This week's articles
Cloud Security Table Top Exercises
#aws, #monitor, #defend
Really interesting table top exercises designed to start a conversation. Although they are focused towards AWS and not all of them will be applicable to every environment, I highly recommend to try them with your monitoring team.
A Practical Guide to Writing Secure Dockerfiles
How to write secure Dockerfiles, and how to automate security checks as codified policies and validate them against the Dockerfiles to identify potential security risks before deploying them into production.
AWS Account Setup Guide
A guide for configuring new AWS accounts with an emphasis on security, including customizable templates.
Best Practices for Serverless Endpoints on AWS
How to choose a technology for exposing your Lambdas, how to get free and secure TLS/SSL certificates from AWS, and how to separate authentication and authorization logic from your business logic with custom authorizers.
The Missing Guide to AWS API Gateway Access Logs
Deep dive on API Gateway access logs that covers just about everything you need to know on the subject, including: a deep dive on the fields to log, going from APIGW request to Lambda function logs, and avoiding common pitfalls.