How to design a state of the art multi-account security logging platform in AWS. (disclaimer: I did write this post).

Insights into what tools are used by cloud native practitioners, and more importantly why.

A collection of useful resources to read to learn more about Kubernetes.

A first draft of an ATT&CK for Containers matrix has been proposed.

A very useful list of all (or at least some of) the AWS calls that return credentials.

The operator is tailored to the idea of managing Terraform Cloud Workspaces through Kubernetes CustomResourceDefinitions (CRDs).

What admission controllers are in Kubernetes and how their webhooks can be used to implement image scanning.

How to get Let's encrypt working with a default setup of MicroK8s and provision a real certificate for a real domain.

A thread discussing actionable points to improve resilience of your AWS accounts.

Repository hosting the libsinsp, libscap, the kernel module driver, and the eBPF driver sources.

This project helps you keep track of all your software and tools that are used or running in and around your Kubernetes platform. It helps you with part of the lifecycle management to keep your software up to data for feature completeness, security or compliance reasons.

A page containing resources for threat modelling a Kubernetes cluster.

How to deploy a solution that helps automate the Active Directory join and unjoin process for EC2 instances that don't have internet access.

Config now supports the ability to use a KMS key or alias Amazon Resource Name (ARN) that you provide, to encrypt the data delivered to an S3 bucket.

How to set up weekly email notifications using Security Hub to provide account owners with a summary of the existing security findings to prioritize new findings, and links to the Security Hub console for more information.

GKE Autopilot gives you a fully managed, hardened Kubernetes cluster out of the box, for true hands-free operations.

How to use identity federation to allow an AWS user or role to impersonate a service account.

Service Directory allows you to easily register services to a single fully managed registry, build a rich ecosystem of services, and uplevel your environment from an infrastructure-centric to a service-centric model.

Deep dive article that explains how to get started in Cloud Discovery from Microsoft Cloud App Security.

How to handle false positives in scheduled analytics rules for Sentinel.

This article describes confidential computing, the architecture of Inclavare Containers, and the development status and planning of Alibaba Cloud ACK-TEE.

Part 1 of a 2-part series discusses why identity solutions are essential for organizations to begin their cloud-based setup.