although they are focused towards AWS and not all of them will be applicable to every environment, I highly recommend to try them with your monitoring team.


A Practical Guide to Writing Secure Dockerfiles
#docker, #build
How to write secure Dockerfiles, and how to automate security checks as codified policies and validate them against the Dockerfiles to identify potential security risks before deploying them into production.


AWS Account Setup Guide
#aws, #build
A guide for configuring new AWS accounts with an emphasis on security, including customizable templates.


Best Practices for Serverless Endpoints on AWS
#aws, #build
How to choose a technology for exposing your Lambdas, how to get free and secure TLS/SSL certificates from AWS, and how to separate authentication and authorization logic from your business logic with custom authorizers.


Terraform Mono Repo vs. Multi Repo: The Great Debate
#terraform, #explain
Learn about the pros and cons of using mono repositories and multi repositories along with the most logical use case for each.


Run Prowler from AWS CloudShell in seconds
#aws, #defend
Using AWS CloudShell is now probably the easiest an quickest way to run Prowler in your AWS account.


The Missing Guide to AWS API Gateway Access Logs
#aws, #monitor
Deep dive on API Gateway access logs that covers just about everything you need to know on the subject, including: a deep dive on the fields to log, going from APIGW request to Lambda function logs, and avoiding common pitfalls.


Gating Access to Kubernetes API & Workloads with HashiCorp Boundary
#k8s, #build
Post covering the latest HashiCorp Boundary and Kubernetes integration and the access problems it solves.


Announcing HCP Consul General Availability
#aws, #build, #announcement
HCP Consul is now generally available on AWS. HCP Consul is a fully managed service mesh to discover and securely connect any service.

Tools


aws-allowlister
Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.


Mandiant-Azure-AD-Investigator
This repository contains a PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity.


okta_aws_account_access
List Okta account access to AWS IAM roles.

From the cloud providers


AWS Icon  Amazon Macie announces a slew of new capabilities
Including support for cross-account sensitive data discovery, scanning by Amazon S3 object prefix, improved pre-scan cost estimation, and added location detail in findings.


AWS Icon  AWS PrivateLink for Amazon S3 is Now Generally Available
AWS PrivateLink provides private connectivity between S3 and on-premises resources using private IPs from your virtual network.


GCP Icon  On-Demand Scanning
Google just launched On-Demand Scanning on GCP: it is now possible to scan local container images for vulnerabilities in your terminal as well as images already pushed to Container Registry and Artifact Registry.


GCP Icon  Introducing VM Manager: Operate large Compute Engine fleets with ease
Google announced VM Manager, a suite of infrastructure management tools to simplify and automate the maintenance of large fleets of Compute Engine VMs.


GCP Icon  Limiting public IPs on Google Cloud
How to use Organization Policies for restricting public IPs of VMs, VPN Gateways, Load Balancers, and GKE.


GCP Icon  The cloud trust paradox: 3 scenarios where keeping encryption keys off the cloud may be necessary
Three patterns where keeping the keys off the cloud may in fact be truly necessary or outweighs the benefits of cloud-based key management.


Azure Icon  Centralize your security response with Azure Sentinel & PagerDuty
Step by step walkthrough covering how to integrate and centralize your security response in Azure Sentinel with PagerDuty.

Website
Twitter
Sponsor Me
View this email in your browser Copyright © 2019-present The Cloud Security Reading List.