Release Date: 07/03/2021 | Issue: 77
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

This week's articles

Internet-Scale analysis of AWS Cognito Security   #aws, #attack
White-paper containing methodology and results of an internet-scale security analysis of AWS Cognito configurations. The research identified 2500 identity pools, which were used to gain access to more than 13000 S3 buckets (which are not publicly exposed), 1200 DynamoDB tables and 1500 Lambda functions.

Downloading and Exploring AWS EBS Snapshots   #aws, #attack
Blog showing how to download and search EBS snapshots locally, and introducing a new Python library called dsnap, as well as a new ebs__download_snapshots Pacu module.

Inline IaC scanning and fixes with the Checkov Visual Studio Code extension   #iac, #develop
BridgeCrew released an opensource Visual Studio Code extension for Checkov, which provides real-time IaC security and compliance scanning and inline fixes.

A Quick Look at GKE Autopilot (in 15 minutes)   #gcp, #k8s, #explain
I was curious to take a look at GKE Autopilot, so if you don't have time to play with it, I did it for you. (disclaimer: I did write this post)

Testing HashiCorp Terraform   #terraform, #build
Testing strategies for HashiCorp Terraform modules and configuration, and learn how to run tests against infrastructure.

OpenShift security best practices for K8s cluster design   #k8s, #defend
Must-know best practices for Red Hat OpenShift security when designing your Kubernetes clusters on OCP.

Securing Istio workloads with mTLS using cert-manager   #k8s, #build
cert-manager is the de facto solution for managing certificates in Kubernetes, and it can now be used to secure workloads in an Istio service mesh with mTLS, using an issuer of your choice.

A Kubernetes User's Guide to HashiCorp Nomad   #k8s, #explain
This for me was a very interesting article describing the equivalent terminologies, comparisons, and differentiations between HashiCorp Nomad and Kubernetes.

Hackers as Cloud Customers   #aws, #azure, #attack
How SolarWinds hackers used AWS and Azure to host their infrastructure.


Assume AWS IAM roles from GitHub Actions workflows with no stored secrets.

rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.

A GitHub action that scans Azure resources for policy violations.


Compliance as Code
A collection of tools to manage compliance as code for Terraform, CloudFormation, Docker, and Kubernetes.

Sponsor CloudSecList

If you want to get yourΒ productΒ or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
πŸ“¨ [email protected] πŸ“¨

From the cloud providers

AWS Icon  Automate Amazon EC2 instance isolation by using tags
How to automate isolation of an EC2 instance by using a Lambda function that's triggered by tag changes on the instance, as reported by CloudWatch Events.

AWS Icon  How to protect sensitive data for its entire lifecycle in AWS
How to design a method to protect sensitive data for its entire lifecycle in AWS. This method can help enhance your data security posture and be useful for fulfilling the data privacy regulatory requirements applicable to your organization for data protection at-rest, in-transit, and in-use.

AWS Icon  How ERGO implemented an event-driven security remediation architecture on AWS
By implementing this event-driven solution, ERGO was able to increase and maintain automated compliance with CIS AWS Foundation Benchmark Standard to about 95%. The remaining findings were evaluated on case basis, per specific Project requirements. This measurable improvement in ERGO compliance posture was achieved with an end-to-end serverless workflow.

AWS Icon  Essential security for everyone: Building a secure AWS foundation
How teams of all sizes can gain access to world-class security in the cloud without a dedicated security person in their organization.

AWS Icon  AWS Config now supports Amazon container services
AWS Config now supports ECS, ECR, and EKS in all AWS Regions. With this launch, you can now use AWS Config to monitor configuration data for container-based resources in your AWS account, such as monitoring configuration changes to EKS cluster settings and tracking compliance for cluster configurations.

GCP Icon  New Google Cloud firewall features
Google Cloud's hierarchical firewall policies provide new, flexible levels of control so that you can benefit from centralized control at the organization and folder level, while safely delegating more granular control within a project to the project owner.

GCP Icon  Easy access to your GKE logs from the Cloud Console
Now both logs and metrics are available directly from the GKE Cluster pages. Logs on the details pages are all automatically scoped to the Kubernetes resource to help surface relevant logs quickly.

GCP Icon  Google Cloud is delivering the industry's most Trusted Cloud
Google introduced their Trusted Cloud requirements: a secure platform that delivers transparency and enables sovereignty, a proven zero-trust architecture, and a shared fate, not shared responsibility.

GCP Icon  Inventory management with BigQuery and Cloud Run
Many people think of Cloud Run just as a way of hosting websites. Cloud Run is great at that, but there's so much more you can do with it. Here we'll explore how you can use Cloud Run and BigQuery together to create an inventory management system.

Azure Icon  Azure Arc enabled Kubernetes is now Generally Available
Azure Arc enabled Kubernetes enables you to attach any CNCF-conformant Kubernetes cluster to Azure for management. Your clusters can run anywhere, and if they have connectivity to Azure, onboarding is as easy as deploying the Azure Arc cluster agents using the Azure CLI extension.

Azure Icon  Cloud SIEM Innovations from Azure Sentinel
Learn about the latest innovations in the Azure Sentinel cloud SIEM solution at Microsoft Ignite 2021. Respond to threats more quickly with cloud SIEM + XDR, enhanced security automation, Jupyter Notebooks and more.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present, CloudSecList by Marco Lancini.